H

A record

A Domain Name System (DNS) record mapping a host name to an Internet Protocol (IP) address.

Overview

Also known as Address records, A records are the most common type of DNS records in name server databases. A records are used to resolve queries where host names need to be translated into IP addresses in order to establish network communications with the target host.

Examples

A typical A record looks like this:

MARGE    IN    A    172.16.22.155

Here, MARGE is the friendly name of the host, IN indicates the record is part of the Internet family (the default), A indicates the type of resource record (address record), and the IP address for MARGE is last.

See Also DNS ,resource record (RR)

A6 record

A Domain Name System (DNS) record for identifying Internet Protocol version 6 (IPv6) hosts on a network.

Overview

The A6 record is used to map a host's name to its 128-bit IPv6 address. To use this record, a host on an IPv6 network can query a name server by specifying the name of a target host, and the name server responds to the query by returning the IPv6 address of the target host. The "A" in A6 stands for address.

Examples

If the name of a host is BART and the IPv6 address is 3dd4:2500:12af:0302:edef:6d52, then the A6 record would be

BART    3dd4:2500:12af:0302:edef:6d52

Notes

A6 records are supported on BIND version 9.

See Also DNS ,resource record (RR)

AAA

Sometimes called triple-A; stands for Authentication, Authorization, and Accounting, a security framework for controlling access to network resources.

Overview

The three components of an AAA system are the following:

• Authentication: This is the process by which users are identified as being entitled to access specific network resources.

• Authorization: This process determines the level of access a user has to a specific resource.

• Accounting: This process determines which resources are being used and who uses them.

An AAA Server is a server providing authentication, authorization, and accounting services for a network. In a typical AAA implementation, users connect to an access server (for example, a Cisco router) using an authentication protocol such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). The access server then interacts with the AAA server; for instance, Cisco Secure using security protocols such as Kerberos, Remote Authentication Dial-In User Service (RADIUS), or Terminal Access Controller Access Control System (TACACS). Cisco AAA protocols can then be configured on the access server using Internetwork Operating System (IOS) and applied to a particular interface.

See Also network security

AAAA record

Sometimes called quad-A, a Domain Name System (DNS) resource record that helps transition networks from Internet Protocol (IP) to IPv6.

Overview

The Internet Engineering Task Force (IETF) has developed several enhancements to DNS to help network managers migrate their IP networks to IPv6. These enhancements are outlined in RFC 1886. The AAAA record is one such item, and maps a 32-bit IP address to a newer 128-bit IPv6 address.

AAAA records are supported by Berkeley Internet Name Daemon (BIND) 4.9.5 and later. When networks are fully migrated to IPv6, AAAA records can be replaced by A6 records, which are supported in BIND 9.

See Also DNS ,resource record (RR)

AAL

Stands for ATM Adaptation Layer, an Asynchronous Transfer Mode (ATM) protocol that performs the functions of the Open Systems Interconnection (OSI) model's Data Link layer.

See Also ATM Adaptation Layer (AAL)

AATP

Stands for Authorized Academic Training Provider, a Microsoft training program offered to accredited academic institutions.

See Also Authorized Academic Training Provider (AATP)

Abilene

An advanced high-speed backbone network that was developed to support the Internet2 initiative.

Overview

Abilene was developed through a partnership between Cisco Systems, Nortel Communications, and Quest Communications and is a project of University Corporation for Advanced Internet Development (UCAID). Abilene's goal is to provide an advanced high-speed backbone for research and development testing of advanced applications relating to Internet2 prior to their intended real-world deployment. To this end, Abilene provides a high-speed Synchronous Optical Network (SONET) and Internet Protocol (IP)-over-SONET backbone network that connects gigaPOPs (high-speed regional network aggregation points of presence) scattered around the world. For an administrative fee, universities and other institutions conducting Internet2 research can connect to Internet2 through Abilene's gigaPOPs for research and development purposes.

Abilene is wholly funded by university and corporate agencies affiliated with the Internet2 research project, but Abilene also supports the U.S federal Next Generation Internet (NGI) initiative and connects with the very high performance Backbone Network Service (vBNS) and other federal research networks.

For More Information

Find out more about Abilene at www.ucaid.org/abilene.

See Also Internet2

absolute path

The hierarchical path that locates a file or folder in a file system starting from the root.

Overview

A file's absolute path enables that file's location to be precisely specified, independent of where the user's current directory is located. In Microsoft Windows, a file's absolute path is specified starting with a drive letter, followed by the hierarchy of directories in which the file is contained (with each directory separated by a backslash) and concluding with the exact filename. For example, on a computer running Windows Millennium Edition (Me), the absolute path to the executable for the game of Solitaire, which is typically located in the Windows directory on the C drive, would be the following:

C:\Windows\sol.exe

If the user opens a command prompt and the current directory is C:\Windows, the user can simply type sol.exe to run the Solitaire program. From any other current directory though, the user must either type the absolute path to execute the program, or specify the relative path from the current directory to the executable file.

On UNIX platforms, path names are specified using forward rather than backward slashes and absolute paths do not start with a drive letter. For example, the absolute path to the file script12, located in the /bin subdirectory of the /usr directory, would be

/usr/bin/script12

See Also relative path ,Universal Naming Convention (UNC)

Abstract Syntax Notation One (ASN.1)

A standard from the International Standards Organization (ISO) that provides a mechanism for encoding human-readable symbols into condensed binary form.

Overview

Abstract Syntax Notation One (ASN.1) is a standard with several real-world uses:

• In X.400, it provides a standard way of formatting and encoding X.400-based e-mail messages for transmission over a network.

• In Simple Network Management Protocol (SNMP), the Management Information Base (MIB) is specified in ASN.1 notation.

More generally, ASN.1 is a method of specifying abstract objects that are intended for any form of serial transmission. ASN.1 is also used for defining objects in MIB files for SNMP.

ASN.1 is similar in syntax to a programming language, and it allows the definition of different data types, data structures, arrays, classes, and other structures similar to those found in the C++ programming language. The presentation layer (Layer 6) of the Open Systems Interconnection (OSI) reference model uses ASN.1 as the standard for specifying the syntax of information exchanged between applications at this layer. ASN.1 data types can be either simple or structured. An example of a definition of a simple data type and its value might be

EmployeeAddress ::= ISO646STRING    "99     Microsoft Way"

A more complex structured data type might be

EmployeeRecord ::= SET {  name     [0]ISO646STRING  "Bob Smith"  title    [1]ISO646STRING  "Support Specialist"  idNumber [2]INTEGER       "116427"     }

ASN.1 data structures are encoded as octets in hexadecimal notation. These structures are then transmitted over the network as binary information.

Notes

Microsoft Exchange Server uses ASN.1 for its X.400 Connector to provide standards-based connectivity with foreign X.400 messaging systems.

See Also Simple Network Management Protocol (SNMP) ,X.400

acceptable use policy

A policy created by management to specify acceptable usage for corporate network services as well as the consequences of violating these standards.

Overview

Acceptable use policies have lately become an important feature of corporate IT (information technology) culture for a number of reasons, but mainly because of the widespread implementation of Internet access for desktop users. Management often becomes concerned about the possibilities of employees surfing the Internet for personal use on company time, using company e-mail to send personal messages, sending spam or mail bombs, and so on. Another concern is management's possible legal liability if employees should access illegal or pornographic material on the Internet using their corporate Internet accounts.

Even if a company does not provide desktop Internet access for its employees, it should still have an acceptable use policy governing access to shared network resources such as file servers and color laser printers. To be effective, an acceptable use policy needs to have the following characteristics:

• Acceptable and unacceptable usage must be simply and clearly explained in the policy.

• A graded series of consequences of unacceptable usage must be clearly stated in the policy.

• The policy itself must be clearly visible in employees' work areas.

• Management should regularly call employees' attention to the policy.

In addition, users should be informed if management is utilizing monitoring practices such as logging all employee Internet access or archiving all employee e-mail. Management should consult its legal department in the drafting of an acceptable use policy, and this policy should be reviewed frequently and kept up-to-date as corporate network access evolves.

See Also security

access

Generally, the process of connecting to and using resources on a network.

Overview

To provide a user with access to network resources, permissions must first be granted to the user. For example, if a user is granted the read permission (and only this permission) for a file on the NTFS file system (NTFS), the user is said to have read-only access to the file. An important part of a network administrator's job is to configure appropriate levels of access control-that is, to manage access to network resources such as shared files, printers, and applications so that

• Users who need access to these resources have the appropriate level of access to them

• Users who do not need access to the resources-as well as distrusted users or hackers-are prevented from accessing them

Examples

In Microsoft Windows 2000, when a user or process attempts to access an object such as a file on an NTFS volume, a component of the Windows 2000 operating system called the Security Reference Monitor compares the access token attached to the process with the access control list (ACL) attached to the object. Through this comparison, the Security Reference Monitor determines whether to grant access to the user or process.

See Also access control ,access control list (ACL) ,access list

access control

Any mechanism that controls who can access securable objects and what actions they can perform on them.

Overview

Securable objects are objects whose access can be controlled by an operating system. For example, in Microsoft Windows 2000, Windows XP, and Windows .NET Server, the following are a few of the types of objects that can be secured:

• File system objects such as files and directories

• Service objects (installed services)

• Printer and print server objects

• Registry keys

• Shared directories

• Directory service objects in Active Directory directory service

• Objects exposed to Windows Management Instrumentation (WMI)

• Security provider objects

• Kernel objects such as processes, threads, jobs, semaphores, events, mutexes, named pipes, access tokens, and such

Access control consists of those mechanisms used to control access to the various types of securable objects listed above. In Windows 2000, Windows XP, and Windows .NET Server, access control is performed mainly through the assignment of permissions and rights.

Permissions are assigned to an object to determine who can access that object and at what level. Permissions can be set by an administrator or by the owner of the object. The kind of permission that can be applied depends on the type of object. Some of the objects to which permissions can be applied include

• NTFS file system (NTFS) objects such as files, folders, and volumes

• Local system objects such as processes and programs

• Local or Active Directory objects such as user, group, and printer objects

The issue of inheritance is related to permissions. When permissions are assigned to a folder on an NTFS volume, they are also inherited by default by all existing child folders and files within the folder, and by any new child folders or files created later. Similarly, when permissions are assigned to a container in Active Directory, they are also inherited by default by all existing child objects within the container and by any new child objects created later.

Rights are assigned to user or group accounts to provide them with authorization to perform a specific system task, such as backing up a volume, shutting down the system, or logging on to the console interactively. Rights are most often assigned to groups rather than individual users to simplify administration. Rights can be specified at either the local or domain level.

Another aspect of access control is the issue of ownership. When a user creates an object in Active Directory or a file on an NTFS volume, that user becomes the owner of that object or file. The owner has the right to set and modify the permissions of the object. Every object in Active Directory and every file or folder on an NTFS volume has an owner.

One additional aspect of access control is the issue of auditing. Files and folders on an NTFS volume can be audited to keep track of failures or successes in accessing them. This can be important in detecting security breaches in your network.

Notes

When assigning permissions to objects in Active Directory, you can assign them either to the object itself (and therefore to all its attributes) or to specific attributes of the object. For example, you could allow all users to have read access to the Phone Number attribute of users in Active Directory, while granting the clerical group read/write access to that attribute so that they can modify users' phone numbers if necessary.

See Also access control list (ACL) ,auditing owner, permissions

access control entry (ACE)

A single entry in an access control list (ACL).

Overview

An access control entry (ACE) is part of an ACL applied to an object, and it contains information that is used to control that object's access. Both discretionary access control lists (DACLs) and system access control lists (SACLs) consist of sequential lists of ACEs. For example, an ACE could specify the access or auditing permissions to an object in Active Directory directory service or on a volume formatted using the NTFS file system (NTFS) for a particular user or group.

Access control entry (ACE). A simplified example.

An ACE generally specifies two kinds of information:

• The security identifier (SID) of the security principal (user, group, or computer) to which the ACE applies

• The level of access to the object permitted for that security principal

An access mask specifying the possible permissions that can be assigned to the object is included with each ACE. An ACE can provide one of the following:

• Discretionary access control for explicitly granting or denying access to a specific user or group (AccessAllowed and AccessDenied entries)

• System security access control for generating security audit logs (SystemAudit entry)

See Also access control list (ACL) ,access mask

access control list (ACL)

Any mechanism for implementing access control on a file system object, directory object, or other operating system object.

Overview

Access control lists (ACLs) are a feature of most operating systems and provide a flexible and granular method for securing different operating system objects. This article will look at two examples of ACL implementations: Microsoft Windows 2000 and Sun Microsystems' Solaris operating system.

ACLs are incorporated into the basic operating system architecture of Windows 2000 and Windows NT operating system platforms and are used to control access to objects in Active Directory directory service as well as files on NTFS file system (NTFS) volumes. An ACL is basically a list attached to an object specifying which security principals (users, groups, computers, and so on) are allowed to access the object and what level of access they are allowed to have.

In Windows 2000, ACLs are more properly called discretionary access control lists (DACLs) because administrators can configure and manage them at their discretion. There's also another type of ACL in Windows called a system access control list (SACL), which is used to control the generation of audit messages when object auditing has been configured on a file system.

In traditional UNIX environments, access to file system objects is controlled using the Chmod (change mode) command, which allows read, write, and execute permissions to be allowed or denied for three different entities: the user (owner), the other users that belong to the same group as the user (group), and every other user on the system (other). This permission-based access control mechanism is extremely limited, and as a result most UNIX systems implement ACLs as an alternative method for securing files and other operating system objects.

Sun's UNIX-based Solaris operating system first implemented ACLs in version 2.5.1. These ACLs can be used to control access to files on various different file systems, including:

• UNIX File System (UFS)

• Network File System (NFS) version 2 and higher

• Loopback File System (LOFS)

• Cache File System (CacheFS)

In Solaris, ACLs can be applied to files, directories, and symbolic links, and default permissions can be defined for directories to give all newly created files in the directory the same ACLs. To set and display access control lists on Solaris, use the setfacl and getfacl commands.

ACLs are also available as third-party software for other UNIX platforms. Other UNIX packages and add-ons may use different commands such as setacl and getacl.

See Also access control entry (ACE) ,discretionary access control list (DACL) ,system access control list (SACL)

Accessibility Options

A utility in Control Panel for most versions of Microsoft Windows that allows you to adjust the behavior of the keyboard, mouse, and display to suit the needs of individuals with impaired eyesight, hearing, or motor skills.

Overview

Accessibility Options are part of Microsoft Corporation's initiative to provide access to computer technology to all individuals, regardless of their physical impairments. Settings for Accessibility Options include the following:

• StickyKeys: Makes it possible to use a key combination such as Ctrl+Alt+Delete without pressing more than one key at a time

• FilterKeys: Makes it more difficult to bounce keys by telling the system to ignore brief or repeated keystrokes

• ToggleKeys: Generates sounds when certain toggle keys, such as Caps Lock, are turned on

• SoundSentry: Flashes a specified part of the screen when the system generates sounds

• ShowSounds: Displays icons or text captions to accompany the sounds that programs generate

• HighContrast: Makes reading text easier

• MouseKeys: Controls the pointer using the numeric keypad

• SerialKey: Enables the use of alternative input devices connected to the computer's serial port instead of the keyboard and mouse

  

  Accessibility Options. Accessibility Options in Windows 2000.

Windows includes an additional wizard called the Accessibility Wizard that allows you to configure accessibility options on your computer. Additional accessibility utilities include Magnifier, Narrator, and On-Screen Keyboard.

For More Information

Microsoft product documentation and books from Microsoft Press are available in alternative formats from Recording for the Blind and Dyslexic and the Microsoft Accessibility and Disabilities Group.

You can find out about the Microsoft Accessibility and Disabilities Group at www.microsoft.com/enable.

Visit the site of Recording for the Blind and Dyslexic at www.rfbd.org

See Also Accessibility Wizard

Accessibility Wizard

A Microsoft Windows utility for configuring a computer for individuals with impaired visual or motor skills.

Overview

Accessibility Wizard is an alternative to Accessibility Options for configuring computers for individuals with disabilities. To start the Accessibility Wizard, choose Accessories from the Start menu. Then, from the Accessibility program group, choose Accessibility Wizard. Note that in Windows Millennium Edition (Me), you might have to install the Accessibility Tools to gain access to the wizard.

Accessibility Wizard. The Accessibility Wizard for Windows 98.

The wizard leads the user through a series of questions concerning his or her disability and configures mouse, keyboard, and display properties to meet that person's particular need. This tool gives administrators the ability to configure workstations for individuals with physical impairments by leading the user through a series of screens that the user can then respond to in real time. Using the Accessibility Wizard is generally more convenient than using the Accessibility Options property sheet to configure accessibility settings. The wizard's final screen lists the accessibility options that have been enabled.

See Also Accessibility Options

access list

A mechanism by which routers can determine which packets should be forwarded and which should be blocked.

Overview

Routers route packets to their destination by examining the destination address of packets received and then determining which port the packet should be forwarded to. However, sometimes packets should not be forwarded to their destinations at all or should be forwarded to different ports using criteria other than a simple destination address. For example, certain incoming packets may constitute a security hazard to the network and should be blocked and dropped. Load balancing may require that packets be distributed across multiple ports in round-robin fashion instead of delivered to a fixed address. And certain types of traffic have high priority and need special handling. Access lists are a mechanism for handling these issues and provide a packet filtering capability that enhances the power and functionality of routers.

An access list is basically an ordered (sequential) series of rules or filters, each of which either permits or denies the flow of packets across an interface depending on the rule's nature and the packet's contents. When a packet arrives at an interface on which an access list has been created and applied, the rules in the list are applied to the packet in order from the top of the list downward. If the packet's contents match the conditions in a rule, that rule is applied and the packet is either forwarded or dropped. If a rule does not apply, the next rule in the list is tried until either a match is found and the packet processed or the end of the list is reached and the packet is finally dropped (in other words, there is an implicit "deny all" at the end of every access list).

You should consider several things when using access lists to filter packets through a router:

• For an access list to function, it must first be created in the router's memory and then explicitly assigned to a router interface.

• When an access list is applied to an interface, the access list's direction must be specified. That is, you must decide whether the access list will be applied to inbound traffic, outbound traffic, or both.

• The order in which the rules are organized within an access list is important. Two access lists with identical rules but in different order can have significantly different effects.

• Each rule either permits a matching packet to be forwarded or denies a packet from being forwarded.

• By default, an access list implicitly denies everything. In other words, when a packet is being processed by an access list, if a match occurs that allows the packet to be forwarded, the packet is allowed to pass across the interface. If no match is found (the contents of the packet do not explicitly match any of the criteria specified in the rules within the access list), the packet is blocked from passing over the interface and is thus dropped by the router.

Examples

The Internetwork Operating System (IOS) by Cisco Systems, the operating system used by all Cisco routers, has commands for creating access lists and applying them to an interface. IOS supports two different types of access lists:

• Standard: A standard access list filters packets based only on their source address.

• Extended: An extended access list filters packets based both on their source address and on a number of other criteria including destination address, protocol type, traffic priority, and application type.

A simple example of an IOS access list rule that allows traffic from source address 172.16.15.33 to pass across a specified interface would be

access-list 1 permit host 172.16.15.33

Here the number "1" specifies that this rule is part of the first access list created on the router, and all rules that have this number belong to the same list. Access list numbers identify what kind of access list is used (see the table).

To take another example, if your network is class C and has addresses belonging to the 172.16.44.0 network, to allow stations on your network to have unrestricted access to the Internet through your packet-filtering router, you could use the rule

access-list 1 permit 172.16.44.0 0.0.0.255

Note that 0.0.0.255 is the binary complement of the default subnet mask of your class C network (255.255.255.0).

As a final example, the following access list blocks incoming traffic from the malicious host 133.16.1.11 but allows all other traffic to enter through the router:

access-list 1 deny host 133.16.1.11 log access-list 1 permit any

The log keyword specifies that all packets dropped from the malicious host will be logged in the router log and can be viewed using the IOS logging console.

IOS access lists can be created using a simple ASCII text editor and transferred to the router using Trivial File Transfer Protocol (TFTP) or some other mechanism. The Interface command is used to apply an access list to an interface once the list has been created, and the Access-group command is used to specify the direction over the interface for which the list applies.

Notes

One limitation of IOS access lists is that if you want to modify a list by removing or changing a statement in the middle of the list, you cannot. Instead you must create a new access list, remove the old one from the interface, and apply the new list to the interface. You can, however, add rules to the bottom of an existing list, if this meets your needs. To get around having to create an access list from scratch when you need to modify a rule, use TFTP to copy the existing router configuration to a text file on a workstation, modify the file, delete the original configuration on the router, and copy the modified configuration onto the router.

IOS version 12 includes a new feature that allows for the creation and application of time-based access lists, which allows different access lists to be applied to routers at different times and days.

Access lists are sometimes called access control lists, but this can be confusing because the term access control list (ACL) also refers to a mechanism for securing file system objects and other operating system objects.

The table in this article shows that there can be only 100 possible access lists for each type of access list. In some circumstances (for example, with complex backbone routers) this is not sufficient, and you can use named access lists instead. Named access lists are referenced using an alphanumeric name instead of a number, and you can create as many of them as you need.

Placement is an important issue to consider when applying access lists to ports. Standard access lists should be placed as close as possible to the destination, but enhanced access lists should be placed as close as possible to the source.

See Also Internetwork Operating System (IOS) ,router

access mask

A double-word value (32-bit entry) contained within each access control entry (ACE) that defines all possible access rights for a particular type of object (file, folder, and so on).

Overview

Microsoft Windows 2000, Windows XP, and Windows .NET Server use access masks that support several types of access rights. Three examples are:

• Specific access rights: These access rights include FILE_READ_DATA and FILE_APPEND_DATA, which provide permission to read and write data in a file. Objects can have up to 16 different specific access rights, depending on the object type.

• Standard access rights: These apply to all objects and include DELETE, which grants or denies delete access to an object, and WRITE_OWNER, which grants or denies access to the owner security identifier (SID) of an object.

• Generic access rights: These map to specific access rights and standard access rights. Each type of securable object maps generic access rights to its own specific and standard access rights. Generic access rights for file objects include FILE_ GENERIC_READ, FILE_GENERIC_WRITE, and FILE_GENERIC_EXECUTE. These three types are listed in Windows Explorer in Windows 2000, Windows XP, and Windows .NET Server and in Windows NT Explorer in Windows NT as the special permissions read (R), write (W), and execute (X).

See Also

access control entry (ACE), access control list (ACL)

access method

Any method that allows devices to transmit signals over media in a way that ensures that communications can occur between stations.

See Also media access control method

access mode

A mode of running a console created with the Microsoft Management Console (MMC).

Overview

Different access modes are provided for MMC consoles in order to allow or restrict access to administrative functionality. This enables senior administrators to create custom consoles for junior administrators that have only the functionality needed to perform specified tasks, while preventing them from using functionality that could cause problems if not handled correctly.

Selecting Options from the Console menu configures access modes for MMC consoles. The two modes available for running consoles are

• Author mode: This mode grants the user full access to all the functionality of the MMC, including adding snap-ins, removing snap-ins, creating new console windows, and accessing the entire console tree. Only senior administrators should have this access mode.

• User mode: This mode does not allow the user to add snap-ins to or remove snap-ins from the console and restricts access to some of the functionality of the MMC, depending on the options selected. For example, by selecting the Limited Access, Single Window option, the MMC displays only a single console window. User mode has three submodes:

  • Full Access: This submode allows the user to view the whole console tree but restricts the user from adding new snap-ins or changing the console's properties.

  • Limited Access, Multiple Window: This submode allows the user to view portions of the console tree in different windows.

  • Limited Access, Single Window: This submode restricts the user to a single console window.

Notes

If an MMC console is set to user mode, you can start it in author mode by running it from the command line with the /a switch. You can also right-click on the console file (*.msc file) in Windows Explorer and use the shortcut menu to start the console in author mode. However, an administrator can also use Group Policy to prevent the user from opening a console in author mode.

See Also Microsoft Management Console (MMC)

access point (AP)

A device connected to a local area network (LAN) that enables remote wireless stations to communicate with the LAN.

Overview

A wireless networking implementation consists of two parts:

• A wired network such as an Ethernet LAN with an access point attached to it. The access point acts as a bridge between the wired LAN and the remote wireless stations.

• Remote wireless stations with wireless network adapters attached to them.

  

  Access point (AP). How an access point works.

An access point (AP) is basically a network-capable device containing a transceiver and antenna for transmitting signals to and receiving signals from the remote stations. The access point thus provides a "point of access" to the wired network for the remote stations. The access points allow wireless stations to be quickly and easily connected to a wired LAN.

An example of a remote station might be a laptop computer. The laptop can communicate with the access point using a wireless Personal Computer Memory Card International Association (PCMCIA) card or wireless network interface card (NIC). An alternative is the station adapter, a device that plugs in to the laptop's standard 10BaseT port.

A single AP can generally support 15 to 25 wireless stations while still maintaining optimal data transfer rates. The area covered by a single AP is called a cell. The transceiver within an access point uses spread spectrum transmission, which may be either direct sequencing or frequency hopping. For spread spectrum communication in the 2.4 gigahertz (GHz) frequency band, APs typically support data rates of 1 to 3 megabits per second (Mbps) over distances of up to about 2 miles (3 kilometers).

Marketplace

Most commercial APs consist of a combination of an Ethernet port and a transceiver, which allows the AP to be easily connected into an existing wired LAN for bridging to remote wireless stations. Prices for wireless networking equipment based on the 802.11b standard have fallen dramatically in the last few years. A typical AP can cost as low as $300 or as high as $2,000, while wireless network adapters can be as low as $100 each. Examples of APs for small-office home-office (SOHO) use include the Apple Airport, the D-Link DWL-1000AP, and the Lucent RG-1000, and examples of enterprise-class access points include 3Com's AirConnect Wireless AP, the Cisco AIR- AP341 series, Enterasys's RoamAbout AP 2000, and the Intel PRO/Wireless LAN AP.

The higher-priced APs provide faster speeds, support more users, and include better management features. For coverage of large areas, several APs may be required to create a pattern of overlapping cells-in this case it is best to purchase the more expensive ones because these include features to support remote stations that roam between cells covered by different APs. The more expensive APs also support connection to external antennas for better transmission coverage.

Many APs include other advanced features including Dynamic Host Configuration Protocol (DHCP), network address translation (NAT), and routing functions. These APs fall under the general category of network appliance because of their simplicity and ease of use.

Notes

When purchasing an 802.11b AP, you may want to consider if it can be easily upgraded to the newer 802.11a standard, which uses 5 GHz transmission.

For best coverage within an office environment, mount APs on ceilings. If this is difficult because of lack of electrical outlets, look for APs that can be powered over Category 5 (Cat5) cable.

If multiple APs are used to provide redundant coverage for an area, then they should be connected using a wired LAN. This will provide better performance for stations within the coverage area than having the APs connected as wireless repeaters.

See Also 802.11b ,wireless networking

access provider

Also known as Internet service provider (ISP), a company that provides individual users and businesses with connectivity to the Internet.

See Also Internet service provider (ISP) ,xSP

access token

An object assigned to a user that successfully logs on to a network and that identifies the level of security privileges assigned to that user.

Overview

An access token is like a card key. Your card key will provide you with access to doors that have been configured to grant you permission to open them. The list of card keys that a door will accept is analogous to an access control list (ACL).

Access token. A simplified example of an access token at work.

When you log on to Microsoft Windows NT, Windows XP, Windows 2000, or Windows .NET Server, you are granted an access token that is attached to all your user processes. Your access token contains the security identifier (SID) of your user account and every group to which you belong. When your application tries to access an object such as a file on a volume formatted with the NTFS file system (NTFS), Windows NT, Windows 2000, Windows XP, or Windows .NET Server compares the SIDs in your application's access token to those in the access control entries (ACEs) in the object's ACL. If it finds a match, the system grants access to that object.

See Also access control list (ACL)

account

A set of credentials for gaining access to resources in a network or logging on to a system.

Overview

In a typical network, each user needs an account to access resources on the network, such as shared folders, printers, or applications. Accounts provide a way of identifying users on a network and are the foundation of network security. An administrator or another user with high security privileges typically creates accounts.

Accounts are generally used in server-based networks where a central computer such as a Microsoft Windows 2000 or Windows .NET Server domain controller keeps track of each user's account and grants or denies access to the network based on the credentials entered by the user during the logon process. Accounts are used less frequently in peer-to-peer networks or workgroups because the security requirements are usually much less stringent.

A Windows 2000 or Windows .NET Server network contains various kinds of accounts, including

• User account: Identifies users who belong to the domain by storing their names, passwords, the groups they belong to, the permissions they have for accessing system resources, and other personal information

• Group account: Identifies a specific group of users and is used to assign them permissions to objects and resources

• Computer account: Identifies machines that belong to the domain

See Also logon ,network security

account domain

A type of Microsoft Windows NT domain containing accounts for global users and groups.

Overview

Account domains are usually master domains and are typically used in a single or multiple master domain model implementation of Windows NT. The account domain contains user accounts for every user in the enterprise and is usually located at corporate headquarters. Servers and workstations at company branch offices belong to other domains called resource domains. Users at branch offices who want to log on to the network must log on to the account domain, even though their workstations are located within a resource domain.

Account domain. Account domains in Windows NT.

For this scenario to work, a trust relationship must be established so that each resource domain trusts the account domain. In this way all user accounts can be centralized in the account domain, which eases account management for administrators located at headquarters.

Account domains simplify account administration by centralizing administration to a single domain.

See Also resource domain ,trust

account lockout

A condition in which a user is prevented from logging on to the network.

Overview

If account lockout restrictions are set on a network, a user who fails successively to log on will be locked out of the network after a predetermined number of attempts. For example, if a user forgets the password and repeatedly attempts to log on, the authentication provider (a domain controller on a Microsoft Windows 2000 network) assumes that unauthorized access is being attempted and shuts out the user by locking out the account. The account can either remain locked until an administrator unlocks it or it can be configured to unlock after a specified period of time.

Account lockout restrictions are typically part of the account policy that can be set for domains. Account lockout is used to prevent unauthorized access to the network by preventing distrusted users from attempting to guess a trusted user's password. If you set up account lockout on your network, you will probably also want to configure auditing to record failed logon attempts.

Use account lockout only for high-security networks. In a low-security environment, users can become frustrated if they lock themselves out by mistyping their passwords, and administrators must cope with the additional overhead and bother of unlocking these accounts.

See Also auditing

account operator

A user who is assigned the responsibility of administering user and group accounts for a network.

Overview

In Microsoft Windows 2000, Windows XP, or Windows .NET Server, if you want to make an individual an account operator, simply make that person a member of the Account Operators group. Account operators can administer accounts only on a domain controller, not on a member server or workstation.

Account operators have the preassigned rights to log on locally to a domain controller and to shut down the system. In addition, account operators have the built-in capacity to create and manage user accounts, global group accounts, and local group accounts, as well as to keep local profiles.

Account operators should be assigned in enterprise- level networking environments only. In small to medium-sized networking environments, creating and configuring user accounts is usually the administrator's responsibility.

See Also user account

Account Operators group

A built-in security group in Microsoft Windows 2000, Windows XP, and Windows .NET Server where users are account operators.

Overview

Members of the Account Operators group can create, delete, and modify the properties of users, global groups, and local groups. The Account Operators group exists only on domain controllers and has an empty initial membership. The Account Operators group has the following preassigned rights:

• Log on locally

• Shut down the system

Additionally, members of the Account Operators group have the ability to create, delete, and modify user and group accounts using the Active Directory Users and Computers console.

Members of the Account Operators group cannot modify the membership or rights of the following built-in groups:

• Administrators

• Account Operators

• Server Operators

• Print Operators

• Backup Operators

See Also built-in group

ACE

Stands for access control entry, a single entry in an access control list (ACL).

See Also access control entry (ACE)

ACK

Stands for acknowledgment, a transmission from a receiving station to a transmitting station telling it that the transmitted data has been received without errors.

Overview

ACKs play an important role in most network protocols. For example, Transmission Control Protocol (TCP) is a connection-oriented protocol that relies on acknowledgments for successful transmission of data. When a stream of TCP packets is being sent over the network, each packet contains an acknowledgment number indicating the sequence number of the next packet that the receiving station should expect to receive. TCP can use an ACK to acknowledge a series of TCP packets (instead of just a single packet) that have been received. A TCP packet sent as an acknowledgment has its ACK flag set to 1 to indicate that the acknowledgment numbers of the packets received are valid.

During a transmission, if the receiving station determines that the data transmission is late or has not arrived, a negative acknowledgment (NAK) is generated to indicate to the transmitting station that the data should be sent again.

See Also Transmission Control Protocol (TCP)

ACL

Stands for access control list, any mechanism for implementing access control on a file system object, directory object, or other operating system object.

See Also access control list (ACL)

ACM

Stands for the Association for Computing Machinery, the oldest and largest educational and scientific computing society in the world.

See Also Association for Computing Machinery (ACM)

ACPI

Stands for Advanced Configuration and Power Interface, a specification for power management of computer hardware.

See Also Advanced Configuration and Power Interface (ACPI)

ACR

Stands for attenuation to crosstalk ratio, the ratio of the received strength of a signal on a pair of wires (attenuation) to the amount of crosstalk between the wires.

See Also attenuation to crosstalk ratio (ACR)

Active Desktop

A feature of Microsoft Windows that enables active content from Web sites or channels to be displayed directly on the desktop.

Overview

Active Desktop was first introduced with Microsoft Internet Explorer version 4, and made possible the dynamic downloading and display of content such as graphics, Hypertext Markup Language (HTML) pages, Microsoft ActiveX controls, Java applets, and channels. For example, you could have a stock ticker applet placed directly on your desktop that updates its information continually using a live Internet connection.

Active Desktop integrates the Web and your desktop, allowing you to launch programs, switch between files, and customize your desktop using active Web content. Active Desktop makes your desktop and its folders look and work like the Web, allowing you to browse resources on your computer or local network the same way you browse for content on the World Wide Web. Information about volumes, folders, and files can be displayed as Web pages within folders, and you can move up and down the folder hierarchy using a single click instead of a double click.

Active Desktop is included with Windows 98, Windows Millennium Edition (Me), Windows 2000, Windows XP, and Windows .NET Server and is available for Windows 95 and Windows NT 4 as an option by installing Internet Explorer 4 and the Windows Desktop Update.

The Active Desktop is implemented as an application programming interface (API) called the IActiveDesktop interface, which is part of the Windows Shell API. This interface is designed to allow client programs to manage desktop items and wallpapers on local computers. It also provides methods for adding desktop items (with or without a user interface, allowing the user to decide whether to accept the addition), adding desktop items associated with a Uniform Resource Locator (URL), applying changes by writing settings to the registry, and so on.

Active Desktop. Web elements on Active Desktop.

The Active Desktop consists of two layers:

• HTML layer: This is the background layer that hosts active Web content items. The Hypertext Markup Language (HTML) layer has three components: a file named desktop.htm that contains HTML tags for each active Web component on the desktop, an ActiveX control that lets you move or resize components on your desktop, and any other static HTML element you want to display in the background.

• Icon layer: This transparent foreground layer integrates a Web-type environment with familiar Windows 95 shell features such as double-clicking, drag-and-drop, file associates, and so on.

Users can add new items to the Active Desktop on their machines by using the display utility in Control Panel (or by right-clicking a blank area of the desktop and choosing Properties from the context menu). Either specify the URL of the object you want to add to your Active Desktop or browse to locate it on your network or on the Internet (if you are connected). Programmers can use the ActiveDesktop interface to write routines that add, remove, or modify items on the Active Desktop. You can also add items to the Active Desktop using a Channel Definition Format (CDF) file.

See Also Active Platform

Active Digital Profile (ADPr)

An Extensible Markup Language (XML) specification for automating the provisioning of IT (information technology) resources.

Overview

XML is becoming the de facto standard for exchange of electronic information, superseding previous standards such as Electronic Data Interchange (EDI). To standardize exchange in different business areas, XML schema are used. Active Digital Profile (ADPr) is a proposed XML schema that allows for the electronic allocation and deployment of IT (information technology) resources such as hardware and software. As an XML schema, ADPr provides a vendor-neutral and platform-independent model for these business processes to take place at a high level.

ADPr is based on software created by Business Layers in conjunction with Novell, CheckPoint Software, and other companies. ADPr has been submitted to the Organization for the Advancement of Structured Information Standards (OASIS) as a proposed XML standard.

See Also Organization for the Advancement of Structured Information Systems (OASIS) ,XML

Active Directory

The directory service for the Microsoft Windows 2000 and Windows .NET Server network operating systems.

Overview

Active Directory directory service consists of both a database and a service. Active Directory is a database of information about resources on the network, such as computers, users, shared folders, and printers. It is also a service that makes this information available to users and applications.

Active Directory provides the basic features needed for an enterprise-level directory service, including an extensible information source, naming conventions for directory objects, a common set of policies, and tools for administering the service from a single point of access. Administrators can configure Active Directory to control access to network resources by users and applications. Active Directory provides network administrators with centralized administration of all information about resources on the network, and it provides both users and administrators with advanced search capabilities for locating resources on the network.

Information in Active Directory is maintained for each domain on the network. Active Directory database information is stored and maintained on machines called domain controllers. This information is replicated automatically between domain controllers to ensure that every portion of the distributed directory is up to date. By default, the replication of updates to Active Directory occurs automatically every five minutes. Automatic replication of Active Directory information occurs only within the security boundary of a specific domain. Domain controllers in one domain do not automatically replicate with those in another domain.

Architecture

Active Directory's basic element is the object. An object can represent a user, computer, printer, application, file, or another resource on the network. Active Directory objects possess attributes, which are their properties. For example, some user attributes might include first name, last name, e-mail address, and phone number. Some attributes must have mandatory values, and others can be left undefined. A printer's attributes might include its location, its asset number for accounting purposes, its type, and so on. Active Directory also has a set of rules governing which objects can be stored in the directory and which attributes these objects can possess. This set of rules is known as the schema.

A special type of Active Directory object is the organizational unit (OU) . An OU is a type of object that can contain other objects. An OU can either contain a specific object, such as a user or an application, or it can contain another OU. Using OUs, you can organize Active Directory into a hierarchical directory of network information based on the X.500 directory recommendations of the International Telecommunication Union (ITU). You can assign users permissions on subtrees of OUs for management and resource access purposes.

Organizational units are contained within domains, which are Active Directory's basic security and organizational structure. Every object in Active Directory must belong to a domain. Domains usually mirror the organizational structure of your enterprise and act as a security boundary in it. For example, privileges granted in one domain are not automatically carried over to another domain. Domains can be joined into larger structures called trees using two-way transitive trusts, and these tree structures can be grouped into forests. Typically one forest is created per enterprise when Active Directory is deployed.

The collection of objects, OUs, domains, trees, and forests represent Active Directory's logical structure. Active Directory's physical structure consists of various layers of programming elements on servers called domain controllers. These programming elements include

• Directory System Agent (DSA): The process that provides access to the Active Directory store where directory information is stored on the domain controller's hard drive.

• Database Layer: This layer provides a uniform interface for the DSA for accessing the store.

• Extensible Storage Engine (ESE): This is a version of the database engine on Microsoft Exchange Server 5.5 and is used to provide access to the Active Directory store, which is capable of storing information about many millions of directory objects.

Above these layers are various interfaces and protocols by which various clients can access Active Directory. These include

• Lightweight Directory Access Protocol (LDAP): Supports LDAP clients such as Microsoft Outlook and Active Directory Services Interface (ADSI).

• Replication transports (REPL): Supports replication transports such as remote procedure call (RPC) and Simple Mail Transfer Protocol/Internet Protocol (SMTP IP) for Active Directory replication.

• Security Accounts Manager (SAM): Supports Windows NT 4 networking application programming interfaces (APIs) and replication with Windows NT backup domain controllers (BDCs).

• Messaging Application Programming Interface (MAPI): Supports Outlook and other MAPI- compliant clients.

Other protocols whose implementation is of crucial importance for Active Directory include Domain Name System (DNS) and Transmission Control Protocol/Internet Protocol (TCP/IP).

Implementation

Before implementing Active Directory in your enterprise, you will need to gather information about your organization's structure because Active Directory usually mirrors this structure in some fashion. A good way to proceed is to use a centralized planning approach with a team consisting of both technical and management representatives. You must develop a naming strategy, plan your domain structure, and consider how you will delegate administrative duties concerning Active Directory. When you delegate administrative control to Active Directory, do so at the OU level instead of at the individual object level. This makes it easier to control portions of the OU hierarchy within Active Directory. In particular, you probably want to delegate control to individuals responsible for creating users, groups, computers, and similar objects.

Consider the speed of the various links between your different geographical locations and how any systems that are not interoperable with Active Directory will be integrated into your new system. You should also profile your user community to determine what sort of domain hierarchy you will be implementing. Also consider integrating your DNS zone information into Active Directory because this will store your DNS zone information in the distributed Active Directory. Plus, it will facilitate and simplify updates of zone information through replication of domain controllers.

An important planning issue is determining where to locate domain controllers and global catalog servers for your enterprise because after Active Directory is installed and configured, the majority of Active Directory traffic is related to Active Directory clients querying Active Directory for information. Directory replication traffic is usually a less important consideration, unless the organization is in a constant state of flux. Placing a domain controller at each site will optimize queries but can increase replication traffic. Nevertheless, placing a domain controller at a site that has users in that domain is usually the best solution. If the domain tree is large, you should not place a global catalog server at each site because this can create a lot of replication traffic. Place global catalog servers only at large regional sites. Remember that replication of modifications made to your Active Directory might take some time to propagate throughout your enterprise. For example, if you create a new user account object, it might be a few minutes before the user can actually log on to the network using the account.

Notes

The default naming convention for objects stored in Active Directory is an Active Directory canonical name of the object. This defines the object's position in a domain tree from left to right, starting with the object's name and delimited by slashes. For example, the User Account JSmith in the Marketing OU of the northwind.microsoft.com domain would have the Active Directory canonical name

Jsmith/users/marketing/northwind.microsoft.com

Active Directory supports non-DNS naming conventions for interoperability with non-DNS environments. An example is the LDAP naming convention. An LDAP Uniform Resource Locator (URL) is composed of the name of the server with the distinguished name of the object appended to it. Other naming conventions include the following:

• User principal name: This convention consists of the user's SAM account name with an object's user principal name suffix appended to it. The user principal name suffix is the name of the domain tree or the name of the domain above the object in the domain tree.

• Request for Comments (RFC) number 822 name: This naming convention is essentially the user's e-mail address.

• Universal Naming Convention (UNC): This convention can be used for shared resources.

Discretionary access control lists (DACLs) and system access control lists (SACLs) protect Active Directory objects. DACLs and SACLs specify which user or application has permission to access attributes of directory objects and work in a similar fashion to access control lists (ACLs) that are implemented in the version of NTFS file system (NTFS) used in Windows NT 4. DACLs and SACLs can be used to propagate their permissions to connected directory objects. They also provide a simple way for administrators to grant access and usage rights for Active Directory to users and groups.

See Also domain (DNS) ,forest ,organizational unit (OU) ,tree ,trust ,Windows 2000

Active Directory Client

Client software running on a machine and enabling it to access information published in Active Directory directory service.

Overview

Microsoft Windows 2000, Windows XP, and Windows .NET Server come with a built-in Active Directory client so that they can participate immediately in an Active Directory-based network. Some other versions of Windows may require an Active Directory client to be installed prior to participating in such a network.

A version of Active Directory Client called the Directory Services client is available for computers running Windows 95 and Windows 98. This client allows them to log on to a Windows 2000 or Windows .NET Server domain and access information published in Active Directory. The Directory Services client can be found in the \clients folder on the Windows 2000 Server compact disc. Microsoft Internet Explorer version 5.0 or later must be installed on the machine running Windows 95 or Windows 98 prior to installing the Directory Services client. A similar client is also available for Windows NT version 4 machines.

See Also

Active Directory

Active Directory Domains and Trusts

A management console in Microsoft Windows 2000 and Windows .NET Server that can be used for administering domains and trust relationships.

Active Directory Domains and Trusts. The Active Directory Domains and Trusts console.

Overview

Active Directory Domains and Trusts provide administrators with a graphical representation of all the domain trees in a domain forest. Using the Active Directory Domains and Trusts, you can perform common administrative tasks such as

• Creating an explicit domain trust and managing existing trust relationships between domains

• Changing the domain mode from mixed mode to native mode

• Adding user principal name suffixes for a forest

Notes

You can also use the Active Directory Domains and Trusts to open Active Directory Users and Computers by right-clicking on a domain and then selecting Manage from the shortcut menu.

See Also administrative tools (Windows 2000, Windows XP, and Windows .NET Server)

Active Directory Installation Wizard

A wizard in Microsoft Windows 2000 Server and Windows .NET Server that installs the Active Directory directory service on a machine.

Overview

Active Directory Installation Wizard promotes member servers or stand-alone servers into domain controllers. You can use Active Directory Installation Wizard to

Active Directory Installation Wizard. Using the Active Directory Installation Wizard to install Active Directory.

• Create a new domain controller with a new domain tree

• Create a new domain controller with a new child domain that islocated under a parent domain in an existing domain tree

• Create a replica domain controller for an exist- ing domain

You must be an administrator to run Active Directory Installation Wizard. Start the wizard by running the Dcpromo utility from the command prompt or choose the Run command from the Start menu, enter dcpromo in the Run dialog box, and then click OK. This opens the wizard's welcome screen, where you are required to make a number of decisions concerning the following:

• Whether to create a new domain or add a replica domain controller to an existing domain

• If you choose to create a new domain, whether to create a new domain tree or add a child domain to an existing tree

• If you choose to create a new domain tree, whether to create a new domain forest or add the new tree to an existing forest

Names you specify for new or existing domains, domain trees, or domain forests are based on the Domain Name System (DNS) naming system. Other steps in the wizard allow you to specify the path to the Active Directory database, the location of the System Volume (SYSVOL) share, and so on.

Running Active Directory Installation Wizard has the following results:

• The machine on which the wizard is run becomes a domain controller. If it is the first domain controller in your domain, the wizard also creates a new site for that controller. If it is the first domain in your enterprise, it is also the root domain for any domain tree that will be created. You can use the wizard to create the first domain forest in your enterprise, too.

• The first domain controller is also your global catalog server.

• Active Directory files are located in %SystemRoot%\Ntds with the associated log files.

• The shared system volume SYSVOL, which stores scripts used for implementing group policies for your domain, is located in %SystemRoot%\Sysvol.

• A number of default organizational units (OUs) are created, namely the Users, Builtin, Computers, and Domain Controllers.

Notes

You must make sure that DNS is already installed and configured prior to running Active Directory Installation Wizard in order to create the first domain controller for your network. A DNS name will be needed for your new domain controller, and a DNS server must be available on the network during the installation process.

Active Directory files also require an NTFS file system (NTFS) volume, which must be configured as a basic volume. Dynamic volumes cannot be used for Active Directory files. Running the wizard creates a log file in the %SystemRoot%\Debug folder that shows the results of the installation procedure.

If you are creating a new child domain, an available domain controller must be in the existing parent domain. If you are creating a replica domain controller, an available domain controller must be in the target domain.

See Also Active Directory ,domain controller

Active Directory schema

The formal term for all object classes that can be stored in Active Directory directory service and all attributes that make up these object classes.

Overview

The schema defines which kinds of objects are permitted to be published in Active Directory and states their possible attributes. The schema consists of two types of objects:

• Classes: These objects are predefined collections of attributes. For example, every user account on a network is represented in Active Directory by a User class object.

• Attributes: This is the actual information stored in an object. For example, a User class object is composed of attributes such as Name, PhoneNumber, and so on.

Attributes are defined separately from classes. This allows each attribute to be defined only once and then used in many different classes. Class definitions (such as the User class) and attribute definitions (such as the Name attribute) are themselves objects within Active Directory. This means you can manage class and attribute definitions in Active Directory with the same tools you use to manage other objects (user and group accounts, computers, and so on).

The Windows 2000 and Windows .NET Server Active Directory includes a default schema that defines commonly used object classes such as users, groups, computers, domains, organizational units (OUs), and security policies. Active Directory is extensible and can be modified using Active Directory Schema. Specifically, you can modify the schema by

• Defining new object types and their attributes

• Defining new attributes for existing object classes

• Removing attributes from existing object classes

• Removing existing object classes

Some applications such as Microsoft Exchange Server 2000 are also designed to extend the Active Directory schema for application-specific purposes.

Notes

Members of the Schema Admins group, of which the default Administrator account is automatically a member, are the only users who can make changes to the schema. A typical reason for modifying the Active Directory schema might be adding new attributes to an existing User object-for example, a SeniorityLevel attribute.

Before you can use this tool to modify the schema, you must add a registry setting to your machine and specify the one domain controller that can be used to modify the schema for your enterprise. This prevents unauthorized access to the schema and inconsistencies that can occur when the schema is simultaneously modified in more than one place.

Another way of modifying Active Directory schema is to write a script that uses Active Directory Service Interfaces (ADSI) to make calls that modify the schema. This is the best solution if you want to modify the schema for an entire enterprise or if you want to automate modifications to the schema.

Existing object classes and their attributes cannot actually be deleted; they are simply marked "defunct" in Active Directory and can no longer be used.

The schema is located under the rootDSE object, which contains information about the directory and is located at the top of the Lightweight Directory Access Protocol (LDAP) directory naming structure. You can access this object using the LDAP Uniform Resource Locator (URL):

LDAP://rootDSE

See Also Active Directory

Active Directory Service Interfaces (ADSI)

A set of object-oriented programming interfaces for providing programmatic access to Active Directory objects.

Overview

Active Directory Service Interfaces (ADSI) consist of a set of general interfaces built on the Component Object Model (COM) that lets applications work with various types of directories using a single access method. ADSI works by abstracting the capabilities of directory services from different network providers to present a single set of interfaces for managing network resources in a distributed computing network. ADSI provides a simple, open, functionally rich, and scriptable method for interfacing with any directory service, independent of the vendor.

Programmers and administrators can use ADSI to create directory-enabled applications using tools such as Microsoft Visual Basic or Microsoft Visual C++. ADSI can be used to create new users and groups, locate and manage printers, and perform other administrative functions on a Windows 2000 or Windows .NET Server network.

ADSI is only a part of a more general Microsoft family of APIs called the Windows Open Directory Services Interfaces (ODSI). Other OSDI interfaces include the Network Provider Interface, Windows Sockets Registration and Resolution (RnR), and RPC OLE DB.

Architecture

ADSI consists of two types of COM objects (directory service leaf objects and directory service container objects) that clients can manipulate with interfaces. ADSI providers are used to implement these objects and their interfaces. Each object in a given namespace is identified using a unique name. For example, file system objects can be specified using their absolute path, and directory objects are usually specified using their X.500 address. However, ADSI is flexible enough to handle any naming system used by third-party vendors' directory service implementations.

Advantages and Disadvantages

Using ADSI for directory access has the following benefits:

• Open: ADSI is an open platform for which any directory vendor can develop an ADSI provider.

• Simple: ADSI consists of a small collection of easy-to-learn programming interfaces.

• Extensible: Independent software vendors (ISVs) and directory service (DS) vendors can enhance ADSI by developing their own objects and functions.

• Language independence: ADSI is based on COM and can be used by any programming language that supports COM.

• DS independence: ADSI is independent of the DS being used, so developers using ADSI do not have to learn the underlying machinery of the directory they are using ADSI to access.

• Scriptable: Automation-compatible languages such as VBScript and Perl can be used to automate directory tasks using ADSI.

• OLE DB aware: ADSI can be used to access data sources through OLE DB.

Notes

Windows 2000, Windows XP, and Windows .NET Server contain ADSI providers for accessing the following types of directories:

• Active Directory directory service

• Lightweight Directory Access Protocol (LDAP)

• Novell Directory Services (NDS)

• Windows NT directory services

ADSI supports the LDAP C API defined in Request for Comments (RFC) number 1823, which specifies a low-level interface for C language programming and provides support for the Messaging Application Programming Interface (MAPI) so that legacy MAPI applications will work with Active Directory.

ADSI was formerly known as OLE DS.

See Also Active Directory ,directory

Active Directory Sites and Services

A management console in Microsoft Windows 2000 and Windows .NET Server that can be used for administering sites, domain trees, domain controllers, subnets, and intersite links.

Overview

Using Active Directory Sites and Services, you can perform common administrative tasks such as

• Creating a new site and configuring replication within the site

• Configuring directory service (DS) objects and licensing site settings

  

  Active Directory Sites and Services. The Active Directory Sites and Services console.

• Adding servers, domain controllers, intersite links, and subnets to a site

• Moving and repairing domain controllers

• Delegating control of a site

See Also administrative tools (Windows 2000, Windows XP, and Windows .NET Server)

Active Directory Users and Computers

A management console in Microsoft Windows 2000 and Windows .NET Server that can be used for administering Active Directory objects and information published in the directory.

Overview

Using Active Directory Users and Computers, you can perform common administrative tasks such as

• Creating a new user, group, shared folder, computer, printer, or other resource

• Creating new organizational units (OUs) for organizing directory objects

• Moving directory objects to different OUs

• Deleting objects from the directory

• Displaying and editing the properties of directory objects

• Managing group policies and changing domain controllers

  

  Active Directory Users and Computers. The Active Directory Users and Computers console.

• Finding objects within the Active Directory database

Notes

If you want to quickly assign permissions to network resources such as file shares, printers, users, and groups in your enterprise, simply move their associated directory objects to different servers that require the same permissions to the same OU. Objects inherit permissions from their new OU and lose permissions from their old OU. However, permissions assigned directly to an object are moved together with the object.

See Also administrative tools (Windows 2000, Windows XP, and Windows .NET Server)

active hub

A hub that has electronic circuitry to regenerate weak signals.

Overview

Active hubs function as multiport repeaters, allowing computers to be networked together in a star topology. Virtually all hubs sold today are active hubs, so one generally refers to them nowadays simply as hubs.

See Also hub ,passive hub

active partition

The partition that contains the boot files for an operating system.

Overview

The active partition is the one from which the operating system boots. On a machine running Microsoft Windows 2000, Windows XP, or Windows .NET Server, the active partition must also be a primary partition and must be located on a basic disk.

Depending on the Microsoft operating system used, you can use any of the following tools to make a partition active:

• The Fdisk utility from the command prompt for MS-DOS and all Microsoft Windows platforms

• The Disk Administrator administrative tool in Windows NT

• The Computer Management administrative console in Windows 2000

Notes

Alpha-based computers running Windows NT have no active partitions. Instead, the boot volume is configured by a manufacturer-supplied configuration program.

See Also partition (Active Directory) ,system partition

Active Platform

A set of Microsoft technologies for developing applications for the Internet.

Overview

Active Platform is actually an umbrella term for three key Microsoft technologies:

• Active Desktop: Integrates the Microsoft Windows desktop with the Internet, providing a seamless connection between local and remote applications and resources. Active Desktop is a core technology of Internet Explorer.

• Active Server: The Active Platform component of Microsoft Internet Information Services (IIS) version 5 or later. Using Active Server technologies, core Windows NT services can be extended to the Internet using applications developed with Microsoft Active Server Pages (ASP) technologies.

• Microsoft ActiveX: A component software technology based on the Component Object Model (COM). ActiveX allows distributed Web-based applications to be developed in any programming language and then run from within an ActiveX- enabled browser such as Internet Explorer.

Applications developed using Active Platform technologies can be accessed and run from any client platform independent of the operating system, as long as a standard Web browser such as Microsoft Internet Explorer is installed on the client.

See Also Active Desktop ,Active Server Pages (ASP)

active scripting

Using a scripting language to drive Component Object Model (COM) components.

Overview

Host applications such as Microsoft Internet Information Services (IIS) with Microsoft Active Server Pages (ASP) and Microsoft Internet Explorer have scripting engines for running scripts written in VBScript or JScript. Active scripting engines can be developed for other interpretive scripting languages, such as Perl, to build upon a developer's existing knowledge of these programming platforms. Scripting engines for client software, such as Internet Explorer, are specially designed to eliminate the authoring components that are not needed in a nonauthoring host environment. This makes the client-side scripting engine lightweight, which yields better performance.

In a typical scenario, the host application loads the script document and calls an application programming interface (API) to create a new instance of a scripting engine. The host application feeds the script to the engine and executes the script.

See Also Active Server Pages (ASP)

Active Server Pages (ASP)

An open, compile-free application environment for developing Web applications using Microsoft Internet Information Server (IIS) version 3 and later, including Internet Information Services (IIS) in Windows 2000, Windows XP, and Windows .NET Server.

Overview

Active Server Pages (ASP) can be used to build powerful, distributed Web-based applications that combine Hypertext Markup Language (HTML), script, and Microsoft ActiveX technologies to provide dynamic Web sites. ASP combines the ease of HTML with familiar programming tools such as Microsoft Visual Basic Scripting Edition (VBScript) and Microsoft JScript, along with reusable Component Object Model (COM) components. These components can be used to build powerful, dynamic Web sites. ASP executes on the Web server, and the output returned to the Web browser is a plain HTML file.

Architecture

ASP is implemented in IIS as an Internet Server Application Programming Interface (ISAPI) filter called Asp.dll, which resides in the same memory space as IIS. User requests for ASP pages, which have the suffix .asp appended to them, are processed by the filter which loads the necessary language dynamic-link libraries (DLLs) for interpreting script on the page, executes server-side script on the server, and returns the remaining HTML and client-side script to the browser requesting the page.

ASP pages have the file extension .asp and typically contains a mixture of HTML, scripts, and other components written in any programming language. The scripts can reference components running on either the local server or any other accessible server and can perform actions such as accessing a database, sending e-mail, or processing information in another fashion. The result is then returned by the server to the client as a standard HTML file and displayed in the usual way.

The Asp.dll also includes an object model that encapsulates properties and methods for seven built-in objects: Application, ASPError, ObjectContext, Request, Response, Server, and Session. These objects are available for any .asp page requested. For example, the Response object can be used to control how data is sent to the requesting client.

ASP organizes collections of ASP pages into applications, which are typically groups of files within a given virtual directory and its subdirectories. ASP applications (also known as Web applications) can have global variables and can save state information so that a session can exist across several requested pages in succession. Session-level data is initiated by reference to a file called Global.asa, which is checked whenever a new client makes a request to pages in an ASP application.

Examples

For example, when requested, the following ASP file will return the current time and browser type to the requesting client:

<HTML> <HEAD><TITLE>Sample Web Page</TITLE></HEAD> <BODY> The time right now is <% = now %> Your browser type is <%  =Request.ServerVariables("http_user_agent")  %> </BODY> </HTML>

You can use ASP to develop Web content that is customized for user preferences and demographics and that uses Microsoft ActiveX Data Objects (ADO) and open database connectivity (ODBC) to provide access to multiple data sources. ASP provides a browser-neutral approach to the design of Web applications where all of the application logic resides on the server.

Notes

Active Server Pages was first introduced as a beta technology code-named "Delani" for the Microsoft Internet Information Server 2 platform.

Unlike the stateless Hypertext Transfer Protocol (HTTP), ASP is a session-based technology. When a user connects to an ASP file on a Web server, a session object is created. After the session expires, the session object is destroyed. The default time-out for ASP applications is 20 minutes, although Outlook Web Access uses a time-out of 60 minutes.

For More Information

To learn more, visit Charles Carroll's ASP site at www.activeserverpages.com

See Also Active Platform

Active Setup

A Microsoft ActiveX engine that can be used to download and install software over the Internet interactively using a Web browser.

Overview

Active Setup makes use of the fact that source files of the application to be installed are partitioned into segments, the traditional cabinet installation files (*.cab files). Active Setup begins by downloading a small, self-extracting setup package to the browser client. This file also collects information about the client's computer to help determine which components already exist on the system and whether the desired application is compatible with the system's configuration. The user specifies a location from which to download the desired application and the types of components to be installed. The application's *.cab files are then downloaded as needed, after which Active Setup is completed and normal installation can continue.

One advantage of Active Setup is that if the download is interrupted, it can be resumed at the interruption point rather than at the beginning.

See Also ActiveX

active volume

The volume in Microsoft Windows 2000, Windows XP, and Windows .NET Server from which a computer boots.

Overview

In Windows 2000, Windows XP, and Windows .NET Server disk terminology, active volumes on dynamic disks are what active partitions are on basic disks. The active volume for a system must be a simple volume; in other words, it cannot be a striped set or mirrored volume.

You can upgrade the basic disk that contains the active partition to a dynamic disk, making it a simple volume that is active, but you cannot mark an existing dynamic volume as the active volume.

See Also active partition ,dynamic disk

active window

The particular open window that has the focus on a Microsoft Windows desktop.

Overview

The active window is the window belonging to the application in which the user is currently working. If several windows are open on a user's desktop, only one of these windows can be the active window. A unique color on the active window's title bar distinguishes it from other windows. If the user enters commands or text using the keyboard, these commands or text will be routed to the program displaying the active window. To make a window the active window on the desktop, simply click on it using the mouse, or cycle through the windows on the desktop using Alt+Tab.

Notes

You can capture a bitmap image of the active window to the clipboard by pressing Alt+PrintScreen. Then open Paint, paste the contents of the clipboard into the program, and save it as a *.bmp image.

See Also Microsoft Windows

ActiveX

An umbrella term for Microsoft technology for building lightweight reusable software components.

Overview

The term ActiveX was first coined at the Internet Professional Developers Conference (Internet PDC) in 1996 and was based on the conference slogan "Activate the Internet."

Microsoft ActiveX is built on the Component Object Model (COM) and Distributed Component Object Model (DCOM) technologies, which enable software components to interact with each other across a network. ActiveX does not replace object linking and embedding (OLE) but broadens and enlarges it to include the Internet and intranet technologies.

ActiveX is supported by most Microsoft development and productivity applications, including Visual Basic, Visual C++, and Office.

For More Information

Visit the Microsoft COM site at www.microsoft.com/com

See Also Component Object Model (COM) ,OLE

ActiveX component

A Component Object Model (COM)-based application that allows other applications to use the classes it contains.

Overview

An ActiveX component represents a server application because it can serve other applications that call it. An application that calls an ActiveX component thus functions as a client application. Other names for ActiveX components are ActiveX servers, ActiveX DLLs, and COM components.

You can create ActiveX components using tools from Microsoft Visual Studio such as Microsoft Visual Basic and Microsoft Visual C++.

See Also ActiveX ,COM component object

ActiveX controls

Compiled, reusable software components based on Microsoft Corporation's Component Object Model (COM).

Overview

ActiveX controls can be used as prefabricated components to help developers rapidly build user interfaces for applications. ActiveX controls can draw themselves in their own windows, respond to events such as mouse clicks, and be managed through properties and methods. An ActiveX control cannot run as a stand-alone program but must be loaded into a control container such as Microsoft Visual Basic or Microsoft Internet Explorer.

History

The earliest form of custom controls in the Microsoft Windows platform were Visual Basic Extension (VBX) controls, which were 16-bit dynamic-link libraries (DLLs) in Windows 3.1 that had specific entry points and designed to work with VB forms to provide specific graphical user interface (GUI) functionality. With the introduction of object linking and embedding (OLE), VBX controls were replaced by 32-bit OLE Custom Extension (OCX) controls that supported type libraries and had better C++ support. Unfortunately, OCX controls tended to be bloated because they contained a large number of COM interfaces, whereas the applications calling them may only require a few of these interfaces. This was a particular concern when downloading controls over the Internet, so ActiveX controls, which were basically OCX controls in which the interfaces were optional, were created. ActiveX controls are thus lightweight controls and may even have no interface at all, as in ActiveX Data Objects (ADO).

Uses

ActiveX controls are often used to provide dynamic features for Web pages-for example, a stock ticker control that adds a live stock ticker to a Web page, an advanced user interface navigation tool, and an animation control that adds animation functionality to a page.

ActiveX controls can be embedded into a Hypertext Markup Language (HTML) page by using the HTML <OBJECT> tag. If a user tries to access such a page using a Web browser and the embedded ActiveX control is not installed on the user's system, the control can be automatically downloaded by using the URL specified in the CODEBASE attribute of the <OBJECT> tag. Once the ActiveX control is downloaded and installed on the user's system, the browser will continue to use the cached control until an updated version becomes available on the server.

Here is an example of a typical <OBJECT> tag that includes a CODEBASE attribute:

<OBJECT  WIDTH=225 HEIGHT=35 CLASS CODEBASE="http://example.microsoft.com/ AControl.cab#Version=1,0,0,1"> </OBJECT>

Notes

A malicious ActiveX control can potentially damage software or data on a user's computer. To help users determine whether an ActiveX control is safe to install, Microsoft has developed a code-signing technology called Authenticode, which identifies the creator of a control using a digital signature issued by a well-known security authority such as VeriSign.

ActiveX Data Objects (ADO)

A data access interface developed by Microsoft Corporation and used for communicating with OLE DB- compliant data sources.

Overview

ActiveX Data Objects (ADO) is a high-level object- based interface to OLE DB, in other words, an OLE DB consumer (OLE DB is a generic data access technology from Microsoft). Using ADO and OLE DB, a client application can connect to a variety of data sources using the same programming model. These data sources include relational databases, hierarchical databases, indexed sequential access method (ISAM) databases, and virtually any other kind of data source for which an open database connectivity (ODBC) driver exists. In other words, ADO is intended to be a universal information interface.

In order to communicate with these unique data sources, ADO and OLE DB employ components called OLE DB providers, which are designed for specific data sources. If a native OLE DB provider is not available for a data source, but an ODBC driver is available, it should be possible to access the data source using the ODBC driver and an OLE DB provider designed to communicate with ODBC drivers.

Uses

ADO is supported in a variety of programming environments. For example, ADO can be used in Microsoft Visual C++ and Microsoft Visual Basic to access data in an OLE DB data source such as Microsoft SQL Server. ADO can also be used in conjunction with IIS to create Microsoft Active Server Pages (ASP) applications that access data sources.

In a Web-based environment, ADO is basically a server-based solution for data access. All data operations, such as changes to database records and filtering, must take place on the server. The client can then receive the data but cannot easily manipulate it. For applications in which the client must be able to manipulate the data being accessed, use remote data binding with Remote Data Service (RDS) instead. RDS is a technology that enables the user to manipulate data on the client and have any changes automatically made on the server. Allowing data to be manipulated on the client makes Web applications faster and more responsive.

ADO 2.5 is an integral part of the Microsoft Windows 2000 platform.

Architecture

ADO is based on a collection of Component Object Model (COM) and COM+ interfaces, and its object model is a simple COM-based architecture, which consists of static and dynamic object models. ADO communicates with a database through type libraries. Choosing the right library can significantly improve data access performance. For example, if Microsoft SQL Server is running on the same machine as Microsoft Internet Information Services (IIS), using named pipes can provide better performance than using the Transmission Control Protocol/Internet Protocol (TCP/IP) networking library.

The ADO 2.5 object model includes the following object types: Connection, Command, Errors, Fields, Record, Recordset, Parameters, and Stream.

Notes

Microsoft distributes ADO as part of the Microsoft Data Access Components (MDAC), a package that includes drivers and providers for ADO, OLE DB, and ODBC.

ADO 2.5 can also be used with ExOLEDB to provide access to the Web Storage System on Exchange 2000.

See Also ADO+ ,ADO.NET

adapter

A device for connecting two different types of electronic hardware without losing information.

Overview

In local area network (LAN) networking, an adapter is a small device with two different connectors that provide data transmission back and forth between two different types of media (cabling). Adapters come in many varieties and are typically specified by stating the two connector types used and whether these connectors are male or female. For example, a DB9(f)-DB25(m) adapter means an adapter with a DB9 female and a DB25 male connector.

Adapters are a necessary part of the network administrator's toolkit because of the large number of connectivity options provided by networking equipment vendors.

Notes

The term adapter is also used in a number of different contexts in networking, including the following examples:

• Network interface cards (NICs) are sometimes called network adapter cards because they provide connectivity between computers and network cabling.

• Cigarette lighter adapters can be used to power cellular phones or laptops from an automobile battery.

• Digital phone adapters allow analog modems to be connected directly to Private Branch Exchange (PBX) phone outlets without damage.

• SC/ST adapters provide connectivity between fiber-optic connectors of differing types.

See Also connector (device)

adaptive acceleration

An umbrella name for a group of technologies that expands the capacity of data channels.

Overview

Adaptive acceleration expands the amount of data that can be delivered over a given amount of bandwidth. This boosts network performance and helps overcome bottlenecks due to bandwidth limitations, a condition that affects most Internet service providers (ISPs), application service providers (ASPs), and other types of service providers. While throwing bandwidth at the problem is one way of handling the issue, adaptive acceleration tries to squeeze the best performance out of a fixed amount of bandwidth without dramatically increasing costs.

Adaptive acceleration works by combining several different techniques. These techniques can be incorporated into switching or routing gear or into stand-alone appliances and are targeted particularly towards traffic carried over the Internet. Some of the techniques used in adaptive acceleration include

• Adaptive packet compression: This assigns a different data compression algorithm to different types of data. For example, Hypertext Markup Language (HTML) files compress differently from Microsoft Word files, and adaptive packet compression scans packets for different kinds of files and compresses them in the most efficient manner for each type.

• Selective caching: This technique makes use of advanced algorithms to determine which files (or portions of files) can benefit most by being cached. For example, an entire Word file might be cached, or only the properties of the file. As another example, a .gif image might be cached, or only its palette.

• Vertical data analysis: This technique uses an algorithm that parses the different level protocol headers in packets, compresses it, repackages it, and applies rules to handle it more efficiently. This makes data transfer more efficient and can enhance and prioritize time-sensitive traffic such as voice or video over IP.

See Also caching

Adaptive Differential Pulse-Code Modulation (ADPCM)

A technique for converting analog sound, such as speech, into binary digital information by frequently sampling the sound and expressing its modulation in binary form.

Overview

Adaptive Differential Pulse-Code Modulation (ADPCM) codecs convert analog signals into digital information by quantizing the differences between the actual analog signal and a predicted signal. The result is that analog signals encoded into files using ADPCM have a smaller size than many other formats. ADPCM enables speech information to be compressed into small files for storage and transmission.

Personal Communications Services (PCS) cellular telephony systems use a 32-kilobits per second (Kbps) ADPCM coding system to provide the same quality of voice communication that isavailable in wired telephone networks. This standard was developed by the International Telecommunication Union (ITU) and is known as G.721.

See Also modulation

ADC

Stands for analog-to-digital converter, any device for changing analog signals into digital transmission.

See Also analog-to-digital converter (ADC)

address book view

A virtual container in Microsoft Exchange that lets Microsoft Exchange Server administrators group recipients according to common attributes.

Overview

Address book views are created automatically when you establish the defining attributes for the address book view. For example, using the Exchange Administrator program, you could create an address book view called By Department and use the Department attribute of the recipients in your Exchange organization to automatically generate various address book view containers called Sales, Marketing, Management, and so on. Each address book view container will contain only those recipients that belong to a specific department.

For instance, when users access the global address list using Microsoft Outlook, these containers will be visible in their address books, along with their recipients. This allows users to more quickly address e-mail to recipients in a particular department instead of scrolling down the entire global address list.

You can also create multilevel address book views. For example, you could create a first level of virtual containers sorted by Country, followed by a second level sorted by State.

Notes

If you use the Exchange Administrator program to move a recipient from one address book view to another, the recipient takes on the defining attributes of the new address book view.

See Also Exchange Server

address record

A Domain Name System (DNS) record mapping a host name to an Internet Protocol (IP) address.

See Also A record

Address Resolution Protocol (ARP)

The Transmission Control Protocol/Internet Protocol (TCP/IP) network layer protocol responsible for resolving Internet Protocol (IP) addresses into Media Access Control (MAC) addresses.

Overview

When a TCP/IP-aware application tries to access another TCP/IP host using its IP address, the destination host's IP address must first be resolved into a MAC address so that the frame can be addressed and placed on the wire and then be recognized by the destination host's network interface card (NIC). This is because NICs operate at the physical layer (Layer 1) and data-link layer (Layer 2) of the Open Systems Interconnection (OSI) reference model and must use physical addresses (such as MAC addresses) instead of logical addresses (such as IP addresses) for network communication.

Address Resolution Protocol (ARP). How ARP works.

Address Resolution Protocol (ARP) broadcasts an ARP request packet that effectively says, "Who has the following IP address?" This broadcast requests the MAC address of the destination host. The destination host then responds with an ARP reply packet containing its own MAC address. The requesting host next temporarily stores the IP-to-MAC-address mapping in its local ARP cache in case this is required again within a short time.

Notes

If the destination host is on a remote network, ARP obtains the MAC address of the local router interface that connects the local network to the remote network.

ARP is defined in RFC 826.

See Also Arp command

ADMD

Stands for Administrative Management Domain; in X.400 messaging, a message-handling system (MHS) that is managed by a registered private agency.

See Also Administrative Management Domain (ADMD)

ADMIN$

A special administrative share created during installation on computers running Microsoft Windows 2000, Windows XP, and Windows .NET Server and used for remote administration of the computer.

Overview

The Administrators group is assigned full control permissions on the ADMIN$ share on a Windows 2000, Windows XP, or Windows .NET Server system. This allows administrators to access the share and remotely administer the system without needing to know where the system files are stored. Only the Administrators group has access to the ADMIN$ share.

This share's path is always the path to the %SystemRoot% directory (usually C:\Winnt).

See Also administrative share

administrative alert

A pop-up dialog box in Microsoft Windows 2000, Windows XP, and Windows .NET Server that notifies users of problems or issues.

Overview

Administrative alerts are generated by the Alerter service in Windows 2000, Windows XP, and Windows .NET Server. These alerts can be directed towards specified users and computers.

Administrative alerts are typically displayed when problems with security, access, sessions, directory replication, or printing occur or when a server is shut down by an uninterruptible power supply (UPS) device.

See Also service

Administrative Management Domain (ADMD)

In X.400 messaging, a message-handling system (MHS) that ismanaged by a registered private agency.

Overview

Administrative Management Domains (ADMDs) are usually large public telecommunications carriers such as MCI/WorldCom and AT&T. This is in contrast to a Private Management Domain (PRMD), which represents a message-handling system managed by a private corporation. In the X.400 world, PRMDs cannot communicate directly with each other; instead, they must communicate through ADMDs. All the ADMDs in the world therefore form a kind of messaging backbone for global X.400 communication.

Notes

The ADMD is the second field in a typical X.400 originator/recipient (O/R) address and is located right after the country field.

See Also X.400

administrative share

A share created during setup by Microsoft Windows 2000, Windows XP, and Windows .NET Server for system purposes and remote administration.

Overview

Administrative shares end in the "$" character, which makes them hidden shares. You cannot modify the permissions on these shares and you cannot remove the shares.

Some examples of administrative shares include

• C$, D$, and so on: The shares used by administrators to connect to the root of each volume on a network server and perform remote administration such as creating and deleting files and folders

• ADMIN$: The share name for the %SystemRoot% folder, used by the system during remote administration

• IPC$: A share used by interprocess communication (IPC) resources for sharing the named pipe interface, which allows applications running on different computers to communicate over the network

• PRINT$: A share used to support shared printers

• REPL$: A share used by the Directory Replicator Service that allows directory trees to be exported

• NETLOGON: A share used by the NetLogon service that enables the processing of domain requests

See Also hidden share

administrative tools (Windows 2000, Windows XP, and Windows .NET Server)

A program group in Microsoft Windows 2000, Windows XP, and Windows .NET Server containing tools for administering a network based on these versions of Windows.

Overview

Most Windows 2000 administration tools are primarily implemented as preconfigured snap-ins for the Microsoft Management Console (MMC). Such tools are commonly referred to as consoles. Each administrative tool corresponds to an MMC console with a particular snap-in installed.

The set of available tools for a particular machine running Windows 2000, Windows XP, or Windows .NET Server depends on how that machine was installed and configured. Commonly installed tools for Windows 2000 Server, Windows XP, and Windows .NET Server, which can be used for both local and remote administration, include

• Component Services

• Computer Management

• Configure Your Server

• Data Sources (ODBC)

• Distributed File System

• Event Viewer

• Internet Services Manager

• Licensing

• Local Security Policy

• Performance

• Routing and Remote Access

• Server Extensions Administrator

• Services

• Telnet Server Administration

Notes

As an administrator, you can create your own administrative tools by opening a blank MMC console and installing the various snap-ins you need. When you save this tool, it will automatically be saved in the Administrative Tools program group.

See Also Windows 2000

administrative tools (Windows NT)

A program group in Microsoft Windows NT containing tools for administering a Windows NT-based network.

Overview

The basic set of tools for Windows NT Server 4 consists of the following:

• Administrative Wizards

• Backup

• Disk Administrator

• Event Viewer

• License Manager

• Migration Tool for NetWare

• Network Client Administrator

• Performance Monitor

• Routing and Remote Access Admin

• Server Manager

• System Policy Editor

• User Manager for Domains

• Windows NT Diagnostics

You can extend these basic tools by installing additional Windows NT services using the Network utility in Control Panel, which provide the following additional tools:

• DHCP Manager

• DNS Manager

• File Manager

• Network Monitor

• WINS Manager

Notes

You can install a subset of these administrative tools on Windows NT Workstation 4 and a smaller subset on Windows 95 or Windows 98. The files required to install the client-based network administrative tools on Windows NT Workstation 4 and Windows 95 or Windows 98 are available in the \Clients\Srvtools directory on the Windows NT Server 4 compact disc.

See Also Windows NT

administrator

A user who has full rights and permissions to manage any resources on the network.

Overview

The administrator is usually responsible for tasks such as installing, managing, and controlling servers and networking components. Administrators can also modify the properties of user accounts and the membership of groups, create and manage security printers, install printers, share resources, and assign permissions to those resources.

In Microsoft Windows 2000, Windows XP, and Windows .NET Server, the Administrator account is a built-in account whose password is defined during installation. The Administrator account is a member of the Domain Admins group and the Administrators group on the domain controller on which it is defined, and it has full rights and permissions on all user- accessible system resources.

Notes

On a domain controller, the Administrator account is a global user account, while on a stand-alone server or workstation, the Administrator account is a local user account.

You can rename the default Administrator account, but you cannot delete it. If you rename the account, make sure you remember what the new name is!

See Also Administrators group

Administrators group

In Microsoft Windows 2000, Windows XP, and Windows .NET Server, a built-in group whose default membership consists of the Domain Admins group.

Overview

The Administrators group has full rights on all user-accessible processes on a computer running Windows 2000, Windows XP, or Windows .NET Server. For example, on a domain controller, the Administrators group has the right to

• Log on locally

• Access the computer over the network

• Take ownership of files

• Change the system time

• Configure auditing and manage the security log

• Shut down the system

• Back up and restore files and directories

• Force shutdown from a remote system

• Load new device drivers

• Add computers to the domain in Windows NT and Windows 2000

See Also administrator ,built-in group

ADO

Stands for ActiveX Data Objects, a data access interface used to communicate with OLE DB-compliant data sources.

See Also ActiveX Data Objects (ADO)

ADO+

A version of Microsoft ActiveX Data Objects (ADO) for the Microsoft Windows Distributed interNet Applications Architecture (Windows DNA).

Overview

ADO+ is a more scalable, more interoperable, and more strongly typed version of ADO. The programming and object model for ADO+ is radically different from ADO because ADO is designed from the ground up to work with disconnected data sets (ADO included some support for disconnected record sets starting with ADO 2.0). An ADO+ data set is a disconnected in-memory view of a database. Data sets can be created dynamically without any interaction with a database management system (DBMS), so data sets are an evolution of the previous concept of ADO record sets. Data sets can contain any number of tables, and these do not need to correspond to a particular database table or view. ADO+ thus models data, not databases or data providers the way ADO did.

What particularly distinguishes ADO+ is that it utilizes Extensible Markup Language (XML) as its universal format for data transmission. This gives ADO+ its wide interoperability with any platform supporting XML, and receivers no longer need to be COM objects as they were with ADO.

See Also ActiveX Data Objects (ADO) ,Windows Distributed interNet Applications Architecture (Windows DNA)

ADO.NET

The evolution of Microsoft Corporation's Active X Data Objects (ADO) for its new .NET platform.

Overview

ADO.NET provides the classes necessary to ADO to enable access to Extensible Markup Language (XML) documents and relational data stores. Some of the differences between ADO.NET and ADO are the following:

• While ADO uses the RecordSet object, which looks like a single table, ADO.NET uses the DataSet object, which can contain one or more tables represented by DataTable objects.

• While ADO uses Component Object Model (COM) marshalling to transmit a disconnected record set, ADO.NET transmits a DataSet with an XML file (the XML format places no restrictions on data types and requires no type conversion).

• While ADO has trouble transmitting data through firewalls because firewalls are typically configured to prevent system-level requests such as COM marshalling, ADO.NET can easily transmit data through firewalls because ADO.NET DataSet objects use Hypertext Markup Language (HTML)-based XML, which can pass through firewalls.

See Also ActiveX Data Objects (ADO) ,.NET platform

ADPCM

Stands for Adaptive Differential Pulse-Code Modulation, a technique for converting analog sound, such as speech, into binary digital information by frequently sampling the sound and expressing its modulation in binary form.

See Also Adaptive Differential Pulse-Code Modulation (ADPCM)

ADPr

Stands for Active Digital Profile, an Extensible Markup Language (XML) specification for automating the provisioning of IT (information technology) resources.

See Also Active Digital Profile (ADPr)

ADR

Stands for Advanced Data Recording, a tape backup technology developed by Philips.

See Also Advanced Data Recording (ADR)

ADSI

Stands for Active Directory Service Interfaces, a set of object-oriented programming interfaces for providing programmatic access to Active Directory objects.

See Also Active Directory Service Interfaces (ADSI)

ADSL

Stands for Asymmetric Digital Subscriber Line, a form of Digital Subscriber Line (DSL) technology that provides subscribers with high-speed voice and data services over twisted-pair copper phone lines.

See Also

Asymmetric Digital Subscriber Line (ADSL)

ADSL modem

A modem used to terminate an Asymmetric Digital Subscriber Line (ADSL) connection between the customer premises and the ADSL provider.

Overview

ADSL modems are customer premises equipment (CPE) for connecting subscribers to telcos offering ADSL services. ADSL modems are typically used to provide high-speed Internet access for residential and business customers.

ADSL modems operate by dividing the available bandwidth in Plain Old Telephone Service (POTS) telephone lines into separate upstream and downstream channels. This is typically done in one of two ways:

• Frequency division multiplexing (FDM): This technique separates upstream and downstream communications into two separate channels with a band of unused frequency between them to prevent crosstalk and reduce interference. If you need to, you can then further divide each of these two channels using time-division multiplexing (TDM).

• Echo cancellation: This technique employs overlapping upstream and downstream channels and separates them using V.32/V.34 echo cancellation methods used in modems.

Of these two techniques, echo cancellation offers better utilization of bandwidth but is more complex to implement.

To separate the two data channels from the voice channel used for ordinary telephone communications, ADSL modems include a POTS splitter, a type of filter placed at the carrier side of the modem which splits off the first 4 kilohertz (kHz) of bandwidth and routes it to the telephone. This way, if an ADSL provider goes down and data communications cease, regular POTS telephone service still works at the customer premises.

See Also Asymmetric Digital Subscriber Line (ADSL) ,modem

Advanced Configuration and Power Interface (ACPI)

A specification for power management of computer hardware.

Overview

Advanced Configuration and Power Interface (ACPI) is an open industry specification that was designed to enable software designers to integrate power management features through all parts of a computer system, including the hardware, the operating system, and application software. ACPI is the successor to the Advanced Power Management (APM) specification and differs by allowing the operating system to control hardware power consumption instead of the basic input/output system (BIOS).

Microsoft Windows 2000, Windows XP, and Windows .NET Server support Advanced Configuration and Power Interface (ACPI), and it enables Windows to handle all the power-management resources for computer subsystems and peripherals. ACPI works with subsystems and peripherals for a wide range of mobile, desktop, and server platforms. ACPI is also the foundation for the OnNow industry initiative that enables computers to start at the touch of the keyboard.

Notes

Your PC must be fully compatible with ACPI for you to use it, regardless of whether your operating system supports it. To find out if your PC supports ACPI, go into the BIOS, look for an ACPI option, and turn it on.

You can also enable ACPI support for Windows 98 by running Setup using the command-line switch Setup /p j. Running Setup in this mode adds the ACPIOption string value with a value data of 1 to the Windows 98 registry and causes hardware devices to be queried for ACPI support during setup. Note that Windows 98 does not support all ACPI features-Passive Cooling Mode, for example.

For More Information

Find out about ACPI at www.teleport.com/~acpi.

Find out about the Microsoft OnNow initiative at www.microsoft.com/hwdev/onnow.htm.

See Also Advanced Power Management (APM)

Advanced Data Recording (ADR)

A tape backup technology developed by Philips.

Overview

Advanced Data Recording (ADR) is a technology that writes eight tracks of data simultaneously to a single tape. This gives ADR tape drives a very high throughput. Tapes move slowly in ADR tape drives, which makes for minimal tape wear and quieter operation.

ADR tape drives are available from OnStream and popular models include:

• ADR30: Has a capacity of 15 gigabytes (GB) and a transfer rate of 60 megabytes (MB)/min.

• ADR50: Has a capacity of 25 GB and a transfer rate of 120 MB per minute.

For More Information

Visit OnStream at www.onstream.com.

See Also tape format

Advanced Encryption Standard (AES)

The new U.S. government encryption standard adopted to replace the aging Data Encryption Standard (DES) standard, which no longer offers sufficient security.

Overview

Until recently the U.S. government has used DES as the encryption scheme for security sensitive electronic transmissions. However, a 56-bit DES key was successfully cracked in 1997 using idle processing cycles on thousands of machines distributed across the Internet. Advances in computing in the last few years have made DES even more vulnerable as an encryption mechanism, and as a result an initiative was put forward by the U.S. government to develop a scheme that could not be cracked.

The result of this initiative is the Advanced Encryption Standard (AES), which officially replaced DES in the spring of 2001. AES supports key lengths of 128, 192, and 256 bits, which offers a vast improvement in security over 56-bit DES and even 168-bit Triple DES, in which three DES keys are applied in succession. The National Institute of Standards and Technology (NIST) has calculated that it would take about 149 trillion years to crack an AES-coded message using an algorithm that could crack DES in one second (no such algorithm currently exists), so AES is likely to remain secure for some time to come. Using the maximum level of encryption (256-bit), a cracker would have to generate and test 1.1 x 10⁷⁷ unique keys in order to crack an AES message, which is currently beyond conception for brute-force computing power.

Architecture

AES is a block cipher, which means that it encrypts data in fixed-length blocks of 128 bits at a time. AES uses the Rijndael algorithm developed by Vincent Rijmen and Joan Daemen. This algorithm was chosen over four competing algorithms because it is easy to implement and is efficient with regard to calculation, making AES suitable for use even in devices such as cell phones and Personal Digital Assistants (PDAs) that have limited processing power. The Rijndael algorithm executes 10 rounds of encryption when using a key length of 128 bits.

Prospects

Although AES has become the official standard for U.S. government encryption, it will continue to coexist with DES and Triple DES for a number of years as hardware and software vendors update their encryption schemes. However, industry is expected to quickly upgrade to AES because DES is no longer secure and Triple DES is inherently slow. AES will also be licensed for commercial use by industry.

Notes

Web browsers, the ubiquitous interface to Web applications, mostly use RC4 encryption. Although the next generation of Web browsers will likely license AES for use, millions of desktop computers are likely to continue to use older browsers for years.

For More Information

Find out more about AES at the site of the National Institute of Standards and Technology at csrc.nist.gov/encryption/aes.

See Also Data Encryption Standard (DES) ,encryption

Advanced Infrared (AIr)

A wireless networking technology for high-speed, low-cost infrared (IR) networking.

Overview

Advanced Infrared (Air) allows ad hoc multipoint wireless peer-to-peer connections to be formed simultaneously between multiple wireless information appliances such as Personal Digital Assistants (PDAs), cellular phones, laptops, and digital cameras. The devices must be within 26 feet (8 meters) of each other to reliably communicate without interference.

AIr ports can receive signals within a 120-degree cone, which means that the ports need not be precisely aimed at each other to achieve reliable transmission.

AIr currently supports data throughput of up to 4 megabits per second (Mbps) for direct line-of-sight communication, but it can interoperate with the existing slower Infrared Data Association (IrDA) 1.1 standard, and it supports the Very Fast Infrared (VFIR) standard currently under development.

IBM developed AIr and was the first vendor to release products based on this standard. IBM is working with the IrDA to standardize the technology.

See Also Infrared Data Association (IrDA) ,infrared transmission

Advanced Intelligent Tape (AIT)

A tape backup technology developed by Sony Corporation.

Overview

Advanced Intelligent Tape (AIT) is a popular tape backup format that has a native capacity of 25 gigabytes (GB) (uncompressed) per tape and supports transfer speeds of 6 megabits per second (Mbps). AIT supports high data compression rates-typically 2:1 or higher. Access times are low because the tape's spine contains embedded 16-kilobyte (KB) nonvolatile memory chips that store the backup set headers. Thus, when a particular backup set is requested, the tape can spool directly to the required spot without having to search through the data. This results in longer life for the tape. Another feature of AIT is that the heads are self-cleaning and only occasionally require maintenance, which also extends media life.

Sony's AIT tape drives are typically cheaper than Quantum's digital linear tape (DLT) drives, and they have gained a solid foothold in large companies. AIT tape libraries are also available from various vendors for terabyte storage needs.

AIT 2 is a second-generation AIT standard and supports up to 50 GB (uncompressed) per tape, but this can often translate into up to 125 GB compressed. AIT 2 transfer speeds are typically 7 megabytes per second (MBps) or higher. AIT 3 is emerging as the next generation of AIT standards, and it should be competitive with the 100 GB native capacity and 13 MBps transfer rates of the competing Linear Tape Open (LTO) tape backup technology.

See Also tape format

Advanced Mobile Phone Service (AMPS)

The original first-generation (1G) analog cellular phone service. Still used in some parts of North and South America.

Overview

Bell Laboratories invented the technology for Advanced Mobile Phone Service (AMPS) in the 1970s, and AT&T introduced it as a commercial service in 1983. AMPS represents the first generation of cellular phone technology widely deployed throughout the United States and was the first fully standardized automatic mobile telephone service in the world. In addition to the United States, AMPS was also deployed in South America, Australia, and China.

AMPS uses frequencies in the 800 megahertz (MHz) band (from 824.04 to 893.7 MHz) of the radio spectrum. AMPS uses Frequency Division Multiple Access (FDMA) to create individual communications channels. FDMA is used to modulate a 3 kilohertz (kHz) voice channel onto a 30 kHz carrier signal using frequency modulation (FM). This creates a series of 30 kHz wide channels for one-way transmission (by contrast, an FM radio station uses a 150 kHz bandwidth channel). Separate channels are used for base station to mobile transmission (forward channels) and mobile station to base transmission (backward channels). In fact, forward channels fall within the range 869.04 to 893.97 MHz and backward channels are found from 824.04 to 848.97 MHz. The 45 MHz between these two bands helps separate forward and reverse transmission and reduces interference and crosstalk.

AMPS can assign only a single subscriber at a time to each channel, so the resulting allocation of bandwidth results in a maximum of 832 simultaneous phone conversations per operator. Because the population of most cities would suggest that 800 simultaneous phone conversations is far from enough, the idea was developed to partition the coverage of cities into a number of small areas called "cells" (this explains the origin of the terms "cellular communications" and "cell phone"). Each base station uses a limited-power transmitter with a directional antenna to provide coverage for a small geographical cell. A typical cell ranges from 1640 feet (500 meters) to 12.5 miles (20 kilometers) in size, depending on whether the coverage is in a densely populated urban area or a sparsely populated rural one.

Because cell phones have limited transmission power, communication is limited to the base station servicing the immediate cell the user is currently in. As a user moves from one cell to another, the signal strength gradually decreases until a threshold limit is reached. Once this threshold is reached, the base station informs the Mobile Telephone Switching Office (MTSO) that the subscriber is leaving the service area of that base station. The MTSO hands off the call to the base station that the subscriber is starting to enter (adjacent cells overlap), which smoothly picks up the call so service is not interrupted. Adjacent cells employ different frequencies to help prevent interference from occurring between them.

Handheld AMPS cellular phones have power levels generally under 0.6 watts with a range of about 5 miles (8 kilometers) from the base station, but power levels in vehicle-mounted phones reach up to 3 watts with a range of 15 miles (24 kilometers). Base stations themselves generally have power levels up to about 1 kilowatt.

Prospects

Because of the need for data transmission and security (encryption), digital cellular phone services such as Time Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA) systems are steadily increasing in popularity as AMPS continues to decline. Nevertheless, market statistics indicate that as recently as 1999 AMPS remained the cellular communications service with the greatest area of coverage across North America. However, the success of AMPS has been its downfall-the limited number of channels per cell means that when too many people subscribe to the service, blocking (the inability to make a call because no channel is available) becomes a problem. Another problem is that when a subscriber roams into a cell where no channels are available, the subscriber's call is dropped (suddenly disconnected without warning).

Notes

Other 1G analog cellular phone systems included Total Access Communication System (TACS) and Extended TACS (E-TACS) used in the United Kingdom and Nordic Mobile Telephone (NMT) used in the Scandinavian countries. AMPS, however, was by far the most popular and widely deployed 1G service.

AMPS can also be used for data transmission, but it is capable of supporting data rates of only about 9.6 kilobits per second (Kbps).

For More Information

Visit the site of the Universal Wireless Communication Consortium at www.uwcc.org for information on all types of cellular communications systems.

See Also cellular communications ,Code Division Multiple Access (CDMA) ,Digital Advanced Mobile Phone Service (D-AMPS) ,Global System for Mobile Communications (GSM) ,Time Division Multiple Access (TDMA)

Advanced Peer-to-Peer Networking (APPN)

A protocol developed by IBM as the second generation of Systems Network Architecture (SNA).

Overview

Advanced Peer-to-Peer Networking (APPN) is an extension of SNA that was developed for several reasons:

• To enable SNA traffic to flow concurrently with other protocols.

• To provide for prioritization of SNA traffic through it is class-of-service (CoS) features.

• To allow users to establish communication sessions without mainframe involvement.

APPN provides a mechanism for peer-to-peer networking and session establishment between any two logical units (LUs) on an SNA network. APPN provides greater distributed network control than legacy SNA by isolating the effects of single-point failures. It supports the dynamic exchange of information about network topology to facilitate connection, reconfiguration, and route selection. APPN also supports the dynamic definition and automated registration of network resources.

Prospects

APPN was a promising technology that for various reasons ended up failing to make much of an impact on mainframe computing environments. APPN equipment was costly and difficult to manage, and IBM's marketing scheme of requiring third-party developers of APPN hardware and software to contribute royalties from earnings to IBM led to a famous clash between IBM and Cisco Systems in 1994 over this issue. APPN is today considered a legacy technology that is being phased out.

See Also Systems Network Architecture (SNA)

Advanced Power Management (APM)

A legacy specification for power management of computer hardware.

Overview

Advanced Power Management (APM) was the precursor to Advanced Configuration and Power Management (ACPI) and was implemented in versions of Microsoft Windows prior to Windows 2000. APM used the basic input/output system (BIOS) to manage all computer hardware and peripherals. This had several disadvantages that motivated the development of ACPI, namely

• Different hardware platforms from different vendors often used different BIOS chips, which meant that in a large enterprise power management capabilities varied from machine to machine, making troubleshooting more difficult.

• Suspend mode is supported poorly because the BIOS cannot know whether the user or the system initiated the suspend.

• Universal serial bus (USB) and Institute of Electrical and Electronics Engineers (IEEE) 1394 peripherals were not supported by APM.

ACPI addresses these concerns by enabling the operating system to control power to devices, not the BIOS.

Notes

If your machine's BIOS uses APM 1 or 1.1, try to flash upgrade the BIOS to support APM 1.2 if possible to resolve certain issues relating to system instabilities when in standby mode.

Microsoft Windows 2000, Windows XP, and Windows .NET Server support both APM and ACPI, with ACPI being the preferred option. The tool Ampstat.exe in the Support/Tools folder on the Windows 2000 CD can be used to troubleshoot issues relating to APM.

See Also Advanced Configuration and Power Interface (ACPI)

Advanced Program-to-Program Communications (APPC) protocol

A set of protocols developed by IBM that enables transactional programs to communicate with each other.

Overview

The Advanced Program-to-Program Communications (APPC) protocol was originally designed for Systems Network Architecture (SNA) networks and has been implemented in Multiple Virtual Storage (MVS), Operating System/2 (OS/2), Advanced Interactive Executive (AIX), and OS/400. APPC is also supported over Transmission Control Protocol/Internet Protocol (TCP/IP) using IBM's Anynet architecture. APPC was first introduced into the AS/400 series as its native communications platform and was called LU 6.2.

Applications that use APPC to communicate are called transaction programs (TPs) and utilize a package of APPC routines called Common Programming Interface-Communications (CPIC). APPC services are available for applications written in C++, REXX, COBOL, and other languages.

APPC is not a widely deployed platform and is most often employed for its file transfer services.

Notes

Microsoft Host Integration Server provides services necessary for APPC connectivity with AS/400 systems and mainframe hosts.

See Also Systems Network Architecture (SNA)

Advanced Streaming Format (ASF)

A method of streaming data supported by Windows Media Player.

Overview

Advanced Streaming Format (ASF) supports video, audio, images, Uniform Resource Locators (URLs), and scripts. ASF streams can combine different types of data, allowing you to stream presentations involving slides and audio narration. Using the Windows Media Encoder, you can generate live ASF streams that contain audio and video.

You can also use tools provided with Windows Media Encoder to create and store ASF files that you can later stream.

Windows Media Services can deliver ASF streams using either multicasting or unicasting.

Notes

When multicasting an ASF stream, configure Windows Media Services to provide a supplemental unicast source for the stream for any clients that cannot receive multicasts.

Advanced Technology Demonstration Network (ATDnet)

A high-speed test bed network that is part of SuperNet, the cross-country network funded by the Next Generation Internet (NGI) program.

Overview

Advanced Technology Demonstration Network (ATDnet) is deployed in the Washington D.C. area and was developed as a prototype for the next generation of Metropolitan Area Networks (MANs). It is funded by the Defense Advanced Research Projects Agency (DARPA) and serves as an experimental test bed platform for research and development. ATDnet network transport consists of Synchronous Optical Network (SONET) and Asynchronous Transfer Mode (ATM) running over fiber and currently uses a double ring topology that supports 20 gigabits per second (Gbps).

For More Information

You can visit ATDnet at www.atd.net

AES

Stands for Advanced Encryption Standard, the new U.S. government encryption standard adopted in the spring of 2001 to replace the aging Data Encryption Standard (DES) standard, which no longer offers sufficient security.

See Also Advanced Encryption Standard (AES)

AFTP

Stands for APPC File Transfer Protocol, a protocol that provides file transfer capabilities for the Advanced Program-to-Program Communications (APPC).

See Also APPC File Transfer Protocol (AFTP)

agent

Simple Network Management Protocol (SNMP) client software that runs on a hub, a router, or another networking component.

Overview

Agents collect information about Transmission Control Protocol/Internet Protocol (TCP/IP) statistics and conditions and can supply this information when requested to an SNMP management system. Agents can also alert management systems to errors and other conditions when a trap occurs. SNMP agents are identified by the community to which they belong. By default, SNMP agents listen to TCP port number 161 for SNMP messages and to port number 162 for SNMP traps.

An agent must be installed on each networking component or host that will be managed in an SNMP-managed network. The agent program can then perform operations such as

• Get operations initiated by the SNMP management console for obtaining information about a specific managed object in the host Management Information Base (MIB)

• Get-next operations initiated by the management console to continue traversing the MIB database from the point at which it was accessed by a get operation

• Set operations initiated by the management console to set a value for a managed object (if permissions allow this)

• Trap operations initiated by the managed host itself when an error condition occurs, such as when the computer's disk becomes full

Notes

Windows 98 also includes an SNMP agent conforming to SNMP 1 specifications that lets you monitor remote connections to machines running Windows 98 from an SNMP management console. This agent is implemented as a Win32 service using Windows Sockets over TCP/IP. You can install the Microsoft SNMP agent on Windows 98 using the Network utility in Control Panel.

See Also Simple Network Management Protocol (SNMP)

AGLP

A mnemonic for managing an enterprise-level Microsoft Windows NT network.

Overview

AGLP means that user A ccounts are organized by placing them in G lobal groups, which are then placed into L ocal groups that have appropriate P ermissions and rights assigned to them.

In practice, the steps for administering a Windows NT enterprise-level network are the following:

1. Create global user accounts for users in the account domains or master domains.

2. Create global groups in these domains to organize users according to function, location, or some other criteria (or use the Windows NT built-in groups if these suffice).

3. Assign global users to their respective global groups.

4. Determine who needs access to network resources in the resource domains.

5. Create local groups on domain controllers and member servers within the resource domains (or use the Windows NT built-in groups if these suffice).

6. Assign rights and permissions to each local group as desired to provide access to network resources.

7. Place global groups into local groups as desired to provide users with permissions to access resources.

   

   AGLP. Using AGLP to administering a Windows NT-based network.

Notes

On Windows 2000- and Windows .NET Server-based networks, the mnemonic is AGDLP because local (L) groups are referred to as domain local (DL) groups. However, because Windows 2000 and Windows .NET Server include an additional type of group (universal groups) and have a more flexible architecture for deployment, these mnemonics do not have as much significance for these versions of Windows as they did for Windows NT.

See Also account ,group ,permissions

AH

Stands for Authentication Header, a protocol in the IPSec suite of protocols that handles authentication of Internet Protocol (IP) traffic.

See Also Authentication Header (AH)

AIM

Stands for AOL Instant Messenger, a popular instant messaging service from America Online (AOL).

See Also AOL Instant Messenger (AIM)

AIr

Stands for Advanced Infrared, a wireless networking technology for high-speed, low-cost infrared (IR) networking.

See Also Advanced Infrared (AIr)

Air Interface

Generally, the lower levels of the protocol stack in a wireless communications system.

Overview

Different wireless communications systems use different types of air interfaces, but these all generally map well with the Open Systems Interconnection (OSI) model for networking. For example, Personal Communications Service (PCS) cellular service uses a three-level air interface:

• Physical Layer: This bottom layer of the interface is responsible for encoding and framing data, interleaving and slotting it into available time slots, and mapping these slots onto a channel for transmission as a burst.

• Data-link Layer: This middle layer is responsible for packaging the data, transporting the message to its destination, and performing error correction.

• Message Layer: This top layer handles messages transmitted over the air and formats the messages as data elements that are then packaged and transported by the lower levels.

In addition to these three levels, typical wireless messaging systems include higher levels for control purposes, metering, and providing additional services.

See Also cellular communications ,wireless networking

AIT

Stands for Advanced Intelligent Tape, a tape backup technology developed by Sony Corporation.

See Also Advanced Intelligent Tape (AIT)

AIX

A version of the UNIX operating system developed by IBM.

Overview

AIX runs on IBM RS/6000 and systems based on IBM PowerPC processors (a version for Intel Corporation's 64-bit IA-64 processor is also planned). AIX, which stands for Advanced Interactive Executive, was originally based on release 2 of the Unix System V operating system and is compliant with the Unix98 standard. The current release AIX 4.3 is a solid platform for e-business and supports IBM's VisualAge, Java, and C++ developer tools.

Project Monterey is an initiative from IBM for the development of the next version of AIX called AIX 5L. Combining the time-tested reliability of AIX with UnixWare, DYNIX/ptx, and Linux support, AIX 5L promises to make AIX a major contender for high-end 64-bit computing using Intel's 64-bit IA-64 platform.

For More Information

Find out more about AIX at http://www-1.ibm.com/servers/aix.

See Also UNIX

Alerter service

A Microsoft Windows 2000, Windows XP, and Windows .NET Server service responsible for sending administrative alerts to users and computers.

Overview

The Alerter service generates an alert when potentially dangerous conditions occur, such as when disk space is running out. You can configure which users or computers receive these alerts by using Server Manager (or by using the Server utility in Control Panel). Pop-up alert messages appear if the administrator is logged on or is at the appropriate computer when the alert occurs. The administrator can then consult the system log for information about what caused the alert.

Notes

The Server service must be running for the Alerter service to function. The Messenger service should also be running on both the sending and receiving computers. Also, restart the Server service and Alerter service on the computer after modifying the list of users and computers to whom alert conditions on that computer should be sent.

See Also service

alias

A form of nickname that identifies a user for e-mail purposes.

Overview

An alias is usually a shortened form of the user's full name, such as the alias JSmith or JeffS for user Jeff Smith.

Aliases are a convenient way of identifying users and form the user-specific portion of an e-mail address. For example, if Jeff Smith belongs to a company whose Domain Name System (DNS) domain on the Internet is northwind.microsoft.com, his e-mail address would be either JSmith@northwind.microsoft.com or, instead, JeffS@northwind.microsoft.com, depending on which alias is selected.

Notes

What if both a Jeff Smith and a Jeff Smythe work at the same company? If JeffS is the alias for the first user, you could use JeffS2 for the second. It all depends on your choice of naming convention.

See Also e-mail

Always On/Dynamic ISDN (AO/DI)

A modified form of Integrated Services Digital Network (ISDN) that supports transmission of data over the ISDN control channel (D channel).

Overview

The ISDN D-channel is always active and is normally used to carry the control information for setting up, managing, and tearing down ISDN B channel connections. Always On/Dynamic ISDN (AO/DI) takes advantages of this by reserving a portion of the D channel's bandwidth for transmitting X.25 packets. This is done by encapsulating X.25 packets within Point-to-Point Protocol (PPP) and allows an X.25 Packet Assembler/Disassembler (PAD) at the subscriber's premises to transmit and receive information through ISDN to the carrier's X.25 network.

The ISDN D channel has a total bandwidth of 16 kilobits per second (Kbps). This is more than enough for carrying ISDN control signals, so in AO/DI 9.6 kbps of this bandwidth is used for X.25 signaling. When an X.25 packet is sent from the customer premises over an ISDN D channel to the telco's central office (CO), a packet handler positioned in front of the carrier's ISDN switch strips off the X.25 packet and relays it to the carrier's X.25 network.

Uses

Although 9.6 Kbps seems like a small amount of useful bandwidth, one use for AO/DI is to provide always-on Internet access to subscribers who can utilize this small bandwidth for practical purposes, such as periodically polling fire alarm sensors over the Internet from a central monitoring station or remotely monitoring electricity and gas meters. From the telco's point of view, the main advantage of AO/DI is to reduce the usage of ISDN B channels, freeing up more circuits and saving costs.

Despite its promised usefulness, real-world deployments of AO/DI are few, primarily due to the communications industry's current focus on developing high- speed broadband access solutions for home and business.

See Also Integrated Services Digital Network (ISDN)

Alpha platform

A computer hardware platform whose processor is based on the Alpha Reduced Instruction Set Computing (RISC) microprocessor architecture originally developed by Digital Equipment Corporation (DEC).

Overview

Alpha-based systems, which are used primarily for high-performance servers and workstations, can run operating systems such as Microsoft Windows NT, Digital UNIX, and OpenVMS. For example, the Alpha 21164 processor was specifically designed for running Windows NT desktop applications and includes a new set of motion video instructions (MVI) for high-performance multimedia applications. The superscalar design of this processor integrates a 16-kilobyte (KB) instruction cache, an 8-KB data cache, and a 96-KB second- level cache and can issue four instructions for each clock cycle. It uses 0.35-micron complementary metal- oxide semiconductor (CMOS)-integrated circuit technology and a fully pipelined 64-bit RISC architecture to provide the highest performance for Windows NT systems. The processor is housed in a 499-pin ceramic package and generates 28 watts of heat and is designed to work with the AlphaPC 164LX motherboard. The latest Alpha chips run at speeds of 833 megahertz (MHz) and higher.

Notes

Windows 2000 does not support the Alpha platform.

For More Information

Visit the Alpha Server home at www.compaq.com/alphaserver.

See Also x86 platform

American National Standards Institute (ANSI)

A U.S. standards organization that facilitates and governs the development of standards in many areas, including computing and communication.

Overview

The American National Standards Institute (ANSI) was founded as a private sector voluntary standards association in 1918. It is a nonprofit private association with almost 1,400 member organizations.

ANSI does not create standards itself but oversees groups and organizations in the development of standards. ANSI is a member organization of the International Organization for Standardization (ISO) and provides the charter for the Institute of Electrical and Electronics Engineers (IEEE).

Standards that are approved by ANSI are called ANSI Standards. Examples include the ANSI C/C++ programming language standards, ANSI-89 SQL standards, and ANSI character set. ANSI has approved more than 13,000 standards to date.

Notes

ANSI is also used to refer to the ANSI character set.

For More Information

Visit the American National Standards Institute at www.ansi.org

American Registry for Internet Numbers (ARIN)

A nonprofit organization that administers the registration and allocation of numbers relating to the operation of the Internet in North and South America.

Overview

The American Registry for Internet Numbers (ARIN) was formed in 1997 through the joint efforts of the Internet Assigned Numbers Authority (IANA), the Internet Engineering Task Force (IETF), the National Science Foundation (NFS), and other organizations. ARIN exists primarily to provide a number of critical functions related to the operation of the Internet:

• It oversees the registration and administration of Internet Protocol (IP) addresses. This is probably ARIN's most important function, which it took over from IANA when it was formed in 1997. ARIN works diligently to conserve the pool of available IP addresses and determines the size and scope of blocks of IP addresses granted in response to requests. The careful maintenance of the IP address system is critical to the Internet's health, and ARIN works hard to ensure that the routing tables maintained on the core routers of the Internet remain manageable in size. Internet service providers (ISPs) can contact ARIN to purchase blocks of IP addresses that they can then assign to their customers-ARIN does not supply individual IP addresses directly to individuals (the smallest block available from ARIN is 4096 hosts in scope).

• It is responsible for registration and management of autonomous system numbers (ASNs) to public and enterprise networks.

• It maintains a central routing registry to which network operators can submit and obtain information relating to routing across the Internet.

• It maintains the IN-ADDR-ARPA and IP6.INT inverse mappings for Domain Name System (DNS).

ARIN is actually only one of three Regional Internet Registries (RIRs) that handle the above functions for different parts of the global Internet. ARIN's areas of responsibility are the regions of North and South America, the Caribbean, and sub-Saharan Africa. The other two RIRs are

• Reseaux IP Europeans (RIPE): Responsible for Europe, the Middle East, and other parts of Africa.

• Asia Pacific Network Information Center (APNIC): Responsible for the Asia/Pacific region.

Notes

ARIN does not handle the registration of domain names but instead manages the underlying IP addresses for which domain names are friendly handles. There are also two delegated name registries within ARIN: the Brazilian Registry (RNP) and the Mexican Registry (NIC-Mexico).

For More Information

You can find ARIN at www.arin.net

See Also autonomous system number (ASN) ,Internet ,IP address

AMP

Stands for asymmetric multiprocessing, a processing architecture in which processes are specifically assigned to different processors.

See Also asymmetric multiprocessing (AMP)

AMPS

Stands for Advanced Mobile Phone Service, the original first-generation (1G) analog cellular phone service. Still used in some parts of North and South America.

See Also Advanced Mobile Phone Service (AMPS)

analog

Transmission of electrical signals that vary smoothly with time.

See Also analog transmission

analog modem

A type of modem used for asynchronous transmission of information over Plain Old Telephone Service (POTS) telephone lines.

Overview

The word modem stands for modulator/demodulator, which refers to the fact that modems convert digital transmission signals to analog signals and vice versa. An analog modem performs this modulation, but a digital modem does not perform modulation and simply transports digital signals as they are. In effect the phrase "digital modem" is a misnomer because no modulation occurs, and "analog modem" can simply be termed "modem" instead.

To transmit computer data over a telephone channel, a modem modulates the incoming digital signal received from the computer into an analog signal whose frequency lies within the carrying range of analog phone lines (between 300 hertz [Hz] and 3.3 kilohertz [kHz]). To accomplish this, modulation of the digital signal from the computer with an analog carrier signal is performed. The resulting modulated signal is then transmitted into the local loop and carried over the Public Switched Telephone Network (PSTN) until it arrives at its destination station, where a similar modem demodulates the modulated analog signal into a stream of digital data that the remote computer can understand.

However, this basic modulation/demodulation process over POTS lines can transmit data only at speeds of about 1,200 bits per second (bps). To achieve the much higher speeds of today's modems, advanced technologies must be applied, including echo canceling, training, data compression, and special modulation algorithms such as quadrature amplitude modulation (QAM). Using these technologies, modem speeds of 56 kilobits per second (Kbps) are now common.

Bell Laboratories in the 1960s and 1970s originally formulated modem standards, but after the breakup of Bell Telephone, the task of developing modem standards was taken over by the International Telegraph and Telephone Consultative Committee (CCITT), which is now called the International Telecommunication Union (ITU). According to ITU specifications, modem standards are classified by a series of specifications known as the V series.

See Also modem ,modulation ,V-series

analog-to-digital converter (ADC)

Any device used for changing analog signals into digital transmission.

Overview

An example of analog-to-digital conversion is recording someone singing onto a CD. The pressure waves in the air produced by the vibration of the person's vocal cords are analog in form and continually vary in strength within a certain range of values. The recording equipment samples this continually varying information at discrete time intervals and converts it to digital form.

Analog-to-digital converters (ADCs) are used in industry to convert environmental variables (temperature, pressure, density, speed, and so on) that vary continuously over time to digital information, which can then be analyzed using computer programs. ADCs are used in analog modems to convert digital signals into audio and vice versa.

See Also analog ,digital

analog transmission

Transmission of electrical signals that vary smoothly with time.

Overview

An analog signal can take on any value in a specified range of values as shown in the diagram. A simple example is alternating current (AC), which continually varies between about +110 volts and -110 volts in a sine wave fashion 60 times per second. A more complex example of an analog signal is the time-varying electrical voltage generated when a person speaks into a dynamic microphone or telephone. Analog signals such as telephone speech contain a wealth of detail but are not readily accessible to computers unless they are converted to digital form using a device such as an analog-to-digital converter (ADC). Old-fashioned vinyl records store sound information in the form of a continuously varying analog groove, but modern musical CDs store their information in digital form. Some people claim they can tell the difference between an analog and a digital recording and generally agree that the analog recording sounds "warmer."

Analog transmission. Example of an analog transmission.

Analog signals are usually specified as a continuously varying voltage over time and can be displayed on a device known as an oscilloscope. The maximum voltage displacement of a periodic (repeating) analog signal is called its amplitude, and the shortest distance between crests of a periodic analog wave is called its wavelength.

See Also digital transmission

anchor

In Hypertext Markup Language (HTML), a source or target of a hypertext link.

Overview

Anchors are the key feature of HTML that enables hypertext (linked documents) to be constructed. Without anchor tags, Web pages could not be linked together.

An anchor can be either text or a graphic and is specified using the tag formation <A></A>. There are two types of anchor tag. The first type creates a hypertext link that refers to a document. For example, the following HTML element will display the word "contents" as a hyperlink. If the user clicks on the link, the browser will load the contents.htm page specified in this tag:

<A HREF="http://www.northwind.microsoft.com /contents.htm">Contents</A>

The second type of anchor tag marks a portion of text as a destination for a hyperlink. You can place the following element at the end of the contents.htm page:

<A NAME="bottom">This is the end of the page</A>

To load the contents.htm page and jump directly to the bottom of the page, the user needs to click a hyperlink such as this one:

<A HREF="http://www.northwind.microsoft.com /contents.htm#bottom">Contents</A>

See Also Hypertext Markup Language (HTML)

announcement

A feature that enables Windows Media Player to receive streaming multimedia information.

Overview

An announcement's function depends on whether the transmission method is multicasting or unicasting. If the transmission method is multicasting, announcements enable Windows Media Player to retrieve the channel file containing channel information. If the transmission method is unicasting, announcements supply the client with information on how to connect to the Windows Media Server.

Announcements, which are used only with Advanced Streaming Format (ASF) transmissions, are text files that have the extension .asx. Once created, an announcement can be distributed to clients by several means: over the Web, through e-mail, or on a network share.

Announcement Manager

A service in Microsoft Windows 98 that automatically runs in the background when you have WebTV for Windows installed on your computer.

Overview

Announcement Manager receives broadcast announcements from TV networks or Web sites that notify your computer about the time and address of the broadcast and which software applications must be running to receive the broadcast. When Announcement Manager receives an announcement, it directs it to the broadcast filters you have configured for your WebTV service. The broadcast filters then determine whether to ignore the broadcast or schedule its reception.

Announcement Manager is part of the Microsoft Broadcast Architecture, a specification for receiving Web information broadcast to your computer through a TV tuner interface.

See Also Windows 98

anonymous access

An authentication scheme in which the user's identity is not verified.

Overview

Anonymous access is one of several authentication protocols supported by Microsoft Internet Information Services (IIS) and is strictly speaking not an authentication scheme at all because the users' credentials are not requested and, if supplied, are ignored. Anonymous access is typically used to allow anonymous users (that is, everyone) to gain access to public content hosted on a Web server. Anonymous access is typically used on low-security public Web sites where the identity of the person visiting the site is not important. By enabling anonymous access to the site, distrusted users from the Internet can access content on the site.

Anonymous access on IIS works by making use of a default anonymous user account called IUSR_machinename. This account is a local user account that iscreated during Setup and is used exclusively to authenticate anonymous users and grant them access to resources on the machine. The IUSR_machinename account requires the Log On Locally system right in order to grant anonymous access to machine resources.

See Also authentication protocol

anonymous user

Any user who attempts to access network resources without providing a username or password.

Overview

Some applications such as Microsoft Internet Information Services (IIS) can be configured to allow anonymous users to access their resources. This allows distrusted users from unsecure networks such as the Internet to access data that ismade available for the public at large.

Access to network resources by anonymous users can be controlled by assigning permissions to a special anonymous user account IUSR_ComputerName. Windows 2000, Windows XP, and Windows .NET Server then provide anonymous users access to resources by impersonating the user utilizing the anonymous user account.

See Also anonymous access

ANSI

Stands for American National Standards Institute, a U.S. standards organization that facilitates and governs the development of standards in many areas, including computing and communication.

See Also American National Standards Institute (ANSI)

ANSI C/C++

A standard published by the American National Standards Institute (ANSI) for writing C and C++ code.

Overview

Programs written in ANSI C or ANSI C++ are portable to a large number of computing platforms. Most commercial C/C++ programming tools, such as Microsoft Visual C++, contain extensions to ANSI C/C++ that simplify common programming tasks considerably but restrict the portability of the resulting code to different platforms.

You can use Visual C++ to write strict ANSI C/C++ code by following these guidelines:

• Call Win32 application programming interfaces (APIs) directly in your program instead of using the Microsoft Foundation Classes (MFC) libraries.

• Disable the Microsoft extensions to C++ by running Visual C++ using the /Za command-line option.

• Use the isostream and standard template libraries from the ANSI Standard C++ library and the appropriate #include statements in your code.

See Also American National Standards Institute (ANSI)

ANSI character set

An eight-bit character set developed by used by the American National Standards Institute (ANSI).

Overview

The ANSI character set uses 256 characters (numbered 0 through 255). The American Standard Code for Information Exchange (ASCII) character set is a subset of the ANSI character set with characters numbered 32 through 126, each representing a displayable character.

ANSI uses a single byte to represent a character, in contrast to the Unicode standard supported by Microsoft Windows NT, which uses 2 bytes to represent a character. For example, the ANSI character "A" would be represented in hexadecimal notation by the single byte 41h. ANSI's 256-character limit supports only a few international characters, such as accented French and German vowels, but the Unicode's 65,536-character limit supports virtually every alphabet in the world. For example, the Unicode character "A" would be represented in hexadecimal notation by the 2-byte string {41h, 00h}.

The following table shows which Windows environments support ANSI and Unicode for character encoding.

Notes

Some ANSI character codes cannot be displayed by Microsoft Windows applications and are generally displayed as solid blocks in the application interface.

See Also American National Standards Institute (ANSI) ,ASCII

answer file

A text file that can be used to perform an unattended installation of Microsoft Windows 2000.

Overview

In the answer file you specify in advance the answers to the user prompts that occur during a normal installation. These prompts can include specifications such as what keyboard layout to use, whether the computer should join a domain or belong to a workgroup, what network protocols should be installed, and so on. The answer file is invoked using the /u switch when running the Winnt or Winnt32 setup utility. Answer files can be customized for individual machines by using Uniqueness Database Files (UDFs). The UDFs can be used to specify computer-specific parameters such as the computer name.

A sample answer file Unattend.txt is located in the \I386 folder on the source CD. You can customize this file using Notepad or another text editor to suit your needs.

See Also Windows 2000

antenna

A device used to enhance the transmission and reception of radio signals.

Overview

A full treatment of antenna theory is beyond the scope of this book, and antenna considerations have only become an issue for local area network (LAN) administrators with the recent proliferation of wireless LANs (WLANs), wireless bridges, and wireless cellular data transmission technologies. Just a few issues and developments are considered here.

The first notebook computer to incorporate a built-in factory-installed antenna for wireless networking was the iBook from Apple Computer. The iBook uses the AirPort wireless networking technology, and although the antenna is included, an AirPort add-on card must be purchased to connect the machine to a WLAN. Other vendors such as Dell Computer Corporation have quickly followed Apple's lead in this area. PC board mountable antennae are often flat dielectrically loaded omnidirectional antenna and require no external tuning components.

For a wireless network to be effective, the base station also needs a suitable antenna. The range of antennae available for base stations is large, and the latest ones support multiband operation for the 900-megahertz (MHz) band, 2.4-gigahertz (GHz) Industrial, Scientific, and Medical (ISM) band, and 5-GHz UNI band.

A primary issue regarding antennas for wireless devices is placement. For transmission stations, this means placing antennas as high as possible-on the roof, for example-to ensure the widest possible area of coverage. For end stations, obstacles such as concrete walls and iron girders within buildings can absorb, scatter, and attenuate signals so that practical networking becomes difficult or impossible. To overcome this, more powerful transmissions can be used, but the strength of end-station transmissions are limited for health reasons.

Another issue regards whether unidirectional or omnidirectional antennas are used. For wireless bridges connecting networks in different buildings, unidirectional antennas are used and must be aligned properly with no line-of-sight obstructions. Mobile devices such as laptops, Personal Digital Assistants (PDAs), and cell phones require omnidirectional antennas to function properly, particularly when roaming.

See Also wireless networking

Anycast

A network service for delivering datagrams to any one server belonging to a group of servers on a network.

Overview

Anycast was first proposed in RFC 1546 as a way to direct a network request to the closest (in the network sense of hops) server in a set of mirrored servers for servicing the request. Because fewest hops may not necessarily mean the server that responds best (due to latency, throughput, and host load), other Anycast-related initiatives have arisen in the last few years. These initiatives include Application-Aware Anycast, Global IP-Anycast, Simple Internet Protocol Plus, and others.

AO/DI

Stands for Always On/Dynamic ISDN, a modified form of Integrated Services Digital Network (ISDN) that supports transmission of data over the ISDN control channel (D channel).

See Also Always On/Dynamic ISDN (AO/DI)

AOL Instant Messenger (AIM)

A popular instant messaging service from America Online (AOL).

Overview

AOL Instant Messenger (AIM) is a free instant messaging service that boasts more than 84 million users worldwide. The service allows users to send messages instantly to other users online, receive alerts and bulletins, have online chat conversations, receive news and other information, share files, and perform other useful activities.

The current version of client software is AIM 4.3, which supports additional features including participating in online games and accessing your buddy list from any computer. AIM is available for various platforms including Microsoft Windows and Windows CE, Mac OS, Linux, and PalmOS. AIM operates using AOL's proprietary AIM Protocol, and AIM competes with other popular Instant Messaging (IM) systems including Microsoft Corporation's MSN Messenger.

For More Information

You can download the current version of AIM from www.aol.com/aim.

MSN Messenger can be found at messenger.msn.com

See Also instant messaging (IM)

AP

Stands for access point, a device connected to a local area network (LAN) that enables remote wireless stations to communicate with the LAN.

See Also access point (AP)

Apache

Short for Apache Web server, an open-source Hypertext Transfer Protocol (HTTP) server whose code was developed and is maintained by the Apache Software Foundation.

Overview

Apache started out as a patch for the original National Center for Supercomputing Applications (NCSA) httpd server-hence the new server was "a patchy" server. The NCSA httpd server was stuck at version 1.3 and had some security issues, and so a group of people took the 1.3 code, which was in the public domain, and patched it. The group later rewrote most of the base code from scratch in order to support external modules written in C language.

One of the Apache platform's strengths is its modular design, which consists of a central Apache kernel interacting with various code modules that provide additional functionality. This architecture speeds the development cycle and makes it easy for third-party developers to build custom modules to meet their needs and compile them into the Apache source.

Security is a top priority for administrators who run Web servers, and Apache includes support for a number of advanced security features through various security modules:

• Access control: The default security setting for Apache is "deny all," after which selective access can be provided to specific users through the Access.conf file.

• Authentication: Apache supports basic authentication using a number of password file formats, starting with /bin/htpasswd. Modules are also available for host- based authentication where access is granted based on Internet Protocol (IP) address and anonymous access using a user's e-mail address as a password.

• Encryption: Support for Secure Sockets Layer (SSL) encryption in Apache is provided by freeware packages such as Apache-SSL and mod_ssl, and by commercial packages such as Stronghold from C2Net Software.

• Logging: Apache includes support for comprehensive logging of server events. Logs are kept in two files, access_log and error_log.

Apache is one of the most popular Web servers in use, with an estimated more than 6 million Web sites deployed on it. Some market watchers estimate that about 60 percent of all Web servers are running Apache. Apache is widely deployed wherever UNIX is found, including universities and large enterprise networks, and is available for more than a dozen different operating system platforms, including Microsoft Windows.

Notes

The most common vulnerability of Apache servers is running the core process using root privileges. This makes the server vulnerable to what is called a "root exploit," which can allow a malicious remote user to run Common Gateway Interface (CGI) scripts using root privileges. The way to avoid this is to include the following lines in the Httpd.conf configuration file:

user  nobody

group nobody

For More Information

The Apache Software Foundation can be found at www.apache.org.

A good source for timely new and information on the Apache platform is Apache Week (www.apacheweek.com).

For information on the Apache conference, see www.apachecon.org.

See Also open source ,UNIX ,Web server

Apache Software Foundation

An open-source community guiding the development of the Apache Web server and other open-source tools and programs.

Overview

The Apache Software Foundation, formerly the Apache Group, is a nonprofit organization that provides legal, organizational, and financial backing toward the development of open-source software projects that use Apache Web server software. Some of the projects the foundation is working on include

• Apache Server

• Apache XML Project-Apache

• Jakarta

• Java-Apache

• mod_perl

• PHP

• Apache Tcl

See Also Apache ,Apache XML Project open source

Apache XML Project

An initiative of the Apache Software Foundation to create open-source tools for developing Extensible Markup Language (XML) business solutions.

Overview

The Apache XML Project is an initiative with three goals:

• Developing tools for creating commercial-class XML-based business solutions that are standards- compliant and follow the open source model.

• Provide helpful feedback to the World Wide Web Consortium (W3C) and other bodies involved in the development of XML standards.

• Provide XML resources for other initiatives of the Apache Software Foundation.

Several commercial companies have contributed technology to this initiative, including Sun Microsystems, IBM, and Lotus Software (formerly Lotus Development Corporation, now part of IBM), and other contributes have come from the Open Source community at large.

Some of the subprojects within this initiative include

• Cocoon: XML-based Web publishing using Java.

• FOP: Extensible Stylesheet Language (XSL)- formatting objects using Java.

• Xalan: XSL Transformation (XSLT) stylesheet processing using Java and C++.

• Xang: Dynamic server pages using Java.

• Xerces: XML parsing using Java, C++, and Perl.

For More Information

Visit the site of the Apache Software Foundation (www.apache.org).

See Also Apache Software Foundation ,open source

API

Stands for application programming interface, any collection of programming routines and functions that an application can use to access low-level machine services.

See Also application programming interface (API)

APIPA

Stands for Automatic Private IP Addressing, a feature of Microsoft Windows 2000, Windows XP, and Windows .NET Server that enables machines to be automatically assigned Internet Protocol (IP) addresses without the use of Dynamic Host Configuration Protocol (DHCP).

See Also Automatic Private IP Addressing (APIPA)

APM (Advanced Power Management)

Stands for Advanced Power Management, a legacy specification for power management of computer hardware.

See Also Advanced Power Management (APM)

APM (Application Performance Management)

Stands for Application Performance Management, a set of technologies, business processes, and services for guaranteeing what subscribers experience from service providers.

See Also Application Performance Management (APM)

APNIC

Stands for Asia Pacific Network Information Center, the counterpart of American Registry for Internet Numbers (ARIN) and the agency responsible for administering the registration and allocation of Internet numbers for the Asia/Pacific region.

See Also Asia Pacific Network Information Center (APNIC)

APPC

Stands for Advanced Program-to-Program Communications protocol, a set of protocols developed by IBM that enables transactional programs to communicate with each other.

See Also Advanced Program-to-Program Communications (APPC) protocol

APPC File Transfer Protocol (AFTP)

A protocol that provides file transfer capabilities for the Advanced Program-to-Program Communications (APPC).

Overview

APPC File Transfer Protocol (AFTP) servers are the APPC equivalent of File Transfer Protocol (FTP) servers in the Transmission Control Protocol/Internet Protocol (TCP/IP) world. Microsoft SNA Server can be used to establish AFTP connections to AS/400 or mainframe computers running the APPC applications suite. Users can then utilize standard FTP client software to transfer files between the SNA server and the AS/400 or mainframe host. The optional AFTP service must first be installed on the SNA server. The installation can be configured so that the SNA server performs the function of an FTP-to-AFTP gateway. This will enable standard FTP clients to transfer files to and from the mainframe host.

See Also Advanced Program-to-Program Communications (APPC) protocol

Apple Open Transport

An Apple networking technology for transport-independent networking that ispart of the networking and communication subsystem of the Apple Macintosh operating system.

Overview

Apple Open Transport is designed to make it easy to set up and configure networking on the Macintosh computer and to increase the performance of file, print, and other networking services on a MacOS server. Open Transport provides a consistent interface for configuring network services across supported protocols and a uniform set of application programming interfaces (APIs) for accessing networking and communication services on the Macintosh.

Open Transport enables protocols to be loaded and unloaded on demand, provides a networking naming scheme plus consistent network services over the Transmission Control Protocol/Internet Protocol (TCP/IP) and AppleTalk protocols, and includes support for TCP/IP services such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). Open Transport also provides consistent API access to serial communication on the Macintosh, while third-party support is available for Point-to-Point Protocol (PPP), Network Control Protocol over Internetwork Packet Exchange (NCP/IPX), Server Message Block over Transmission Control Protocol (SMB/TCP), NetBIOS, DECnet, LAT, and X.25.

The Open Transport/AppleTalk protocol stack supports both the dynamic self-addressing of traditional AppleTalk clients and newer manually assigned static addressing. The Open Transport/TCP/IP protocol stack supports DHCP, bootstrap protocol (BOOTP), both local hosts files and DNS, Internet Protocol (IP) multicasting, both Ethernet Version 2 and Institute of Electrical and Electronics Engineers (IEEE) 802.3 framing, TCP wildcard source port assignments, Point-to-Point Protocol (PPP) connectivity, IP multihoming, and almost unlimited simultaneous TCP connections (limited only by installed memory and processor power).

Notes

An Apple Macintosh running Open Transport/TCP/IP can function as a DHCP client to a Microsoft Windows NT server running as a DHCP server, but not as a Windows Internet Naming Service (WINS) client.

See Also AppleTalk

AppleShare

The file sharing protocol for AppleTalk networks.

Overview

AppleShare provides the following functions:

• Enables sharing of volumes, folders, and printers

• Provides auditing information on which resources have been accessed

• Supports password-based control of access to shared resources

Notes

By installing Services for Macintosh on a Microsoft Windows 2000 server, the Windows 2000 server can emulate an AppleShare server so that Macintosh clients can access shared resources on the Windows 2000 server.

See Also AppleTalk

AppleShare IP

An Apple networking technology that supports native Transmission Control Protocol/Internet Protocol (TCP/IP) on the Apple Macintosh platform.

Overview

AppleShare IP provides Web, file, print, and e-mail services for departmental and workgroup- level environments. The latest version, AppleShare IP v6.1, features a single integrated administration console for local server management, remote administration using a standard Web browser, IP address filtering, Sherlock searching support, multihosting, Simple Mail Transfer Protocol (SMTP) and point of presence (POP) protocol support, shared Internet Mail Access Protocol (IMAP) folders, Domain Name System (DNS) services, and full compatibility with MacOS 8.5 and higher.

AppleShare IP client software must be installed on Macintosh client machines to enable them to access AppleShare IP services on a server over the network. AppleShare IP supports both Server Message Block (SMB) and File Transfer Protocol (FTP) protocols in addition to AppleShare file sharing, and is compatible with both Macintosh and Microsoft Windows clients.

See Also AppleTalk

applet

A program written using the Java programming language that can be accessed through a Web page and downloaded to the client machine, where it is run within the Web browser window.

Overview

Java applets can be used to add dynamic functionality to static Web pages provided users view these pages with a Java-enabled Web browser.

When an applet is created, its Java statements are compiled into an intermediate pseudo- machine-code language called a bytecode. The bytecode file is stored as a class file on a Web server such as Microsoft Internet Information Services (IIS), and a Web page can reference the class file using an <APPLET> tag. When a Web browser requests the page and encounters the <APPLET> tag, the bytecode in the class file is executed in a Java virtual machine on the browser.

See Also Java

AppleTalk

The original networking protocol for Apple Macintosh networks.

Overview

AppleTalk is a suite of networking protocols that work together to provide file and print sharing services to Macintosh networks. AppleTalk enables users to share folders and printers for access by other network users. AppleTalk is a legacy technology that has been largely replaced by Apple Open Transport, which supports AppleTalk, Transmission Control Protocol/Internet Protocol (TCP/IP), and other popular network protocols.

Architecture

AppleTalk is a workgroup-level networking technology that supports up to 254 network nodes per physical network. AppleTalk can run on top of the legacy LocalTalk data-link protocol, which was built into the Macintosh RS-449/RS-422 serial interface. In the more recent AppleTalk Phase II, the data-link protocols supported include EtherTalk, TokenTalk, and FDDITalk for connectivity with Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI) networks, respectively.

Addresses of machines on AppleTalk networks are randomly self-assigned when the machine is first attached to the network and then broadcast to ensure they are not already being used. This dynamic addressing feature is based on the AppleTalk Address Resolution Protocol (AARP).

AppleTalk internetworks are logically partitioned into zones whose main function is to make network resources easier for users to access. A zone is a logical representation of AppleTalk network nodes that can span multiple physical networks. The mapping between zones and network numbers is maintained by the Zone Information Protocol (ZIP), which creates Zone Information Tables (ZITs) that are stored on AppleTalk routers.

AppleTalk. The AppleTalk protocol suite.

appliance

A general term referring to any network-capable or Internet-capable computing device that can be deployed with plug-and-play ease.

Overview

The market for appliances ranges from home users to the largest enterprise. At the small end of the scale are Internet access appliances that allow users to connect home networks to the Internet using dial-up, digital subscriber line (DSL), or cable modem technologies. Many of these Internet access appliances include advanced features such as built-in firewalls, Web-based management consoles, built-in hubs, and so on.

At the larger end are appliances built for large companies and for service providers, for example:

• Server appliances: These include Web server appliances running Apache/Linux or IIS/Windows 2000 and file server appliances such as Cobalt's Qube and Compaq NeoServer. Server appliances are typically 1U or 2U rack-mountable devices and can often be set up in minutes or even seconds. These appliance servers fill specific needs for business, and their market is growing rapidly.

• Storage appliances: An example here is Novell's Network Attached Storage (NAS), a rack-mountable appliance that provides up to 1 terabyte of storage, supports all major server platforms, and has integrated Novell Directory Services (NDS) eDirectory and ZENworks management applications.

Application Center

One of Microsoft Corporation's new .NET Enterprise Servers, Microsoft Application Center is used for deploying and managing Web applications and Web services.

Overview

Application Center is a platform for deploying and managing high-availability Web applications and Web services. Application Center 2000 is built on the Microsoft Windows 2000 operating system platform and makes managing of clusters of application servers as easy as managing a single server.

Application Center provides simplified application management by allowing administrators to create logical groupings of application components and configuration information. These groupings can be easily managed, regardless of how they are deployed across the cluster, and changes made to one server in a cluster can be automatically applied to other servers. Migration and upgrading of applications can be automated, which simplifies the development cycle as applications are moved from test bed to production phase. Application Center is thus ideal for simplifying the staging and deployment of complex Web-based e-business applications.

Application Center provides built-in support for software scaling to increase the capacity of applications as the business need arises. This is possible through the underlying reliance on clustering technologies in which a group of servers is managed as a single resource, and Application Center simplifies and accelerates the deployment of clusters over traditional clustered server platforms. Application Center also supports load-balancing technologies such as Network Load Balancing (NLB), Component Load Balancing (CLB), and third-party load balancing solutions. With Application Center, your Web applications have no single point-of-failure and consequently high availability and reliability.

Application Center provides the enterprise with mission-critical availability and allows any server in a cluster to be brought down without affecting the integrity or operation of the applications running on the cluster. Application Center includes tools for monitoring cluster health and supports browser-based remote administration. Automated event response allows corrective action to be taken automatically when a component or server fails, without the need for human intervention.

For More Information

You can find out more about Application Center at www.microsoft.com/applicationcenter.

See Also .NET Enterprise Servers ,Web server

application layer

The top layer (Layer 7) of the Open Systems Interconnection (OSI) reference model for networking.

Overview

The application layer is the layer in which network- aware, user-controlled software is implemented- for example, e-mail, file transfer utilities, and terminal access applications. The application layer represents the window between the user and the network and translates between the user running the application and the presentation layer (Layer 6). In the OSI model the application layer is also responsible for integrating the functionality of different applications together and determining the availability of resources.

Examples of protocols that operate at the application layer include File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), telnet, and similar protocols that can be implemented as utilities the user can interface with.

Notes

Originally the OSI model consisted of two kinds of application layer services with their related protocols:

• Common Application Service Elements (CASE): These enable users to initiate or terminate peer (Layer 7 to Layer 7) connections between different machines on the network, enable reliable transfer of information between them, initiate remote operations, and support recovery from failure and rollback steps.

• Specific Application Service Elements (SASE): These can include file transfer, message handling, terminal access, and other services that make use of the CASE elements and protocols.

These terms have largely been replaced with the term Application Service Elements (ASE) to describe the elements of the application layer. Note also that in most real-world networking, such as Transmission Control Protocol/Internet Protocol (TCP/IP) networking, these application layer services have no meaning.

See Also Open Systems Interconnection (OSI) reference model

application layer proxy

Any service or server that acts as a proxy for client computer requests at the application's protocols.

Overview

Application layer proxies provide security by hiding internal network addresses from the outside world. An example of an application layer proxy is illustrated in Microsoft Proxy Server. Here the Web Proxy Service is an application layer proxy for the Hypertext Transfer Protocol (HTTP), Secure Hypertext Transfer Protocol (S-HTTP), and File Transfer Protocol (FTP). Microsoft Proxy Server can grant users access to selected application layer protocols and can restrict access to remote Web sites by domain name, Internet Protocol (IP) address, and subnet mask.

Application layer proxies provide more support for the additional capabilities of each protocol than circuit layer proxies do. For example, application layer proxies can support virus scanning. Application layer proxies are also client-neutral and require no special software components or operating system on the client computer to enable the client to communicate with servers on the Internet using the proxy server.

See Also proxy server

application level gateway

A type of firewall that provides application-level control over network traffic.

Overview

Application level gateways examine incoming packets at the application level and use proxies to create secure sessions with hosts on the other side of the firewall. For example, when an external user with a Web browser tries to access the company's internal Web server, the application level gateway runs a proxy application that simulates the internal Web server. A session is established between the remote user and the proxy application, while a separate, independent session is established between the proxy application and the internal Web server. The remote user makes a request to the proxy, the proxy acts as a go-between and obtains the information from the internal web server, and then the proxy returns the result to the remote user.

The advantage of using application level gateways over packet-filtering routers is that although in packet filtering a direct network connection still exists between the remote user and the internal network resource, an application level gateway prevents the remote user from directly accessing the internal network resource. This layer of additional security comes at some cost-namely, that application gateways are generally slower and require a separate proxy application for each internal network service you want to make available through the firewall. These proxy applications are sometimes known as translation agents because they enable an application on one side of the firewall to connect with a similar or complementary application on the other side.

Application gateways are typically used to deny access to the resources of private networks to distrusted users over the Internet. Application level gateways can operate across firewalls or routers using Network Address Translation (NAT), but they must be configured to do so on an application-by-application basis.

See Also firewall ,network address translation (NAT)

application log

A Microsoft Windows 2000, Windows XP, and Windows .NET Server log that records events generated by applications running on the system.

Application log. Displaying the application log in the Event Viewer console.

Overview

You can view and manage the application log using Event Viewer, and it can contain three types of events:

• Error event: Indicated by a red stop sign and signals a serious condition, such as a failed service

• Warning event: Indicated by a yellow warning sign and signals a potentially serious condition, such as low disk space

• Information event: Indicated by a blue information sign and signals a noteworthy event, such as a service successfully starting up

Microsoft BackOffice applications typically log events to the application log. Administrators should review the application log regularly to ensure that applications are running properly. The screen capture shows the application log as viewed by the Event Viewer management console for Windows 2000.

See Also

security log, system log

Application Performance Management (APM)

A set of technologies, business processes, and services for guaranteeing what subscribers experience from service providers.

Overview

Application Performance Management (APM) carries Service Level Agreements (SLAs) to the next level, providing a model for guaranteeing the end-user experience for customers of application service providers (ASPs). To accomplish this, APM integrates a number of business models and services:

• Traditional help desk services for problem resolution.

• Monitoring of SLAs.

• Network and system management tools working at the application level.

• Professional services to handle serious IT (information technology)-related crises.

• Services for processing management data.

• Support and training services.

A service provider that specializes in APM is sometimes referred to as a management service provider (MSP).

See Also application service provider (ASP)

application programming interface (API)

Any collection of programming routines and functions that an application can use to access low-level machine services.

Overview

When you write applications for a high-level operating system such as Microsoft Windows, you use standard Windows application programming interfaces (APIs) to access standard operating system and networking services and functions. One application can then issue an API call to another application in order to execute that API function. Details of APIs are primarily of interest to developers.

Windows operating systems provide predefined sets of APIs for various purposes, such as Telephony Application Programming Interface (TAPI) for accessing functions related to making voice, data, or fax calls; Messaging Application Programming Interface (MAPI) for messaging functions; and so on.

An example of an API function in Windows NT is NetServerEnum. When a computer on a network issues a net view command to obtain the list of resources or computers that can be accessed using Network Neighborhood or Windows Explorer, the client computer issues a NetServerEnum API call to the Computer Browser service.

Microsoft Windows platforms include two basic sets of APIs:

• Win16: These 16-bit APIs were used by Windows 3.1.

• Win32: These 32-bit APIs are used on Windows 95, Windows 98, Windows Millennium Edition (Me), Windows NT, Windows 2000, Windows XP, and Windows .NET Server.

Notes

API also represents any set of calling conventions in a programming language that specifies how such a service is invoked through an application. Application programming interfaces (APIs) let C and assembly language routines interact with services and programming tools.

application service provider (ASP)

A general term for a company that offers software services to business customers across the Internet, particularly services involving outsourcing of Web and e-business applications.

Overview

A simple way of understanding the application service provider (ASP) model is to consider an ASP to be a company that hosts software applications for client companies and delivers them using the Internet for a monthly service fee. These applications are typically Web-based applications accessed by clients through a simple Web browser, although other delivery methods may be used, including Windows 2000 Terminal Services and Citrix MetaFrame. Once a client leases an application, the ASP is then responsible for day-to-day administration of the application and for maintenance and upgrades. ASPs may also be responsible for storing client data as well, although companies performing this service are more commonly called Storage Service Providers (SSPs). In contrast with simple Web hosting companies that offer their clients access to database applications and scripting tools but little else, ASPs also host the client's business logic and data at their remote data centers and provide a full range of supporting services to the client.

ASPs generally target one of two different market areas:

• Vertical-market ASPs: These target small to medium-sized business (the SMB, or small-to- medium business, segment of the market ) by offering them packaged services such as Internet/Intranet hosting, e-mail and workflow applications, and scaled-down Customer Relations Management (CRM) and Enterprise Resource Planning (ERP) applications. Some small companies might not have the resources even to hire a single full-time IT (information technology) person, yet by using an ASP, they can quickly and easily obtain and use the necessary Line-Of-Business (LOB) applications they need to compete in the Internet economy in a cost-effective fashion. ASPs targeting this market tend to offer one-size-fits-all applications based on business logic templates that offer few customization options. This approach is taken to reduce costs for the ASP and make servicing this market level profitable.

• Horizontal-market ASPs: These target enterprise-level customers and offer similar applications but with more customization to fit these customers' needs.

When the ASP craze took off in 1999, most ASPs were dot-com startups targeting the small to mid-sized business market, which was itself growing rapidly due to the dot-com revolution then underway. The ASP revolution was driven largely by the increasing shortage of IT professionals in the marketplace which left hundreds of thousands of IT positions unfilled, the rapid proliferation of new IT technologies based on the Internet, and by the proliferation of dot-com startups that needed to deploy business applications and to deploy them fast in the highly competitive Internet economy of the late 20th century. But with the dot-com crash of 2001 many of the ASPs failed as their market space dried up, and some survivors instead began targeting large enterprises by offering the application customization these businesses required. The attraction of these enterprise-level customers for ASPs is their long-term stability and broad capital base, but such clients tend to be more conservative in their outlook and more cautious about embracing new service models. Meanwhile, large software companies such as Microsoft Corporation and Oracle Corporation began to reposition themselves as service providers instead of software vendors. With their proven track record and large resources, many analysts expect these large companies to dominate the ASP business in a few years, with smaller companies focusing on niche areas where their services can be most effectively marketed. Furthermore, companies such as Microsoft and Oracle are developing a next generation of Web-enabled software that can be easily deployed by new ASP startups without the extensive customization required by the earlier generation of ASP applications. A good example is Microsoft Exchange 2000, which is an ASP-ready platform for providing Web-based messaging and collaborative applications.

When the ASP market was just emerging, the major attraction for customers was saving money. As the market began to mature, other issues became important for customers to consider when shopping for an ASP:

• Security: In the beginning, many ASPs failed to address security concerns adequately. This has changed considerably, and the current generation of ASPs offers a full range of authentication and public-key infrastructure (PKI) services, virtual private networks (VPNs), firewall services, virus protection services, and intrusion detection services. Make sure the ASP you select can provide the level of security your company needs for its data.

• Availability: Make sure you negotiate a suitable service-level agreement (SLA) with your ASP to ensure that should their services be interrupted or terminated unexpectedly your business will still be able to function. If some of your staff will need to access ASP applications remotely using mobile clients through a VPN, make sure your SLA has a connectivity clause as well.

• Performance: Web-based applications mean high-bandwidth requirements for proper performance, both at the client end (usually T-1 or higher connections) and at the ASP's data center. Look for ASPs that colocate their servers at major Internet service providers (ISPs) for best performance and that have multiple redundant connections to the Internet with sufficient bandwidth to support the number of customers they service.

• Track record: With many of the first generation ASP startups having failed, companies are developing a "once-bitten, twice-shy" attitude towards outsourcing mission-critical business applications to ASPs. Talk to some of the ASPs larger clients and ask to see their financials to ensure their long-term viability before committing to using their services. When they start up, ASPs typically invest huge amounts of money in data centers, and they need to recover this investment quickly in order to survive. Some tier-1 Internet infrastructure providers offer ASP-level services, and these do not have as much of a capital risk associated with data center buildout as does a startup ASP.

Architecture

The data center is the heart of an ASP. Data centers are often colocated at ISP Points of Presence (POPs) to provide optimal high-speed connections to the backbone of the Internet. Data centers typically contain the following:

• File servers and database servers for storing structured data.

• Directory servers, Domain Name System (DNS) servers, and authentication servers for managing domains.

• Clustered or load-balanced Web servers for hosting Web applications in a redundant fashion.

• Terminal servers for supporting remote administration by customers.

• Storage area networks (SANs) and network attached storage (NAS) for storing data.

• Backup servers for archiving company data.

Advantages and Disadvantages

The advantages for client companies using ASPs are numerous and compelling to the management departments of most companies:

• They do not need to purchase the software themselves, which saves considerably on up-front costs.

• They do not need to hire additional IT staff to deploy and manage the new applications, which means considerable savings on labor costs.

• They can get new LOB applications up and running in a few days or weeks by relying on the expertise and infrastructure of the ASPs they are leasing these applications from.

The disadvantages of using ASPs are also important to consider when you are looking to outsource your LOB applications:

• You lose direct control over your company's software infrastructure and sometimes your data. This may be an issue with companies for which security is a strong concern.

• Many ASPs are new startups that may be acquired in the near future by larger companies or may fail if managed poorly. When your ASP fails, you might be left hanging with no software infrastructure to support your company's operations.

Marketplace

Some of the larger independent ASPs that have established themselves in the marketplace recently include the following:

• USinternetworking (www.usi.com)

• Corio (www.corio.com)

• Interliant (www.interliant.com)

Prospects

Although some industry watchers are predicting that the shakeout in the fledgling ASP industry will continue until only a few major players remain, the ASP model for outsourcing IT services has undeniably changed the IT landscape forever, as companies seek for cost- effective ways to economize on software purchasing by leasing LOB applications instead of purchasing them or developing them in-house.

One sector of the IT economy hit hard by the ASP revolution are the old-guard Independent Software Vendors (ISVs) that have spent years building and enhancing their line of client/server business applications. The Enterprise Resource Planning (ERP) industry has been one of the hardest hit, and established ERP vendors have had to move quickly to Web-enable their products and offer them as services in order to compete with upstart ASPs offering similar services. Some examples of ERP vendors who have repositioned themselves as ASPs include the following:

• SAP, with its SAP Hosting services

• PeopleSoft, with its eCenter

• Oracle, with its Oracle Business Online

Although the first two years of the new millennium have seen the demise of many ASP startups, industry analysts still predict strong growth in the ASP sector. The sector had a total worldwide market value of $300 million in 1999 and some analysts predict this could grow to as much as $25 billion by 2004. Much of the success or failure of this growth depends on broadband Internet access becoming cheap and ubiquitous at all business levels.

Nevertheless, because things change so fast in the new Internet economy, it is hard to know whether to trust long-term predictions such as these. After all, the ASP market went from infancy to maturity in about a year, so five years seems like a long time to predict its future growth and evolution!

Notes

Other terms used by different vendors to describe the ASP model include hosted applications, e-services, and "software as a service."

For More Information

You can find an ASP to meet your company's needs using the ASP portals WebHarbor (www.webharbor.com) and ASPScope (www.aspscope.com).

For the latest news on the ASP industry, see ASPNews (www.aspnews.com) and ASPPlanet (www.aspplanet.com).

An established source of independent information for the ASP community is ASPI, the ASP Industry Consortium (www.aspindustry.org). This consortium has taken on the role of policing the rapidly growing ASP market, whose companies range from responsible to vendors of snake oil. ASPI has defined a series of best practices that new ASPs should follow as guidelines for responsible success.

A notable company that provides a meta-infrastructure that enables new ASPs to grow and flourish is Loudcloud (www.loudcloud.com), a brainchild of Marc Andreesen of Netscape fame.

See Also xSP

APPN

Stands for Advanced Peer-to-Peer Networking, a protocol developed by IBM as the second generation of Systems Network Architecture (SNA).

See Also

Advanced Peer-to-Peer Networking (APPN)

archive attribute

An attribute of files and folders that isused for managing backups.

Overview

When an archive bit is marked or set for a file by a backup program, it indicates that the file or folder has been backed up. Then, when the backup program is run again, if the archive bit is still set, the file is not backed up because it has not been modified. If the file is modified in the interim, the archive attribute is cleared, indicating that the file needs to be backed up again.

In Microsoft Windows you can also manually set or clear the archive attribute for a file by opening the file's property sheet.

See Also backup

archiving

The process of long-term storage of important data for security and recovery reasons.

Overview

Archived data is usually stored in a compressed format because it is not required frequently. Some of the files that a Microsoft Windows 2000 administrator might consider archiving regularly include

• Event log files for the system, security, and application logs

• Performance monitor files for monitoring trends in memory, disk, processor, and network usage over time

• Log files for applications such as Microsoft Internet Information Services (IIS)

Notes

When you archive event log files, you can save these files in log file format, text file format, or comma- delimited text file format. An event's actual binary data is saved only if you archive it in event log format, but saving the information in a comma-delimited text file format allows you to import these logs into a spreadsheet program to analyze trends.

See Also backup ,security

ARCNET

Stands for Attached Resource Computer Network, an early local area network (LAN) architecture.

Overview

ARCNET was developed in 1976 by Datapoint Corporation and became an American National Standards Institute (ANSI) standard in 1982. ARCNET predates Ethernet by several years and can be implemented using a variety of media including RG/62 93-ohm coaxial cabling, RS-485 unshielded twisted-pair cabling, or fiber-optic cabling. ARCNET is a baseband networking technology that is similar to standards for token-passing bus networks running over broadband cabling. ARCNET uses a token-passing bus architecture with nodes forming a logical ring but a physical bus or star pattern. The core of an ARCNET network is a device called an active hub. Each of these hubs can support up to four connected devices. Multiple active hubs can then be interconnected using coaxial cable to support a maximum of 255 stations.

Classic ARCNET carries data at a rate of 2.5 megabits per second (Mbps). On coaxial cable, ARCNET cable runs can be up to 2000 feet (600 meters), but unshielded twisted pair supports distances of 400 feet (120 meters) and fiber-optic cabling distances of 8000 feet (2440 meters). A newer implementation called ARCNET Plus operates at a data rate of 20 Mbps and can support a maximum of 2047 nodes.

Notes

ARCNET is a legacy LAN technology occasionally found in some older networks.

Microsoft Windows 95, Windows 98, and Windows NT all support ARCNET. Sometimes a computer running Windows NT on an ARCNET network will have difficulty communicating with computers running Windows 95 and Windows 98 on the same network. This is because Windows NT uses Raw ARCNET and Windows 95 and Windows 98 use Encapsulated ARCNET. The workaround solution is to install the 16-bit Transmission Control Protocol/Internet Protocol (TCP/IP) stack with Novell Open Data-link Interface (ODI) drivers on the machines running Windows 95 and Windows 98.

ARC path

Stands for Advanced Reduced Instruction Set Computing (RISC) path, a syntax for naming partitions.

Overview

ARC paths are used in the Boot.ini file of Microsoft Windows 2000, Windows XP, and Windows .NET Server. The ARC path specifies the location of the partition that contains the Windows 2000 operating system files. In other words, the ARC path locates the system partition on the machine.

A typical ARC path on a Windows 2000 system might be the following:

multi(0)disk(0)rdisk(0)partition(1)\ WINNT="Microsoft Windows 2000 Server"/fastdetect

In the above statement:

• Multi(0) indicates that the system is using Integrated Device Electronics (IDE), Enhanced Small Device Interface (ESDI), or Small Computer System Interface (SCSI) drives and that it relies on the computer basic input/output system (BIOS) to load system files using INT 13 BIOS calls. The number in parentheses here should always be 0.

• Disk(0) is always zero when multi() is used; otherwise it refers to the physical disk when scsi() is used instead of multi(). Multi() means that Windows 2000 must use the system BIOS to load system files, and scsi() means that a SCSI device driver must be loaded to access the boot partition.

• Rdisk(0) indicates that the ordinal number for the system disk is 0. This value is usually between 0 and 3.

• Partition(2) indicates the number of the partition where the system files are located.

ARIN

Stands for American Registry for Internet Numbers, a nonprofit organization that administers the registration and allocation of numbers relating to the operation of the Internet in North and South America.

See Also American Registry for Internet Numbers (ARIN)

ARP

Stands for Address Resolution Protocol, the Transmission Control Protocol/Internet Protocol (TCP/IP) network layer protocol responsible for resolving IP addresses into MAC addresses.

See Also Address Resolution Protocol (ARP)

ARPANET

Stands for Advanced Research Projects Agency Network, a U.S. Department of Defense project begun in 1969 that was designed to provide high-speed network communication links between supercomputers located at different sites around the country.

Overview

ARPANET was a test bed for the development of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. The first node on the ARPANET was established in 1969 at UCLA. Soon afterward, more nodes were created at other institutions, including Stanford University and BBN Technologies. The first Request for Comments (RFC) was proposed in the same year by Steve Croker and was entitled "Host Software."

By 1971, ARPANET had grown to over 20 hosts, including MIT, NASA, and the RAND Corporation. The first international nodes were established two years later in Norway and England. In 1983, Military Network (MILNET) was split off from ARPANET, and TCP/IP officially became the standard protocol for ARPANET, at which time ARPANET started to become widely known as the Internet. ARPANET continued to evolve until NSFNET was established in 1986.

ARPANET was finally shut down in 1989.

For More Information

Read about the history of ARPANET at www.securenet.net/members/shartley/history/ arpanet.htm.

See Also Internet

Arp command

A Transmission Control Protocol/Internet Protocol (TCP/IP) utility for viewing and modifying the local Address Resolution Protocol (ARP) cache, which contains recently resolved MAC addresses of Internet Protocol (IP) hosts on the network.

Overview

When one host on a TCP/IP network wants to communicate with a second host, the first host begins by using the ARP to resolve the IP address of the second host into its associated MAC address. The MAC address is needed for communication to take place over the network.

Typing arp -a displays the MAC addresses of recently resolved IP addresses. A sample display could be

Interface: 172.16.8.50 Internet Address    Physical Address   Type 172.16.8.25         00-20-af-b4-a1-4e  dynamic 172.16.8.200        00-40-95-d1-29-6c  static

One of these entries is static, meaning the Internet Protocol-to-MAC address mapping has been manually added to the ARP cache using arp -s.

See Also Transmission Control Protocol/Internet Protocol (TCP/IP)

AS

Stands for autonomous system, a group of Internet Protocol (IP) networks administered under a single administrative (routing) policy.

See Also autonomous system (AS)

AS/400

Stands for Application System/400, a midrange IBM server computing platform for business computing.

Overview

IBM's AS/400 platform is a 64-bit Reduced Instruction Set Computing (RISC) system available in a variety of configurations for different business needs. Until recently seen as a legacy platform similar to mainframes, AS/400 has been revamped in the last few years and is now one of the leading Web application and e-business platforms available for an enterprise.

AS/400 uses the OS/400 operating system but includes support for UNIX through the Portable Application Solution Environment (PASE). Systems Network Architecture (SNA) support is also available for providing connectivity with IBM mainframe computing environments.

Some of the popular configurations in which AS/400 is offered include

• AS/400e Model 250: An entry-level single- processor machine with no support for logical partitioning. Suitable for running packaged Web applications for small businesses.

• AS/400e Model 820: A mid-tier four-way symmetric multiprocessing (SMP) server supporting up to 16 gigabytes (GB) of RAM and 4 terabytes of storage.

• AS/400e Model 840: Top-of-the-line enterprise-level server for high-transaction, high-volume e-business, supply chain and Enterprise Resource Planning (ERP) applications, supporting up to 24-way SMP, 96 GB of RAM, and up to 18.9 terabytes of storage.

Notes

The newest offerings in IBM's AS/400 line incorporate IBM's new high-performance copper-wired chips.

For More Information

You can find IBM's AS/400 home page at www-1.ibm.com/servers/eserver/iseries.

ASCII

Stands for American Standard Code for Information Interchange, a widely accepted system for coding U.S. English text using numeric values.

Overview

The purpose of ASCII is to allow human-readable documents to be stored and processed as binary information by computers. ASCII assigns a unique numeric value to each lowercase and uppercase alphabet letter, number, punctuation mark, and to certain other characters. For example, the capital letter "A" has the ASCII code 65 and a blank space has the code 32.

ASCII is a 7-bit character set that isthe same as the first 128 characters (numbers 0 to 127) of the American National Standards Institute (ANSI) character set. The following table shows the various characters in the ASCII character set. The first 32 characters are nonprinting control characters that can be executed from the keyboard by using the Control key combined with other keys.

Notes

When you download files using File Transfer Protocol (FTP), you can choose whether to transfer the files as binary files or text files (ASCII files). Use only the ASCII file setting when downloading plain text files; otherwise, files will not be correctly transferred.

Some people create e-mail signatures for themselves using ASCII text characters, a practice called ASCII art. If you have the time and want to become an expert at this, read the FAQs (frequently asked questions) on the Web at non.com/news.answers/ascii-art-faq.html.

For More Information

There is an online ASCII table at www.asciitable.com

See Also Unicode

ASCII file

A file that contains unformatted American Standard Code for Information Interchange (ASCII) text.

Overview

An ASCII (text) file contains only characters, numbers, punctuation, tabs, and carriage return characters. You can create and edit an ASCII file using Microsoft Notepad. If you save it with the extension .txt, it is usually referred to as a text file, but you can save it with other extensions such as .bat or .cmd for batch files and .ini for initialization files.

Uses

ASCII files are often used for logon scripts and other batch files. Another common use is storing configuration information for operating systems and applications. Microsoft Windows 3.1 platforms used ASCII files for storing system and software configuration settings. These configuration files have the extension .ini and are referred to as INI (initialization) files. More recent Windows operating systems save this information in the registry. Most versions of the UNIX operating system still store their configuration settings in ASCII files.

Because ASCII files contain unformatted text, they can be read and understood by any platform and are useful for sharing information between platforms and between applications. Shared information is often saved in a comma-delimited text file, or .csv file, with the fields separated by commas. Microsoft Exchange Server can export mailbox properties and other information in .csv files, which can then be imported into spreadsheet programs such as Microsoft Excel for manipulation and analysis.

See Also ASCII

ASF

Stands for Advanced Streaming Format, a method of streaming data supported by Windows Media Player.

See Also Advanced Streaming Format (ASF)

Asia Pacific Network Information Center (APNIC)

A counterpart of the American Registry for Internet Numbers (ARIN), this is the agency responsible for administering the registration and allocation of Internet numbers for the Asia/Pacific region.

Overview

The Asia Pacific Network Information Center (APNIC) is one of the three Regional Internet Registries (RIRs) that provide Internet numbers allocation and registration services to support the operation of the global Internet. These Internet numbers include IPv4 and IPv6 addresses, autonomous system (AS) numbers, and reverse Domain Name System (DNS) delegations. APNIC is responsible for allocation of these numbers for the Asia Pacific region, which comprises 62 different economies.

APNIC is a nonprofit, membership-based organization whose members include National Internet Registries, Internet Service Providers (ISPs), and similar bodies. Membership in APNIC is fee-based.

For More Information

Visit APNIC at www.apnic.org

See Also American Registry for Internet Numbers (ARIN)

ASN

Stands for autonomous system number, a unique number used to identify an autonomous system (AS), that is, a network that can exchange exterior routing information with neighboring networks.

See Also autonomous system number (ASN)

ASN.1

Stands for Abstract Syntax Notation One, a standard from the International Standards Organization (ISO) that provides a mechanism for encoding human- readable symbols into condensed binary form.

See Also Abstract Syntax Notation One (ASN.1)

ASP (Active Server Pages)

Stands for Active Server Pages, an open, compile-free application environment for developing Web applications using Microsoft Internet Information Server (IIS) version 3 and later.

See Also Active Server Pages (ASP)

ASP (application service provider)

Stands for application service provider, a company that offers software services to business customers across the Internet, particularly services involving outsourcing of Web and e-business applications.

See Also application service provider (ASP)

ASP.NET

The evolution of Microsoft Corporation's Active Server Pages (ASP) technology for the new .NET platform.

Overview

ASP.NET is an advanced platform for developing Web applications, Web Services, and Web Forms under the Microsoft .NET platform. ASP.NET solutions can be developed using Microsoft Visual Studio .NET and other tools, and ASP.NET supports application authoring in C#, Visual Basic .NET, and other programming languages.

ASP.NET is Microsoft's successor to ASP and ASP+ (Active Server Pages Plus) and is to a large degree backward-compatible with the syntax of these earlier platforms. Unlike ASP and ASP+, however, ASP.NET is a compiled platform rather than an interpreted one, which offers better run-time performance. ASP.NET is also easily factorable so that developers can remove modules that are not required for a particular application, making applications more code-efficient and giving them a smaller footprint.

ASP.NET provides two levels of programming models:

• Low-level: ASP.NET provides a programming model similar to Internet Server Application Programming Interface (ISAPI) but easier to use for rapid development.

• High-level: ASP.NET enables the easy building of Web Forms, a high-level programming model for building Web applications.

ASP.NET also supports a number of different authentication schemes including Basic, authentication, Digest authentication, NT Lan Manager (NTLM) authentication, custom cookie-based authentication, and Microsoft Passport authentication.

For More Information

Find out more about ASP.NET at msdn.microsoft.com/net/aspnet.

See Also Active Server Pages (ASP) ,.NET platform

ASR

Stands for Automatic System Recovery, a feature of Microsoft Windows 2000, Windows XP, and Windows .NET Server that allows you to restore your system in the event of hard disk failure or corruption of system files.

See Also Automatic System Recovery (ASR)

Association for Computing Machinery (ACM)

The oldest and largest educational and scientific computing society in the world.

Overview

The Association for Computing Machinery (ACM) provides a forum for the exchange of information, ideas, and discoveries relating to many aspects of computing. The ACM has a worldwide membership of 80,000 computer professionals representing a wide variety of interests. The ACM sponsors a number of special interest groups (SIGs) that bring together ACM members with shared interests. These SIGs publish technical newsletters, host conferences, and help develop standards.

One SIG of interest to networking professionals is the ACM Special Interest Group on Data Communication (SIGCOMM), which provides a forum for data communication professionals. SIGCOMM focuses on standards for network protocols and architectures. SIGCOMM publishes the ACM/IEEE Transactions on Networking Journal, sponsors conferences, and publishes a quarterly newsletter called the Computer Communication Review (CCR) in conjunction with the Institute of Electrical and Electronics Engineers (IEEE).

For More Information

Find out about the ACM at www.acm.org and the SIGCOMM at www.acm.org/sigcomm

Asymmetric Digital Subscriber Line (ADSL)

A form of Digital Subscriber Line (DSL) technology that provides subscribers with high-speed voice and data services over twisted-pair copper phone lines.

Overview

Asymmetric Digital Subscriber Line (ADSL) was developed by Bellcore in 1989 as a means of transmitting digital information over ordinary twisted-pair Plain Old Telephone Service (POTS) telephone lines to subscribers at speeds faster than 1 megabit per second (Mbps). The original vision of ADSL was to provide residential subscribers with high-quality digital multimedia content, particularly Moving Pictures Experts Group (MPEG) movies through Video On Demand (VOD) services. This was intended to allow phone companies to compete with the emerging cable television market for delivering video to residential areas. This goal has since faded, and now the main push for deploying ADSL is residential broadband Internet access.

ADSL specifies how to implement high-speed, full- duplex transmission over the existing twisted-pair copper cabling of POTS. ADSL can be used to simultaneously transmit voice and data over a single telephone line and can be used to provide high-speed Internet access for both homes and businesses. Even should the data link to the Internet go down, POTS voice service would still be available using ADSL.

The asymmetric in ADSL refers to the fact that the upstream and downstream transmission rates in ADSL are not equal. Over best-quality copper phone lines, ADSL can achieve upstream speeds of up to 1.5 Mbps and downstream speeds of up to 9 Mbps, usually in a 10:1 ratio. This asymmetry makes ADSL ideal for providing high-speed Internet access to homes and businesses where fast download speeds are more important than upload speeds.

Asymmetric Digital Subscriber Line (ADSL). Implementing ADSL.

Uses

ADSL has many advantages over standard analog modem access to the Internet, including much higher data rates, instant-on connection, simultaneous transmission of voice and data over a single phone line, and greater security. The negative side of ADSL is the higher equipment cost and the fact that customers must be located within 18,000 feet (5500 meters) of the carrier's CO for ADSL to work. ADSL Internet services typically cost between $40 and $100 per month, depending on the carrier and the area being serviced.

Besides providing residential and business Internet access, ADSL also has other uses, including the following:

• Connectivity with branch offices.

• B2B secure communications (using Point-to-Point Tunneling Protocol [PPTP] or Layer 2 Tunneling Protocol [L2TP]).

• Telecommuting.

An external ADSL modem with support for Network Address Translation (NAT) allows a single modem to connect a network of machines to the Internet using only one carrier-granted Internet Protocol (IP) address. Some ADSL appliances include a built-in Ethernet hub to make this process simpler.

Cable modem technologies are currently competing with ADSL in the residential broadband Internet access, but ADSL offers greater security than cable modems and provides guaranteed bandwidth that shared- network cable modems cannot currently provide.

Implementation

The great advantage of ADSL as a high-speed access service is the ubiquity of the existing twisted-pair POTS wiring system. ADSL providers do not have to build a delivery infrastructure because the wires are already there; they just have to install the switches and modems to make it work.

ADSL uses frequency-division multiplexing (FDM) to separate voice and data into three separate communications channels:

• A baseband voice channel

• An upstream data channel

• A downstream data channel

The range of frequencies used for each channel vary depending on the carrier's particular implementation. Each channel occupies a different portion of the frequency spectrum, as shown in the figure, which illustrates a possible implementation of ADSL. The baseband voice channel is split off from the data channels to guarantee phone services in case the data channel fails. Data transmission rates in the upstream direction range from 128 kilobits per second (Kbps) to 1.54 megabits per second (Mbps), and those in the downstream direction range from 384 Kbps to 7.1 Mbps, depending on the length of the local loop-the distance from the customer premises to the telco's (CO) central office-and the telephone cable's wire gauge. The longer the distance from the customer premises to the CO, the slower the ADSL speed that can be achieved (this feature is why ADSL is referred to as a "best effort" service). ADSL speeds start to drop significantly when the subscriber is beyond 10,000 feet from the CO due to interference, attenuation, and crosstalk, and ADSL becomes almost totally ineffectual beyond 18,000 feet. ADSL speeds also vary depending on the AWG gauge of the twisted-pair telephone wires in the subscriber's local loop and residence, with 24 gauge wire providing better performance than 26 gauge.

In a typical ADSL implementation, an ADSL modem (technically called an ADSL Transmission Unit- Remote, or ATU-R) is used to connect a subscriber's computer or network to a standard analog POTS phone line. The ADSL modem contains a POTS splitter chip that splits the bandwidth of the phone line into a voice and a data channel. The data channel is then split, using a channel separator chip, into a separate upstream and downstream channel, with the downstream channel having the larger portion of allocated bandwidth. The voice band typically uses frequencies from 0 to 3.4 kilohertz (kHz), while the data channels use higher frequencies anywhere from above 26 kHz to beyond 1100 kHz, depending on the carrier's implementation. Carrying capacity depends on the wire's thickness and other line conditions.

At the other end of the subscriber's local loop is another ADSL modem (properly called an ADSL Transmission Unit-Central Office or ATU-C) at the telco's CO. The telco's modem separates the voice signal from the data stream using a splitter and routes voice calls through the POTS system of telco switches, while the data is routed to a Digital Subscriber Line Access Multiplexer (DSLAM) unit. The DSLAM unit combines multiple ADSL lines into a single pipe for transmission over the carrier's fiber-optic Asynchronous Transfer Mode (ATM) backbone network to the Internet or to other DSL provider networks. This process is known as ATM over ADSL.

ADSL can employ several different modulation systems for encoding the data channels:

• Carrierless amplitude/phase (CAP)

• Discrete multitone (DMT)

• Discrete wavelet multitone (DWMT)

For More Information

Find out more about ADSL at the site of the ADSL Forum, www.adsl.com

See Also Digital Subscriber Line (DSL) ,G.Lite

asymmetric multiprocessing (AMP)

A processing architecture in which processes are specifically assigned to different processors.

Overview

When asymmetric multiprocessing (AMP) is used on a multiprocessor computer (a computer with more than one CPU), each processor is assigned specific tasks to perform. For example, one processor might be dedicated to managing input/output (I/O) requests, another to executing network requests, another to running a user application, and so on.

AMP contrasts with symmetric multiprocessing (SMP), in which the operating system evenly distributes the application load across multiple processors. In SMP, individual processes are not mapped to specific processors but instead are assigned to available processors by the operating system.

Notes

Microsoft Windows 2000 supports SMP but not AMP.

async

Short for asynchronous transmission, a form of data transmission in which the transmitting and receiving stations do not explicitly coordinate their transmissions with each other.

See Also asynchronous transmission

Asynchronous Transfer Mode (ATM)

A high-speed, broadband transmission data communication technology based on packet switching and multiplexing technologies, and used by telcos, long distance carriers, and campus-wide backbone networks to carry integrated data, voice, and video information.

Overview

Asynchronous Transfer Mode (ATM) technology originated in the late 1970s and early 1980s through research into broadband Integrated Services Digital Network (ISDN) (B-ISDN). Like Internet Protocol (IP), ATM is basically a packet-switching technology, but unlike IP with its variable-length packets, ATM uses fixed-size packets called "cells." The fixed size of an ATM cell makes ATM traffic simple and predictable, and makes it possible for ATM to operate at high speeds.

ATM works primarily at Layer 2 of the Open Systems Interconnection (OSI) reference model and so its operation is independent of the Physical Layer (PHY) transport used. The speeds at which ATM operate depend on the transmission medias being used. The various speeds available include:

• 1.544 megabits per second (Mbps) to 25 Mbps over unshielded twisted-pair (UTP) Category 5 (Cat5) cabling, also known as "ATM to the desktop." This early ATM initiative was derailed by the rapid advances in Fast Ethernet, which won out over ATM because of its simplicity and lower cost.

• 155 Mbps (OC-3) over either UTP or fiber-optic cabling, used primarily for connecting wiring closets to backbone networks.

• 622 Mbps (OC-12), 2.4 Gbps (OC-48), and 4.8 Gbps (OC-96) over fiber-optic cabling only, used exclusively for ATM core (backbone) networks and Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) as PHY layer transport.

The asynchronous in ATM means ATM devices do not send and receive information at fixed speeds or using a timer but instead negotiate transmission speeds based on hardware and information flow reliability. The transfer mode in ATM refers to the fixed-size cell structure used for packaging information. This cell-based transmission is in contrast to typical local area network (LAN) variable-length packet mechanisms, which means that ATM connections are predictable and can be managed so that no single data type or connection can monopolize the transmission path. As a result, ATM is suitable for transmitting all types of traffic from "bursty" data transmissions to real-time and packaged voice and video playback.

Different "classes of service" are used to accommodate transmission of different traffic types in optimal ways, and ATM optimizes traffic flow performance through these various classes of service, which can be allocated on a per-connection basis by using ATM's Quality of Service (QoS) settings. In this fashion, ATM is different from frame relay, which is essentially a classless service. Note that not all carriers or ATM switching gear support all of these service categories.

The six service categories currently defined for ATM defined by the ATM Forum are

• Constant Bit Rate (CBR): This level is suitable for applications that require a relatively static amount of bandwidth over the duration of a connection. An example might be network control traffic.

• Real-time Variable Bit Rate (rt-VBR or VBR-RT): This level is suitable for real-time applications such as video and voice that are sensitive to delay and use large amounts of bandwidth.

• Non-real-time Variable Bit Rate (nrt-VBR or VBR-NRT): This level is suitable for bursty traffic that is not real-time in nature. An example might be data acquisition in experiments or playback of canned video presentations.

• Unspecified Bit Rate (UBR): This level is suitable for traffic that is not delay sensitive and non-real- time. Examples might include e-mail and file transfers.

• Available Bit Rate (ABR): This level includes a flow-control mechanism and is therefore suitable for non-real-time traffic where the transmission characteristics are subject to change over the life of the connection. An example might be file transfers over a noisy link.

• Guaranteed Frame Rate (GFR): This level allows additional bandwidth to be allocated dynamically when needed.

ATM also includes a mechanism for allocating bandwidth dynamically; that is, bandwidth is allocated only in required amounts and the required direction. As a result, when an ATM link is idle, it utilizes no bandwidth, which can result in considerable cost savings depending on the needs of your network. ATM networks use bandwidth at maximum efficiency, while maintaining guaranteed QoS for users and applications that require it.

The evolution of ATM has been guided since 1991 in large measure by the efforts of the ATM Forum. ATM is also based on a group of international signaling and interface standards defined by the International Telecommunication Union (ITU). These standards include the user network interface (UNI) standards that specify how users connect to ATM networks, and the broadband intercarrier interface (B-ICI) and public network-to-network interface (P-NNI) standards for establishing connectivity between different ATM networks.

Uses

ATM was originally envisioned as an end-to-end networking architecture that would supersede Ethernet and Token Ring in enterprise LANs because of its built-in support for QoS. Initial deployments included backbones for enterprise LANs with the vision to carry ATM directly to the desktop, but the rapid evolution, simplicity, and lower cost of Fast Ethernet and, later, Gigabit Ethernet (GbE) have prevented ATM from fulfilling its original vision. Few enterprises deploy new ATM backbones today, and the emergence of 10 Gigabit Ethernet (10 GbE) makes this even more unlikely in the future.

If ATM in the backbone is declining in the enterprise, ATM for WAN access remains relatively strong. GbE backbone switches with core ATM ports can be used to connect enterprise networks to carrier's ATM networks for remote access to branch offices and subsidiaries. Alternatively, an Integrated Access Device (IAD) aggregates network traffic at the customer premises into a single ATM WAN pipe for connection to the carrier.

ATM has been widely adopted in the communications networks of telecommunication carriers (telcos). ATM metropolitan area networks (MANs) are widespread, and ATM is viewed as the de facto technology for long distance fiber-optic communication lines stretching thousands of kilometers across continents.

ATM hardware spans the whole range of networking infrastructure, including ATM backbone switches and edge switches, ATM multiplexers, ATM remote access devices, and ATM network interface cards.

Architecture

ATM uses fixed-size 53-byte cells. Each cell contains 48 bytes of payload (data) and 5 bytes of control and routing information in the header. The 5-byte header provides addressing information for switching the packet to its destination and can be implemented in one of two formats: User to Network Interface (UNI) or Network Node Interface (NNI).

The 48-byte payload section carries the actual information, which can be data, voice, or video. The payload is properly called the user information field. The reason for choosing 48 bytes as the payload size is to compromise between the optimal cell sizes for carrying voice information (32 bytes) and data information (64 bytes).

ATM uses a layered architecture for its protocol stack, similar in some respects to the lower portions of the OSI model. There are three main layers in the ATM architecture:

• ATM Adaptation Layer (AAL): This is the top layer in ATM and is responsible for guaranteeing service characteristics of transmission and for building different types of data into the 48-byte cell payload. It is called the Adaptation Layer because it adapts the ATM Layer beneath it to the particular services that will be using it. The ATM Adaptation Layer consists of two sublayers, the Convergence Sublayer (CS) and the Segmentation and Reassembly (SAR) sublayer. The ATM Adaptation Layer supports five different AAL protocols from AAL 1 through AAL 5, with the last one being the most widely used. The ATM Adaptation Layer is equivalent to the OSI model's Data Link Layer.

• ATM Layer: This middle layer takes the payload formed by the ATM Adaptation Layer and adds the 5-byte header information and routes the packet to its destination.

• Physical Layer: This bottom layer defines the electrical characteristics of the network interface and media over which the ATM cell is transmitted and converts the ATM cell into electrical signals. In other words the Physical Layer "puts the bits onto the wire." ATM supports a variety of different PHY level transports, including SONET, SDH, DS3/E3, Fiber Distributed Data Interface (FDDI), and Fibre Channel. The ATM Layer and Physical Layer are together equivalent to the OSI model's Physical layer.

ATM supports a variety of address formats. Public ATM networks implemented by telecommunications carriers use the same 19-byte E.164 addresses used by Narrowband ISDN. Private ATM networks can use three different address formats: Network Service Access Point (NSAP) encapsulated E.164, Data Country Code (DCC), and International Code Designator (ICD).

ATM is generally deployed in a star topology with the ATM switch at the center acting as a concentrator. The advantages of this topology are that troubleshooting is simplified and the network can easily be reconfigured if required. ATM switches can provide bandwidth on demand, and additional connections can be formed with the switch when more bandwidth needs to be added.

ATM is a connection-oriented technology that supports both point-to-point and point-to-multipoint connections, but multipoint connections require multicasting (ATM does not support broadcasts). ATM requires the establishment of a specific network path between two points before data can be transported between them. This path is negotiated by the transmitting station, which specifies the type of connection (service classes discussed above), speed (bandwidth) required, and other attributes.

The paths with which ATM connects end stations are called virtual channels (VCs). Virtual channels consist of one or more physical ATM links connected in a series for transmitting data between remote stations. A VC exists only while data is being transmitted on it, and all cells in a given ATM transmission follow the same VC to ensure reliable data transmission. A virtual path (VP) is a collection of VCs having the same source and destination points that can be used to pool traffic being transmitted to a given destination. The header of an ATM cell contains routing information that defines the VC being used for the connection. This routing information is called the Virtual Path Identifier/Virtual Channel Identifier (VPI/VCI).

VCs and VPs are the basic building blocks of ATM networks and provide end-to-end connections with well-defined end points and traffic routes. VCs may be of two types: permanent virtual circuits (PVCs) and switched virtual circuits (SVCs). ATM can work with either PVCs or SVCs, depending on your wide area network (WAN) traffic needs. PVCs are more commonly used by ATM service provider networks but are less efficient with respect to bandwidth costs.

Typically a subscriber needing an ATM WAN link for their company leases a T1 or T3 line to connect their customer premises equipment (CPE) to the telecommunication carrier's ATM network, but frame relay or SONET can also be used to connect a site to an ATM network. The kind of CPE needed varies with the access method employed-for example, Channel Service Unit (CSU) for T1 line, frame relay access device (FRAD) or router for frame relay, and so on. Large corporate networks using an ATM backbone might use a switch-to-switch connection to the carrier's network instead of CPE.

Advantages and Disadvantages

ATM's two main benefits are its high transmission speeds and its flexible bandwidth-on-demand capability. ATM has the following advantages over competing high-speed networking technologies:

• High-speed, fast-switched integrated data, voice, and video communication that is not bound by the physical or architectural design constraints of traditional LAN networking technologies.

• A standards-based solution formalized by the ITU that allows ATM to easily replace existing telephony network infrastructures. ATM provides a global telephony standard, and more than 70 percent of U.S. telcos have migrated their internal networks to ATM.

• A fixed-length cell-based transmission that is suitable for transport of real-time traffic such as voice and video and which allows high-speed bulk encryption mechanisms to be implemented easily and in an affordable way.

• Interoperability with standard LAN/WAN technologies. ATM networks can be interconnected with Ethernet and token ring LANs using LAN emulation (LANE) services to provide Transmission Control Protocol/Internet Protocol (TCP/IP) over ATM.

• Built-in support for QoS that enables a single ATM network connection to reliably carry voice, data, and video simultaneously and manage bandwidth on a per connection basis depending on the priority of the service required. By assigning a bandwidth profile to an ATM connection, the performance of the connection can be guaranteed.

• A connection-oriented architecture that makes it resistant to the kind of denial of service (DoS) attacks for which Internet Protocol (IP) networks are famous. ATM is a more secure solution than IP for the trust boundary where WAN links are found in enterprise networks.

On the other hand, ATM has some significant disadvantages that have hindered its widespread adoption in enterprise networks:

• ATM switching equipment is more expensive than gear for competing technologies such as GbE.

• ATM is more complex in its architecture and operation than competing technologies. By contrast, GbE is an easy step upwards from Fast Ethernet.

• The ATM vision of integrated voice/video/data throughout the enterprise (a.k.a. "convergence") is not driven by market pressure, so in some ways ATM remains "a solution in search of a problem."

• Support for ATM in the WAN market has also been hindered by the fact that most carriers have not yet deployed switched virtual circuits (SVCs) and instead continue to rely upon static permanent virtual circuits (PVCs), which are less flexible and provide a fixed amount of bandwidth at a relatively high cost. Moving to SVCs would reduce costs for customers by enabling bandwidth-on-demand, but most carriers are reluctant to make the capital outlay for upgrading their switching equipment if the end result is to reduce immediate revenue by lowering costs.

Marketplace

Some of the larger carriers offering ATM services for the WAN/MAN environment include AT&T, Bell Atlantic/GTE, MCI WorldCom/UUNET, Qwest/US WEST, and Sprint. These carriers all offer high- performance services with minimal transit delays, and some of them offer ATM-to-frame relay services as an option as well, allowing multiple remote sites connected by frame relay to have their links aggregated into a single fat ATM pipe.

Marconi is the leading vendor of ATM switching equipment, with a 30 percent share of the market in 1999. Cisco Systems came second with a 25 percent share and has lately been focusing its research and development on packet-over-ATM, the next generation of ATM technologies. Other switch vendors offering ATM modules include Nortel Communications and Enterasys.

The region of the world that currently has the highest investment in ATM technologies is the Asia/Pacific region, where leased lines are expensive and ATM is seen as an affordable solution for the needs of the corporate WAN. By contrast, in North America the cost of leased lines is lower, making carrier-based ATM services unattractive and tending to drive large companies to running ATM over their own private circuits.

Prospects

ATM was once hailed as a revolutionary technology superior to Ethernet and essential for enterprises seeking "convergence," that is, the transmission of voice, video, and data over network backbones. However, its growth in deployment has been hindered by the high cost of ATM equipment and the complexity of implementing and managing it. Meanwhile, bandwidth supported by Ethernet has continued to grow, with the result that few enterprises are contemplating the deployment of new ATM backbones, with most favoring GbE instead. The early dream of corporate ATM networks stretching from the server room to the desktop has all but vanished.

ATM's largest installed base remains in telcos, and ATM or SONET/ATM remains the standard high-speed networking solution for these companies. Most MANs deployed by carriers are still ATM, and attempts by GbE to encroach on this territory have been hindered by the still nascent QoS features currently available for Ethernet. With the advent of 10 GbE, however, the picture may change as new carriers such as Yipes (www.yipes.com) move into the MAN space offering enterprises end-to-end Ethernet across the WAN. The long-distance carrier market, however, is destined to remain purely ATM for the foreseeable future, and most Incumbent Local Exchange Carriers (ILECs) have invested too heavily in ATM technologies for them to easily make the switch to 10 GbE.

ATM has received a boost in the last couple of years through increasing deployment of business and residential Digital Subscriber Line (DSL) for providing Internet access to the customer premises. Many local telcos aggregate DSL traffic from subscribers into ATM pipes for transport to their backbone ATM carriers. However, DSL is itself facing stiff competition from cable modem providers, and which technology will win out is unclear.

The greatest threat to ATM's survival in the industry is the development of QoS mechanisms for IP traffic. Standards such as Multiprotocol Label Switching (MPLS) and Differentiated Services (DiffServ) have shown some initial promise but cannot compete at this point with ATM, which is still king of the QoS hill. Solutions such as 10 GbE may succeed by simply throwing bandwidth at the problem, but ultimately incorporating QoS into IP is essential if the vision of enterprise convergence is to be attained.

Notes

A number of different approaches are available for building IP internetworks with ATM backbones. These include

• Classical IP (CIP): Based on RFC 1577, this supports only the IP protocol and requires a special Address Resolution Protocol (ARP) Server to handle the broadcasts required to support IP (ATM does not support broadcasts because it is connection-oriented in nature). When CIP is deployed over ATM WAN connections using permanent virtual circuits, it is called CIP over PVC.

• LANE (LAN Emulation): Lets you build bridged virtual LAN segments for enabling an ATM network to emulate an Ethernet or Token Ring network. LANE is an early solution developed by the ATM Forum.

• MPOA (Multiprotocol Over ATM): Provides a virtual router for creating virtual IP subnets over ATM. MPOA is a more recent initiative of the ATM Forum.

• MPLA (Multiprotocol Label Switching): A technology developed by the Internet Engineering Task Force (IETF) for a label-based routing system for carrying IP and other traffic over ATM.

For more information on each of these technologies, see their respective articles elsewhere in this book.

ATM can also be used as the underlying technology for FDDI.

Microsoft Windows 2000, Windows XP, and Windows .NET Server support direct connectivity to ATM networks with up to four ATM adapters in a single computer.

For More Information

A good source of information on current developments in ATM technology is the ATM Forum (www.atmforum.com).

See Also ATM Forum ,Gigabit Ethernet (GbE) ,LAN Emulation (LANE) ,Multiprotocol Label Switching (MPLS) ,Multiprotocol over ATM (MPOA) ,quality of service (QoS)

asynchronous transmission

A form of data transmission in which the transmitting and receiving stations do not explicitly coordinate their transmissions with each other.

Overview

Asynchronous transmission (async) is used in serial transmission for modems and other telecommunication devices. Data is transmitted as streams of bytes terminated by start and stop bits, and the transmitting station can wait an arbitrary period of time between transmissions. This contrasts with synchronous transmission (sync), in which a timing or clocking mechanism is used to ensure a steady flow of data between the devices.

In asynchronous communication, only about 80 percent of the transmitted bits actually contain data, while the other 20 percent contain signaling information in the form of start and stop bits. Each data frame starts with a start bit and ends with a stop bit, with data bits in between. When the receiving station receives a start bit, it knows that pure data will follow. When it receives a stop bit, it knows the data frame has ended and waits for the next one.

Asynchronous transmission is essentially character-based with additional bits between characters to enable synchronization and error correction. An optional parity bit for error checking can be located immediately before the stop bit in each frame. With parity correction, an 8-bit character requires 3 bits of control information (start, stop, and parity bits), which means an actual overhead of 3/8, or 38 percent.

Asynchronous communication is not synchronized by a timer mechanism or clock, and asynchronous devices are not bound to send or receive information at an exact transmission rate. Instead, the sender and receiver negotiate transmission speeds based on hardware limitations and the need to maintain a reliable flow of information. Asynchronous transmission is mainly suitable for low-speed transmission, but speeds can also be increased by using data compression.

Notes

Cisco routers may use any of four different kinds of async ports:

• RJ-45 jack for standard console and aux ports.

• DB-25 serial connector for Cisco 4000 series routers.

• DB-60 connector, switchable from sync to async using Internetwork Operating System (IOS).

• 68-pin Small Computer System Interface (SCSI) II connector for providing eight serial ports (acts as a serial port concentrator) and typically found on access servers.

See Also synchronous transmission

ATDnet

Stands for Advanced Technology Demonstration Network, a high-speed test bed network that ispart of SuperNet, the cross-country network funded by the Next Generation Internet (NGI) program.

See Also Advanced Technology Demonstration Network (ATDnet)

ATM

Stands for Asynchronous Transfer Mode, a high-speed, broadband transmission data communication technology based on packet switching and multiplexing technologies, and used by telcos, long distance carriers, and campus-wide backbone networks to carry integrated data, voice, and video information.

See Also Asynchronous Transfer Mode (ATM)

ATM Adaptation Layer (AAL)

An Asynchronous Transfer Mode (ATM) protocol that performs the functions of the Open Systems Interconnection (OSI) model's Data Link layer.

Overview

The function of the ATM Adaptation Layer (AAL) is to adapt the ATM Layer protocol to high-level networking protocols above it. The AAL consists of two sublayers:

• Convergence Sublayer (CS): Top sublayer, responsible for performing functions relating to the class of service specified for the traffic being transported over ATM.

• Segmentation And Reassembly (SAR): Bottom sublayer, responsible for breaking up high-level data streams into 48-byte segments for packaging into ATM cells. If there's insufficient data to form a cell, SAR pads the cell to make a full cell.

The ATM Adaptation Layer supports five different AAL protocols from AAL 1 through AAL 5, with the last one being the most widely used.

See Also Asynchronous Transfer Mode (ATM)

ATM Forum

An international not-for-profit organization dedicated to promoting the deployment of Asynchronous Transfer Mode (ATM) products and services.

Overview

The ATM Forum was founded in 1991 by a consortium of four companies (Cisco Systems, Northern Telecom [now Nortel Communications], Sprint Corporation, and Net/Adaptive). The ATM Forum's goal is to help steer the course of the development of ATM standards and technologies with the cooperation of over 600 industry partners (the Forum is itself not a standards body but instead develops specifications and submits them to the International Telecommunication Union [ITU]).

The ATM Forum works by committees, some of which include

• The Technical Committee: Works with other standards bodies such as the ITU to develop and evolve ATM standards and ensure interoperability between them. A number of different working groups are under this committee's umbrella.

• Market Awareness Committees: Three of these committees cover the North America, Europe, and Asia/Pacific regions.

• The User Committee: This consists of ATM users and allows them to provide input to the other committees based on their real-world experience of using ATM.

The ATM Forum also has an Ambassador Program for providing speakers knowledgeable about ATM for conferences and other events. The ATM Forum also has a newsletter called "53 Bytes," which helps keep people informed of developments in the ATM field.

For More Information

The ATM Forum can be found at www.atmforum.com

See Also Asynchronous Transfer Mode (ATM)

ATM over SONET

Also called ATM/SONET, a data transmission technology in which Asynchronous Transfer Mode (ATM) cells are transmitted over Synchronous Optical Network (SONET) circuits.

Overview

ATM over SONET is a technology used by telecommunications carriers when individual circuits have to carry multiple different kinds of traffic such as voice, video, Internet Protocol (IP), and so on. Implementing ATM over SONET adds an additional 5 bytes of overhead to 53-byte ATM cells, so this is done only when necessary. If a SONET circuit carries only one type of traffic-such as IP packets or circuit-switched voice-the ATM layer is not required, thus saving the additional overhead.

ATM over SONET can be implemented either with or without Automatic Protection Switching (APS), the traditional SONET ring-based redundancy technology.

See Also Asynchronous Transfer Mode (ATM) ,Synchronous Optical Network (SONET)

ATM/SONET

Stands for ATM over SONET, a data transmission technology in which Asynchronous Transfer Mode (ATM) cells are transmitted over Synchronous Optical Network (SONET) circuits.

See Also ATM over SONET

attenuation

The loss of signal strength over long distances when signals travel along cabling.

Overview

Attenuation values for actual cables are measured in units of decibels (dB)-a standard measurement value used in communication for expressing the ratio of two values of voltage, power, or some other signal-related quantity. For example, a drop of 3 dB corresponds to a decrease in signal strength of 50 percent or 2:1, while a drop of 6 dB corresponds to a decrease of 75 percent or 4:1. Attenuation values for cabling media are expressed in units of decibels per 1000 feet, which express the amount of attenuation in decibels for a standard 1000-foot (305-meter) length of cabling composed of that medium.

Attenuation. Attenuation of analog and digital signals.

Copper cabling has much greater attenuation than fiber-optic cabling, which makes copper suitable only for relatively short cable runs. Typical attenuation values for copper Category 5 (Cat5) cabling vary with frequency and are shown in the following table. Attenuation for lower-grade cable is slightly higher.

Notes

Attenuation is caused by signal absorption, connector loss, and coupling loss. To minimize attenuation, use high-grade cabling such as enhanced category 5 (Cat5e) cabling. Also try to minimize the number of connector devices or couplers, ensuring that these are high-grade components as well. When a signal attenuates a large amount, the receiving device might not be able to detect it or might misinterpret it, therefore causing errors.

attenuation to crosstalk ratio (ACR)

The ratio of the received strength of a signal on a pair of wires to the amount of crosstalk between the wires.

Overview

The attenuation to crosstalk ratio (ACR) is calculated as the difference between the attenuation value and the near-end crosstalk value at a specific frequency. This is because both attenuation and crosstalk are usually expressed in units of decibels for cabling media. The decibel scale is logarithmic in nature, which means that a difference in decibel values corresponds to a ratio of actual signal voltage or power levels.

The higher the ACR for a given cable, the less chance of signal errors. For copper Category 5 (Cat5) cabling, the ACR value is typically about 10 decibels (dB), at a frequency up to about 100 megahertz (MHz). This value decreases slightly with increasing frequency until crosstalk and attenuation values converge, at which point transmission becomes error prone and the cabling ineffective for communication.

See Also attenuation ,crosstalk

attrib command

A Microsoft Windows command that can be used to display and modify the attributes of files and directories.

Overview

You can use the attrib command to display and modify the archive, system, hidden, and read-only attributes that can be assigned to files and directories. For example, if you need to manually modify the boot.ini file on a machine running Windows 2000, you can use the attrib command to remove its read-only, hidden, and system attributes.

Examples

attrib -r -h -s boot.ini 

This removes the read-only, hidden, and system attributes from the boot.ini file, allowing you to edit the file manually.

See Also attribute (file system)

attribute (file system)

A type of marker that can be set or cleared for files on a file system such as NTFS file system (NTFS).

Overview

On NTFS, attribute markers determine whether a file is

• Read-only, meaning that it cannot be modified

• Hidden, meaning that the file will not appear when its parent directory is listed at the command line

• System, meaning that the file is a critical operating system file and should not be moved or modified

• Archived, meaning that the file has been backed up

• Encrypted using Microsoft Corporation's Encrypting File System (EFS) (Windows 2000, Windows XP, and Windows .NET Server only)

• Compressed (Windows 2000, Windows XP, and Windows .NET Server only)

To view or modify the attributes of a file, open the file's property sheet and check or clear the appropriate check box.

Notes

The term attribute can also refer to other more granular file system information, such as time stamps, file size, or link counts.

See Also attrib command

attribute (Active Directory)

A property of an object in Active Directory directory service.

Overview

Attributes are information relating to objects stored in Active Directory. For example, a user class object is composed of attributes, such as a First Name attribute for a user account object.

Attributes define the actual characteristics of objects in Active Directory. Every class of objects has its own defining set of attributes. Different objects within this class are distinguished by the values of their attributes. Some attributes, such as the First Name attribute for a user account object, must have a value assigned to them when they are created. Other attributes, such as Phone Number, can optionally be left unvalued.

Each attribute in Active Directory is defined only once and can be used for many different object classes. All objects of the same type have the same set of attributes. Different objects of the same type are distinguished by different attribute values. It is therefore the values of the attributes of a particular object that make that object unique in Active Directory.

Attributes are defined in a special portion of Active Directory. An attribute definition includes

• The syntax (type of information) of the attribute, such as integer, date, or string

• Whether the attribute is single-valued or multivalued

Each syntax type is specified by an object identifier, which is a globally unique identifier (GUID) issued by the International Organization for Standardization (ISO). The allowable syntax types for attributes of objects in Active Directory are shown in the following table.

See Also Active Directory ,Active Directory schema

ATU-C

Stands for Asymmetric Digital Subscriber Line (ADSL) Transceiver Unit, Central Office end, an ADSL modem that terminates a subscriber's ADSL connection at the ADSL provider's Central Office (CO).

See Also Asymmetric Digital Subscriber Line (ADSL)

ATU-R

Stands for Asymmetric Digital Subscriber Line (ADSL) Transceiver Unit, remote terminal end, an ADSL modem that terminates a subscriber's ADSL connection at the customer premises.

See Also Asymmetric Digital Subscriber Line (ADSL)

auditing

The process of tracking and monitoring actions performed on servers or networks for security purposes.

Overview

Auditing is an important component of a general security policy for a corporate network. Auditing can be used to detect attempts at unauthorized access to network resources and to track the usage of shared resources. Auditing creates a record of which files have been accessed, who has logged on to the network, who has attempted to use a shared resource, and so on. Specifically, auditing records information in the security log about

• What action was performed

• Who performed the action

• When the action occurred

• Whether the action succeeded or failed

Notes

Microsoft Windows 2000, Windows XP, and Windows .NET Server record two kinds of auditing information in the security log:

• Success audits: Symbolized by keys and usually used to track resource usage for capacity and resource planning

• Failure audits: Symbolized by padlocks and usually used to monitor network resources for unauthorized access attempts

See Also Audit policy ,event ,security log

Audit policy

A policy established on a Microsoft Windows 2000 or Windows .NET Server domain that specifies the kinds of security-related events that will be recorded in the security log.

Overview

The following table indicates the kinds of events that can be audited in Windows 2000, Windows XP, and Windows .NET Server.

Notes

Be careful when enabling auditing for File And Object Access or Process Tracking because logging these events can generate a large amount of overhead on your system, especially when auditing for successes. To audit access to a file, folder, or printer, first enable File And Object Access auditing in your Audit policy, and then access the Security tab on the object's property sheet.

See Also auditing ,event ,security log

AUI connector

Stands for Attachment Unit Interface connector, a standard 15-pin connector device for thicknet.

Overview

The AUI connector on the free end of a 10Base5 drop cable attaches to the DB15 connector on the network interface card (NIC). The NIC has an AUI port connector for connecting the drop cable. The other end of the drop cable typically connects to a transceiver. The transceiver is then joined to the thicknet cabling using a vampire tap that pierces the cable jacket and insulation to make a connection.

See Also connector (device) ,Ethernet

Authenticated Users group

A built-in group in Microsoft Windows 2000, Windows XP, and Windows .NET Server for controlling access to resources.

Overview

The Authenticated Users group is similar to the built-in Everyone group, except that anonymous logon users are never members of the Authenticated Users group. The built-in security identifier (SID) for this group is S-1-5-11.

The Authenticated Users group can be used to provide additional security when running Microsoft Internet Information Services (IIS) because the anonymous user account has the ability to enumerate share names and list domain usernames. Using the Authenticated Users group provides an additional layer of security and is one way to restrict access to objects in the file system.

You should generally use the Authenticated Users group instead of the Everyone group if you want to carefully control anonymous access to your network resources.

See Also built-in group

Authentication Header (AH)

A protocol in the IPSec suite of protocols that handles authentication of Internet Protocol (IP) traffic.

Overview

The Authentication Header (AH) header immediately follows the IP header of an IP packet and includes the following fields:

• Next Header (1 byte): This field indicates which protocol (Transmission Control Protocol [TCP] or User Datagram Protocol [UDP]) is used in the payload immediately following the AH header.

• Payload Length (1 byte): This field indicates the length of the payload following the AH header.

• Reserved Area (2 bytes): Not currently used.

• Security Parameters Index or SPI (4 bytes): Specifies which security protocols are being used for the transmission of the packet.

• Sequence Number (4 bytes): Indicates the position of the packet in the sequence of packets having the same SPI.

• Authentication Data (variable): Contains the digital signature for the packet.

Notes

AH usually uses MD5 as its encryption algorithm, but other more secure encryption algorithms can also be used.

See Also IPsec

authentication protocol

Any protocol used for validating the identity of a user to determine whether to grant the user access to resources on a network.

Overview

Authentication protocols can be classified according to how the credentials are passed over the network. Some common kinds of authentication protocols include

• Anonymous access: This method is supported by Microsoft Internet Information Services (IIS) and allows anonymous users on the Internet access to Web content on your server.

• Basic authentication: This method transmits passwords as clear text and is often used in Unix networks and for File Transfer Protocol (FTP) services. It is also supported by IIS.

• Digest authentication: This method hashes (digests) the user's password before transmitting it, making it more secure than Basic authentication. Digest authentication is part of the Hypertext Transfer Protocol (HTTP) 1.1 protocol and is also supported by IIS.

• Windows NT Challenge/Response: This is the standard secure authentication method for Windows NT domains. In IIS this protocol is referred to as Integrated Windows authentication. Also called Windows NT Lan Manager or NTLM.

• Kerberos v5: This is the standard authentication security protocol for Windows 2000 and Windows .NET Server domains.

• X.509 Client Certificate authentication: This is used in conjunction with Secure Sockets Layer (SSL) and digital certificates and is also supported by IIS.

Notes

On a Microsoft Windows NT, Windows 2000, or Windows .NET Server network, authentication can be handled in one of two ways:

• When logging on to a member server or stand-alone workstation, authentication is performed by the member server or workstation itself using its local Security Accounts Manager (SAM) database.

• When logging on to a domain, authentication is performed by a domain controller on the network.

See Also anonymous access ,Basic authentication ,Kerberos ,Windows NT Challenge/Response Authentication

authentication provider

In Internet Connection Services for Microsoft Remote Access Service (RAS), a database for providing AAA (authentication, access, and accounting) information for the users in a given realm.

Overview

An authentication provider is a server that isused by Internet Authentication Service (IAS) to map a Remote Authentication Dial-In User Service (RADIUS) authentication request to a database containing user credentials. The authentication provider can verify or deny whether the individual exists in the database and return this information to the IAS server.

Choices for authentication providers are

• A Microsoft Windows NT, Windows 2000, or Windows .NET Server domain controller

• A Local Users file on the IAS server

• An open database connectivity (ODBC)-compliant database

• A Microsoft Commercial Internet System (MCIS) membership database

See Also AAA

Authenticode

A Microsoft security technology that certifies the identity of the publisher of software to ensure the software has not been tampered with.

Overview

To use Authenticode, an Internet software publisher first obtains a digital certificate from a certificate authority (CA). They then use Authenticode signing tools to digitally sign the application.

When a user tries to download the application from the Internet, client-side Authenticode software in Microsoft Windows displays the publisher's certificate information to help the user make a more informed decision about whether to install the software on his or her machine.

Authenticode can be used to sign Microsoft ActiveX controls, .cab files, Java applets, or any other executable files.

See Also security

Authorized Academic Training Provider (AATP)

A Microsoft training program offered to accredited academic institutions.

Overview

An Authorized Academic Training Provider (AATP) is an educational institution approved for delivery of training on Microsoft platforms and applications. AATPs can include secondary schools, vocational schools, community colleges, and universities. Microsoft Corporation provides participating institutions with tools to facilitate courseware delivery that prepares students for Microsoft Certified Professional (MCP) certifications. This enables schools to serve their communities by educating future employees to fill demands for technically certified computer professionals.

There's no fee for joining the AATP program. Some of the benefits of joining the program include the following:

• A 100-user software license received upon purchase of a Microsoft product-provided the product is the subject of a course being taught that uses a Microsoft Official Curriculum or Microsoft Approved Study Guides. Note that these licenses are for student and instructor use in the classroom only.

• Special academic pricing on Microsoft Official Curriculum and Microsoft Approved Study Guides.

• Online course outlines, evaluation tools, curriculum materials, certification fact sheets, and preparatory exams.

• Access to the private AATP Internet site.

Notes

An organization or institution cannot participate simultaneously in both the AATP and Certified Technical Education Center (CTEC) programs.

For More Information

Find out more about Microsoft's AATP program at www.microsoft.com/education/aatp/default.asp.

See Also Certified Technical Education Center (CTEC) ,Microsoft Certified Professional (MCP)

auto-application

An application that can be automatically started on the user's computer by Microsoft Connection Manager (CM) after a connection is established.

Overview

Auto-applications automatically launch and close upon the start and end of a connection. This lets administrators configure services to trigger when users open their e-mail or Web browser.

You can specify auto-applications using a wizard that allows you to specify the name of the application, command-line switches or parameters, and other information.

An auto-application must be a complete program file. It cannot require other files to work, and it cannot be a self-extracting executable.

AutoComplete

A feature of Microsoft Internet Explorer that attempts to complete a partial Uniform Resource Locator (URL) entered into the browser's Address field.

Overview

When you begin to enter a URL, the AutoComplete function checks the browser's history folder for any URLs that match your partial URL and displays the closest match to what you have entered. This saves users from having to retype long URLs when attempting to revisit a site.

AutoComplete can be viewed as both an accessibility feature and a way to avoid time-wasting mistakes. If the URL that AutoComplete suggests for you is incorrect, just keep typing the URL you want.

AutoComplete is based on the same IntelliSense technology that is implemented in certain features of Microsoft Office, such as the AutoFill feature in Microsoft Excel.

Notes

If you clear your history folder, AutoComplete will not be able to function because it uses URLs stored in that folder. The longer you leave your history folder unemptied, the larger its contents become and the more effectively AutoComplete operates.

See Also Internet Explorer

autodial

A feature of remote access in Microsoft Windows 2000, Windows NT, Windows XP, and Windows .NET Server that maps network resources to phonebook entries.

Overview

When a user or application tries to access a network resource, autodial automatically tries to establish a connection to the resource. To configure autodial in Windows 2000, go to Control Panel in My Computer, and then open Network And Dial-up Connections. Choose Dial-Up Preferences from the Advanced menu. On the Autodial tab, select the check box next to the location where you want to enable autodial, and then click OK. To configure AutoDial in Windows NT, use the User Preferences dialog box for your phonebook entry.

Notes

Certain actions will not trigger autodial. These include

• Pinging an Internet Protocol (IP) address. (Pinging a fully qualified domain name, however, will cause autodial to engage.)

• Using both a dial-up and a local area network (LAN) connection. (AutoDial engages only after an attempt to connect over the LAN has failed.)

See Also remote access

automatic logon

A logon process whereby the user gains access to the network through user credentials previously stored in the registry.

Overview

Automatic logon can be enabled on a machine running Microsoft Windows NT by editing the registry. Use registry editor (Regedit.exe) to open the following key:

HKEY_LOCAL_MACHINE      \Software          \Microsoft              \Windows NT                  \CurrentVersion                         \Winlogon

and modify or create the following REG_SZ type values:

• DefaultDomainName

• DefaultUserName

• DefaultPassword

• AutoAdminLogon

Set AutoAdminLogon equal to 1 to enable automatic logon.

You can bypass the automatic logon process by holding down the Shift key upon startup or logoff.

Notes

Use extreme care when making changes to the registry, as improper use of Registry Editor can make your system unbootable.

See Also interactive logon

Automatic Private IP Addressing (APIPA)

A feature of Microsoft Windows 2000, Windows XP, and Windows .NET Server that enables machines to be automatically assigned Internet Protocol (IP) addresses without the use of Dynamic Host Configuration Protocol (DHCP).

Overview

Automatic Private IP Addressing (APIPA) is designed for use on small networks where fewer than 25 machines are deployed. Such networks are too big to easily manage using static (manual) IP addressing and too small to warrant the use of a dedicated DHCP server for automatic IP addressing. APIPA was developed as an alternative to these two addressing methods.

If a Windows 2000, Windows XP, or Windows .NET Server client starts up and is configured for DHCP but finds no DHCP server to lease it an address, APIPA randomly assigns a machine an IP address. This randomly assigned address is in the range 169.254.x .y , which is reserved by Microsoft Corporation for this purpose and is not used on the Internet (in case your client has a direct connection to the Internet). A subnet mask of 255.255.0.0 is additionally assigned to the client.

Notes

One disadvantage of using APIPA is that machines whose addresses have been assigned using APIPA periodically poll the network for the presence of a DHCP server. Should a DHCP server be found, the machine yields its APIPA-generated address and leases a new address from the DHCP server. APIPA networks are thus particularly susceptible to interference from rogue DHCP servers, and APIPA should not be used in mission-critical or enterprise networks. You can disable this polling feature, however, by editing the registry.

APIPA is also available on the Windows 98SE platform.

See Also Dynamic Host Configuration Protocol (DHCP) ,IP address

Automatic System Recovery (ASR)

A feature of Microsoft Windows 2000, Windows XP, and Windows .NET Server that allows you to restore your system in the event of hard disk failure or corruption of system files.

Overview

Automatic System Recovery (ASR) is designed to replace the emergency repair disk (ERD) of Windows NT as the main tool for restoring systems after boot failures. ASR integrates the processes of repair, backup, and restore into a single recovery solution in the event of a disaster.

To use ASR, you must first configure it by running the Disaster Recovery Preparation Wizard, which is part of the Backup utility in Windows 2000, Windows XP, and Windows .NET Server. The resulting ASR disk contains configuration information that will be critical if you need to recover your system as a result of system volume damage or corruption. If you need to reinstall the system software, the ASR disk enables you to bring the system to the same configuration it had before the disaster.

Notes

Always run the Automatic System Recovery Wizard immediately before and after you make any changes to your system configuration using the Disk Management tool. If you do this, you will be able to return your system to the stable configuration that existed prior to your change.

See Also Windows 2000

Automatic Version Synchronization (AVS)

A feature of the Microsoft Internet Explorer Administration Kit (IEAK).

Overview

Automatic Version Synchronization (AVS) runs each time the IEAK administrator runs the IEAK Wizard and checks Microsoft Corporation's Web site for updates to Microsoft Internet Explorer. These updates are automatically downloaded and the administrator can distribute them to users throughout the enterprise.

Automation

A Microsoft technology that enables applications to expose their functionality to other applications.

Overview

Automation, formerly known as OLE Automation, is based on the Component Object Model (COM) and allows run-time binding of components. Automation is used exclusively by scripting languages, such as Microsoft Visual Basic for Applications (VBA), Microsoft Visual Basic Scripting Edition (VBScript), and Microsoft JScript, to access COM components that support Automation. The advantage of Automation is that it allows various languages to access COM components at run time. The drawbacks to Automation are that it is slow and that compile-time data type checking cannot be performed.

An application that exposes its functionality through Automation is called an Automation server. An application that communicates with the server through Automation is called an Automation controller or Automation client.

An Automation server is a COM component that typically implements the IDispatch interface. An Automation controller is a client that communicates with the Automation server, typically using IDispatch. IDispatch is a COM interface that allows a client to indirectly access all of the component's exposed methods and properties. Therefore, IDispatch enables a client to discover and access all a component's various methods and properties at run time through a single interface.

Notes

In the past, Automation required communication using the IDispatch interface. Now the term Automation is more generic and refers to the programmability of an application or component.

See Also Automation controller ,Automation server

Automation client

Also called an Automation controller, a client that accesses the functionality of an Automation server.

See Also Automation controller

Automation controller

A client that accesses the functionality of an Automation server.

Overview

Automation is a way for one application to manipulate the exposed objects (properties and methods) of another application. Automation controllers are client applications that can manipulate the exposed objects of another application called an Automation server. Examples of Automation controllers include Microsoft Word, Microsoft Excel, and Microsoft Visual Basic.

There are two kinds of Automation clients:

• Clients that have static information about the properties and methods of the Automation server bound to them at compile time.

• Clients that dynamically obtain information about the properties and methods of the Automation server at run time. These clients do this by querying the Automation server's IDispatch interface.

See Also Automation ,Automation server

Automation server

A Component Object Model (COM) component that exposes its functionality to other applications.

Overview

An example of an Automation server might be a word processing program that can expose its spell-checking functions so that Automation controllers can access them. This allows the functionality of one program (the Automation server) to be used by other programs (the Automation clients or controllers).

An Automation server typically implements the IDispatch interface.

See Also Automation ,Automation controller

auto naming

A feature of Microsoft Exchange Server that enables administrators to configure how e-mail aliases and other information are automatically generated when mailboxes are created.

Overview

Using auto naming, you could, for example, automatically generate any of the following e-mail aliases for Jeff Smith's mailbox:

• JSmith

• JeffS

• JS

You could also devise some other custom naming scheme. These e-mail aliases then would be combined with the Domain Name System (DNS) domain name of the Exchange organization to form the user's standard e-mail address. For example, if the domain name of the company is northwind.microsoft.com, JSmith would be combined with it to form the e-mail address JSmith@northwind.microsoft.com.

See Also Exchange Server

autonomous system (AS)

A group of Internet Protocol (IP) networks administered under a single administrative (routing) policy.

Overview

An autonomous system (AS) is part of the routing infrastructure of a large IP internetwork. An AS is essentially a portion of a large internetwork whose routing is administered by a single authority. Typically, this means one AS per enterprise network. An autonomous system can be under the authority of a particular corporation or institution, or it can be defined by the uniform use of a particular routing protocol such as Open Shortest Path First (OSPF).

The Internet is the de facto example of a large IP internetwork divided into different autonomous systems such as AT&T Enhanced Network Services (formerly AT&T CERFnet), SprintLink, AlterNet, and so on. These autonomous systems are connected by the Internet's core routers, which use an exterior routing protocol called Border Gateway Protocol (BGP) for communication among themselves.

Each autonomous system must be identified using a globally unique number called an autonomous system number (ASN). A BGP uses ASNs to avoid routing loops and implement policy-based routing on the Internet backbone. ASNs are required for autonomous systems connected to the Internet, and are obtained from Internet numbers registries such as the American Registry for Internet Numbers (ARIN) and the Asian-Pacific Network Information Center (APNIC). Autonomous systems exchange exterior routing information with one another by using these ASNs to identify themselves to other autonomous systems. Autonomous systems can be further subdivided into routing domains (areas) for more granular routing.

There are three basic types of autonomous systems:

• Stub AS: This AS is connected to only one other AS. A corporate network that isconnected to an AS is considered to have the same AS number as the AS it is connected to.

• Transit AS: This AS is connected to more than one other AS and can be used for transit traffic between autonomous systems. A Transit AS is usually administered by a large Internet service provider (ISP).

• Multihomed AS: This AS is connected to more than one other AS but does not let transit traffic from another AS pass through itself. An example might be a corporate network with several Internet connections to different ISPs.

See Also autonomous system number (ASN) ,Border Gateway Protocol (BGP) ,routing

autonomous system number (ASN)

A unique number used to identify an autonomous system (AS), that is, a network that can exchange exterior routing information with neighboring networks.

Overview

Every autonomous system (AS) connected to the global Internet must have a uniquely assigned autonomous system number (ASN). This ASN is required so that your AS can identify itself to other ASs on the Internet and exchange exterior routing information with their routers.

ASNs are 16-bit numbers that are assigned to networks by the American Registry for Internet Numbers (ARIN). As of 2000 there were more than 12,000 ASNs assigned to public and enterprise networks, and the number is rising rapidly as more and more enterprises implement multihoming, the use of multiple ISPs for providing Internet access for their networks. To obtain an ASN, contact ARIN and pay the one-time registration fee and the annual maintenance fee. Note that ISPs are not charged the annual maintenance fee for their ASNs.

See Also autonomous system (AS) ,multihoming

autosensing

Technology by which a local area network (LAN) device can determine the characteristics of an attached device and configure itself accordingly.

Overview

As an example, a port on an autosensing 10/100-Mbps Ethernet switch can automatically detect whether the attached station has a 10-megabits per second (Mbps) or 100-Mbps network interface card (NIC). This is a useful feature that allows a combination of 10BaseT and Fast Ethernet connections in a single LAN.

Often during migration and system upgrades you will find a combination of slower, legacy networking equipment and faster, more modern devices. These devices might need to coexist for months or years, depending on the budget available for upgrades. Using autosensing hubs and switches makes this coexistence cheap and simple and allows a full upgrade to the faster configuration later-without purchasing additional equipment.

See Also hub ,Ethernet switch

availability

The degree to which network resources operate without interruptions resulting from scheduled maintenance or unexpected failure.

Overview

Availability has become an important issue in the modern Internet economy in which online electronic businesses are made or broken on the basis of reliable, fault-tolerant technologies.

Clustering is one tool for ensuring continuous uninterrupted 24 x 7 x 365 availability of network resources. Windows 2000, Windows XP, and Windows .NET Server include support for clustering that provides the basic platform for building high-availability e-business and electronic commerce applications that can compete in today's world. Cluster services can automatically detect when an application or server fails and quickly restart it on the surviving cluster node. Users connected to the server will experience only a brief pause in service.

See Also 24 x 7 ,clustering

AVS

Stands for Automatic Version Synchronization, a feature of the Microsoft Internet Explorer Administration Kit (IEAK).

See Also Automatic Version Synchronization (AVS)

AWG

Stands for American Wire Gauge, a specification for the diameter of conducting wires.

Overview

The higher the AWG number, the thinner the wire. Category 5 (Cat5) cabling is usually AWG 24 wire (0.020 inch or 0.511 millimeter in diameter), while thicknet generally uses AWG 12 wire (0.080 inch or 2.050 millimeters in diameter). Twisted-pair telephone wire at the customer premises is typically 24 or 26 gauge, with 24 giving better performance for high- speed services such as Asymmetric Digital Subscriber Line (ADSL).

The table below shows some of the various AWG gauges for different diameters of wires. Note that the thinner the wire, the higher its electrical resistance and hence the shorter the transmission distance (because resistance varies inversely with thickness).

AXFR request

A type of Domain Name System (DNS) request in which a secondary DNS server requests the update of information from a master DNS server.

Overview

An AXFR request always results in a full zone transfer. This can take time and use considerable network bandwidth if the zone files are large.

An alternative to AXFR is the incremental zone transfer protocol described in RFC 1995. Incremental zone transfers use an IXFR request and transfer only those portions of the zone file that have been changed.

Incremental zone transfers are supported by the DNS service running on Microsoft Windows 2000 and Windows .NET Server.

See Also Domain Name System (DNS)

Microsoft Encyclopedia of Networking

ISBN: 0735613788
EAN: 2147483647

Year: 2002
Pages: 36

Authors: Mitch Tulloch, Ingrid Tulloch

BUY ON AMAZON