Applications that enable computers to function as both clients and servers.
Overview
Although the acronym P2P officially stands for "peer- to-peer," the acronym has taken on a somewhat different meaning than the earlier concept of peer-to-peer networking that evolved in the 1980s. The original idea referred to networks that were too small to warrant having dedicated servers, hence client machines could share files with one another to facilitate collaboration between users. Such peer-to-peer networks became popular with the release of Microsoft Windows for Workgroups (WFW). A key characteristic of such networks was that security was distributed-that is, there was no central authentication server to manage logon security and access control. As such, peer networking is suitable only for low security environments. Microsoft Corporation developed Windows NT to provide centralized security for such networks, turning them into domain-based networks instead of peer-to-peer ones.
The concept of peer networking has evolved in the last few years, however, to include a whole range of powerful applications that allow client computers to share resources while bypassing servers. This new concept is today called P2P and was popularized by the music sharing service called Napster, which at its peak had over 20 million users worldwide. An essential ingredient in the popularity of the P2P model is the ubiquity of the Internet. However, P2P is also making inroads into traditional enterprise corporate networks as well.
Uses
Some of the emerging uses for P2P applications and platforms include
File sharing:
Shared processing: This enables multiple client machines to share the processing load for certain tasks, reducing pressure on network servers. A good example here is the Search for Extra-Terrestrial Intelligence (SETI) at Home Project developed by the University of California at Berkeley. SETI at Home has more than 2 million registered users who have downloaded P2P software and use it to help search radio telescope signal archives for messages that extraterrestrials might be sending from other star systems. Another classic example in this category is Intel Corporation, which has saved $500 million over 10 years by using a P2P program called Netbatch to harness the processing power of thousands of workstations for the job of chip design.
Automatic software distribution: Many enterprises have expressed interest in P2P as a vehicle for distributing software such as virus updates and system patches across the network. One company that pioneered in this direction is myCIO.com (now McAfee AsaP), which developed antivirus definition distribution software that employs token-based authentication to ensure secure distribution of updates.
B2B collaboration: P2P provides new mechanisms for businesses to interact online to integrate supply- chain processes and foster a collaborative business environment. An example of such an application is Mangomind from Mangosoft, which provides a secure real-time Internet-based file-sharing service along the P2P model. Consilient is another company with P2P platforms for B2B linkage.
Marketplace
P2P file sharing services are popular on the Internet. Napster was the pioneer here, and newer alternatives include BearShare, Gnutella, LimeWire, and Toad- Node. In the enterprise arena, secure P2P file sharing platforms are also appearing from such vendors as NextPage, Tacit Knowledge Systems, OpenCola, 3Path, and Groove Networks. Many of these platforms can not only share files but also deliver messages, distribute Web content, locate content of interest automatically using rules-based procedures, and perform other functions.
In the area of distributed processing, a P2P application called WebProc from Datasynapse securely allows unused cycles of client machines to be used for complex processing tasks, offloading some of the processing burden from network servers. Porivo Technologies has a similar product called Peer, implemented as a Java-based application, and Entropia has a similar product.
Other emerging P2P vendors include AgentWare, with its P2P platform for managing web sites, portals, and B2B e-commerce; WorldStreet Corporation with P2P software for online brokerages and investment institutions; and Porivo Technologies with Web performance testing software.
Prospects
Early use of Napster and similar P2P file sharing applications by users on corporate networks caused headaches for IT (information technology) managers, as these applications tended to eat up available bandwidth and thus deny access to legitimate network services. This initially created a bias against P2P platforms in the enterprise that still remains in some measure today. Other reasons network administrators have been reluctant to utilize P2P in the enterprise are the lack of standards and because P2P applications bypass centralized server-based network security. Nevertheless, interest in P2P continues to grow in the enterprise.
Major industry players Intel Corporation, Hewlett- Packard, and others have established the P2P Working Group to steer the development of P2P standards, especially in the area of security. The Working Group's efforts are directed toward making P2P a more secure platform for use in the enterprise. Microsoft's .NET platform and Sun Microsystems' JXTA also represent exciting initiatives that will enable secure, enterprise- class P2P applications to be developed for enterprise use.
See Also B2B , JXTA ,.NET platform ,
Stands for Platform for Privacy Preferences, a standard specifying how Web sites communicate their privacy policy to visitors.
See Also Platform for Privacy Preferences (P3P)
In Microsoft Systems Management Server (SMS), an object that defines software to the SMS system.
Overview
Packages store information about software so that various components of the software can be identified as a group. You use SMS to install a package on client computers, share the package so that it can be run from network servers, and maintain inventory information about the package. You can create packages for all types of software, including Microsoft, third-party, and in-house applications; data files; batch files; and scripts.
A package contains a definition of the files that make up the software, plus other configuration and identification information. You create packages using the Systems Management Server Administrator program. Packages are stored in the SMS database at your site and at all subsites. After you create a package, you must also create a job that can be used to install the package on clients or share the package on servers.
You use a package server-a type of server in an SMS implementation-to install and maintain packages. There are two kinds of package servers:
Source servers: These contain the original source files for software to be distributed.
Distribution servers: These store and distribute the package files.
Notes
If you want to perform software inventory, you need not explicitly create a job for this purpose. When you define the inventory properties for a package, SMS automatically creates a system job to update the SMS inventory components. This allows SMS to maintain inventory information on the package.
See Also Systems Management Server (SMS)
The fundamental unit of information transmitted over a packet-switched network or digital communication link.
Overview
A packet is essentially a chunk of information sent over a network. For example, to transfer a file from one host to another on the Internet using the File Transfer Protocol (FTP), the file is first broken down into a series of chunks of data that are packaged into units called "packets." These packets have a header added to the beginning of the packet that contains control information concerning the packet type, the source address, and the packet's destination address. They may also contain error-checking information, often as a trailer (footer) added to the end of the packet. Packets have a logical structure based on the particular type of protocol used, but the general structure of a packet always includes a header followed by a payload (data) and an optional trailer. Packets can also have different sizes and structures depending on the underlying network architecture.
A packet might also be called a datagram, a frame, or a cell, depending on the type of networking under consideration. However, from the perspective of the Open Systems Interconnection (OSI) reference model, the terms packet and frame have precise definitions and are considered different entities. From the OSI perspective, a packet is an electronic envelope containing information formed in one of the layers from Layer 3 through Layer 7 of the OSI model, but a frame is an electronic envelope of information that includes the packet as well as other information from all seven layers of the OSI model.
See Also frame , Open Systems Interconnection (OSI) reference model ,
A device that connects computers and other networking equipment to an X.25 packet-switched network.
Overview
Packet assembler/disassemblers (PADs) are telecommunications devices that break down binary data streams into individual packets suitable for asynchronous transmission over X.25 networks. PADs also format packets by adding suitable headers to enable packets to reach their destination. When receiving data, a PAD also accepts packets from the network and translates (reassembles) them into a data stream that the computer can understand. The PAD's function is thus to assemble data such as strings of characters into packets to transmit over the X.25 network to the remote host and to disassemble packets that are received.
PADs were originally developed to enable remote dumb terminals to communicate over X.25 networks with mainframe computers. They were needed because such terminals lacked the processing capability to implement the X.25 protocol on them directly. The PAD thus acted as an intermediary between the terminal and the mainframe and buffered data received from the terminal and assembled or disassembled it into X.25 packets depending on whether it was transmitting or receiving.
Although early PADs required external data communications equipment (DCE), most PADs now have integrated DCE to allow them to be directly connected to asynchronous data terminal equipment (DTE) such as terminals, computers, routers, and access servers.
Implementation
When one computer on an X.25 network wants to communicate with another computer in a remote location, the first computer sends a signal to its attached PAD requesting a connection to the remote computer. The remote computer responds by either accepting the request and initiating full-duplex communication or rejecting the request. Either computer can then terminate the link at any time. Note that this communication link is for data only-X.25 does not support voice transmission. Note also that PADs are DCEs, and even though they are located at the customer premises, they are actually considered nodes on the X.25 network and are therefore drawn within the cloud in the diagram.
When PADs are used for providing remote access through dumb terminals over X.25 to mainframe or minicomputer hosts, the terminals require PADs but the mainframe hosts do not-they are directly connected to the X.25 network. To configure the PAD, the administrator must specify a number of PAD parameters such as echo control, data forwarding, break signals, line folding, and binary speed. The PAD parameters (usually 22 for each terminal that the PAD services) are defined by an International Telecommunication Union (ITU) protocol called X.3. Communication between terminals and PADs is governed by the protocol X.28, and communication between the PAD and the remote host is governed by X.29.
Packet assembler/disassembler (PAD). Using PADs to connect dumb terminals to a mainframe host.
PADs come in different configurations. Some PADs support eight or more asynchronous DTE connections and have multiple DCE interfaces for maximum configurability. Typically, you connect your asynchronous hosts (computers) to the PAD using RJ-45 connectors on twisted-pair cabling. The PAD then connects to a Channel Service Unit/Data Service Unit (CSU/DSU), which interfaces with the X.25 connection using a serial interface such as RS-232 or V.35. Some PADs now have integrated CSU/DSU functionality to allow them to be directly connected to the X.25 networks using serial interfaces. Some PADs even support both X.25 and frame relay and can thus be used to ease the migration path from older X.25 to newer frame relay services.
Notes
The Routing and Remote Access Service (RRAS) on Microsoft Windows 2000 and Windows .NET Server support PADs and other ways of connecting to X.25 networks, such as X.25 smart cards and special modems for dialing up X.25 carriers such as SprintNet and Infonet.
See Also Channel Service Unit/Data Service Unit (CSU/DSU) , data communications equipment (DCE) ,data terminal equipment (DTE) ,frame relay ,International Telecommunication Union (ITU) , RS-232, serial transmission, terminal, V.35, X.25
Controlling a flow of packets based on information contained within the packets.
Overview
Packet filtering is simply a way of controlling traffic on a packet-switched network such as the Internet. Filtering can be performed on packet attributes such as source address, destination address, packet type, packet length, and source and destination port numbers.
Most routers support some degree of packet filtering capability that enables these routers to provide firewall capabilities for protecting a network from unauthorized traffic. Such routers are often called packet-filtering routers or screening routers. Note, however, that implementing packet filtering on a traditional hardware router can cause a performance hit of about 30 percent on the router's ability to handle network traffic.
Administrators can create rules or policies on screening routers for filtering out unwanted packets and can arrange these rules in the most efficient order. Using these rules, different actions can then be performed on each individual packet that arrives at the router. For example, a packet arriving at the router may be forwarded to its destination, dropped (ignored), or rejected (an error message is returned to the sender). Also, the router may log the event or send an alert to notify the administrator if configured. More sophisticated routers can also
Modify the contents of the packet-for example, to perform Network Address Translation (NAT).
Route the packet to a different destination than intended-for example, in load balancing a connection.
Some routers and firewalls can actually ping the source address of each packet to ensure that addresses local to the company network are coming from inside the network and are not being spoofed by a hacker outside the network.
Implementation
Packet filtering can be implemented on screening routers and firewall appliances in two basic ways: static filtering and dynamic filtering.
Static packet filtering: This provides limited security by configuring selected ports as either permanently open or permanently closed. For example, to deny outside packets access to a company intranet server on port 80 (the standard port number for the Hypertext Transfer Protocol, or HTTP) you could configure the router or firewall to block all incoming packets directed toward port 80.
Dynamic packet filtering: Also called stateful packet filtering, this provides enhanced security by allowing selected ports to be opened at the start of a legitimate session and then closed at the end of the session to secure the port against attempts at unauthorized access.
Packet filtering. Two forms of packet filtering.
Dynamic packet filtering is particularly useful for protocols that allocate ports dynamically-for example, with the File Transfer Protocol (FTP). If you want to grant outside users secure access to an FTP server behind the firewall (within the corporate network), you need to consider the following:
Port 21 (the FTP control port) needs to be left permanently open so that the FTP server can "listen" for connection attempts from outside clients. A static filtering rule can accomplish this.
Port 20 (the FTP data port) needs to be opened only when data will be uploaded to or downloaded from the FTP server. With static filtering this port would have to be configured as permanently open, which could provide a door for hacking attempts. Dynamic filtering allows this port to be opened at the start of an FTP session and then closed at the end of the session.
Then, in order to establish an FTP connection with the client, the FTP server randomly assigns two port numbers in the range 1024 through 65,535 to the client, one for the control connection and one to transfer data. Because these ports are assigned randomly, there is no way to predict which ports above 1024 must be able to be opened by the firewall. With static filtering, you would therefore have to leave all ports above 1024 permanently open if you wanted to allow FTP access through the firewall, which would be a real security risk. With dynamic filtering, however, you can configure rules on the firewall that will read the packets issued by the server, dynamically open the two randomly assigned ports to allow a session to be opened, monitor the flow of packets to ensure that no unauthorized users attempt to hijack the session, and close the randomly assigned ports when the FTP session ends.
Marketplace
Most traditional hardware routers today support various degrees of packet filtering functions. Packet filtering can be configured on Cisco routers using Cisco Internetwork Operating System (IOS) commands.
An alternative to using screening routers is using a dedicated server with Microsoft Internet Security and Acceleration (ISA) Server installed. ISA Server includes dynamic packet filtering among its various other security features. If packet filtering is enabled, all incoming and outgoing packets are rejected unless an exception is explicitly created that allows them to pass. Packet filters can be enabled on ISA Server only if the machine has an external network interface, such as one connected to a distrusted network such as the Internet. ISA Server includes a number of predefined filters that you can use to quickly configure exceptions for common protocols when securing your network to the Internet. ISA Server also supports domain filters for allowing or denying access to Hypertext Transfer Protocol (HTTP) or File Transfer Protocol (FTP) services based on the source Internet Protocol (IP) address or Domain Name System (DNS) domain name. ISA Server can issue alerts to inform you when packets are rejected or illegal packets are detected. It will also keep a log of alerts that occur for analysis and record keeping.
See Also Domain Name System (DNS) , File Transfer Protocol (FTP) ,firewall ,Hypertext Transfer Protocol (HTTP) ,Internet Security and Acceleration Server (ISA Server) ,Internetwork Operating System (IOS) ,IP address , router
Accepting a packet and transmitting it to its destination.
Overview
A router receives packets from hosts on one attached network and either forwards them to hosts on another attached network or forwards them to another router for further forwarding to a more distant network.
The exact way in which a packet is forwarded is typically based on a comparison of the packet's destination address with the routing table stored in the router. Each act of forwarding performed by a router is called a hop across the internetwork.
See Also hop count , router
A form of communication in which data is broken into small packets that are forwarded individually across a network to their destination.
Overview
Packet switching allows data to be broken down and sent over computer networks and telecommunications services in short bursts called packets that contain sequence numbers so that they can be reassembled at the destination. These packets typically travel over a network or telecom "cloud" that contains routers or switches that examine and route packets from one such device to another, causing the packets to "hop" from switch to switch or router to router. Individual packets belonging to the same communication session might be switched over several different paths, depending on factors such as traffic congestion and switch availability at any given moment. Once the packets reach their destination, they are reassembled into a bit-stream to enable reliable communications to occur.
Types
Packet switching is the transmission method used for most computer networks because the data transported by these networks is fundamentally bursty in character and can tolerate latency (due to lost or dropped packets). In other words, the transmission bandwidth needed varies greatly in time, from relatively low traffic due to background services such as name resolution services, to periods of high bandwidth usage during activities such as file transfer. This contrasts with voice or video communication, in which a steady stream of information must be transmitted in order to maintain transmission quality and in which latency must remain minimized to preserve intelligibility.
The Internet is the prime example of a packet-switched network based on the Transmission Control Protocol/Internet Protocol (TCP/IP). A series of routers located at various points on the Internet's backbone forwards each packet received on the basis of destination address until the packet reaches its ultimate destination. TCP/IP is considered a connectionless packet-switching service because TCP connections are not kept open after data transmission is complete.
X.25 public data networks are another form of packet- switching service, in which packets (or more properly, frames) formatted with the High-level Data Link Control (HDLC) protocol are routed between different X.25 end stations using packet switches maintained by X.25 service providers. Unlike TCP/IP, X.25 is considered a connection-oriented packet-switching protocol because it is possible to establish permanent virtual circuits (PVCs) that keep the logical connection open even when no data is being sent. However, X.25 can be configured for connectionless communication by using switched virtual circuits (SVCs). An X.25 packet-switched network typically has a higher and more predictable latency (about 0.6 seconds between end stations) than a TCP/IP internetwork. This is primarily because X.25 packet switches use a store-and- forward mechanism to buffer data for transmission bursts, which introduces additional latency in communication. In addition, X.25 uses error checking between each node on the transmission path, while TCP/IP uses only end-to-end error checking.
Frame relay (formerly called "fast packet switching") is another connection-oriented packet-switching service that gives better performance than X.25. It does this by switching packets immediately instead of using the store-and-forward mechanism of X.25 networks. Frame relay also eliminates flow control and error checking to speed up transmission. This is possible because frame relay networks use modern digital telephone lines, which are intrinsically much more reliable than the older analog phone lines on which much of the X.25 public network still depends. Frame relay supports only connection- oriented PVCs for its underlying switching architecture.
Finally, Asynchronous Transfer Mode (ATM) is another packet-switching service in which small fixed-length packets called cells are switched between points on a network.
Comparison
Packet switching is different from circuit switching, in which switches are configured in a fixed state for the duration of the session so that the route the data takes is fixed. A network that is circuit-switched requires a dedicated switched communication path for each communication even if its full bandwidth is not being used. In packet switching, bandwidth can be used when available for more efficient transmission. Circuit switching is generally used in telephone systems, and packet switching is used for computer networks. Digital cellular phone services were originally circuit-switched as well, but most cellular systems are now packet-switched networks to achieve greater efficiency in data transmission.
Another difference between packet switching and circuit switching is that circuits must first be established before any data is sent, and this generally involves a certain amount of setup time. During this process, the request for a circuit connection must pass through the circuit-switched network, resources must be reserved for the connection, and a signal must be returned to the initiating station when the circuit is established and data transmission can begin. Circuit-switched networks are thus useful only when the duration of the data transmission is much longer than the setup time involved in establishing the circuit. With packet switching, data can be sent at the start of transmission, which is better suited to the bursty, irregular nature of short network transmissions over a computer network or WAN link. Packet switching is thus a connectionless service in which it is unnecessary to establish a communications line (circuit) before sending a transmission.
See Also Asynchronous Transfer Mode (ATM) , circuit-switched services ,connectionless protocol ,connection-oriented protocol ,frame relay ,Internet ,latency , routing, switched virtual circuit (SVC), Transmission Control Protocol/Internet Protocol (TCP/IP), X.25
Telecommunications services provided by telcos for building wide area networks (WANs).
Overview
Packet-switching services are services that route customer traffic over telco packet-switching networks. Such services may include frame relay, X.25, Asynchronous Transfer Mode (ATM), or Switched Multimegabit Data Services (SMDS).
Packet-switching services are only one form of WAN service offered by telcos to enable enterprises to connect remote offices. The main alternative to packet- switched services are circuit-switched services such as T-carrier leased lines, which tend to be much more costly because they require dedicated telco switches instead of routing traffic over a public packet-switching network.
Implementation
In a typical scenario, the customer's local network is typically connected through routers, bridges, Frame Relay Access Devices (FRADs), or other devices to a telco's central office (CO). These customer premises equipment (CPE) either have built-in technology for connecting directly to packet-switching services or use intermediary devices such as Channel Service Unit/Data Service Unit (CSU/DSU) devices. The packet- switching CPE then takes network frames and "packages" them into packets suitable for the specific type of packet-switching service being used. The packaging process varies with the particular service used, but it basically consists of breaking down network frames into relatively small individual packets of data and tagging the packets with the destination address of the remote node to which the packet is directed. Each end node (local network access device) connected to the cloud has a Layer 2, or data-link layer, address that is known to every other end node. These addresses are used to route packet data between individual nodes on the WAN or to broadcast packets to all nodes when needed. Other information is also tagged onto the packets for error correction and other purposes, depending on the service used. The packets are usually small to lessen the load on the switching devices and to enable quick retransmission when transmission errors occur.
Packets are individually placed onto the carrier's packet-switched network and switched from circuit to circuit until they reach their destination. Two packets forming part of the same network message might take entirely different routes to reach their destination node-it depends on the best route available at any given moment, as determined by the packet-switching services themselves. This is different from circuit- switched networks, in which all packets are sent over the same switched circuits for the duration of the connection. At the destination, the packets are reassembled into network frames and delivered to the remote network, where they are routed to their destination.
Packet-switching services. How packet-switching services connect LANs into a WAN.
In networking diagrams, a public packet-switched network is typically depicted as a cloud because the details of the switches and connections are not of interest to the customer-they are the responsibility of the carrier or carriers providing the services.
Advantages and Disadvantages
Advantages of packet-switching services include the following:
Customers are not restricted to a single destination, as with point-to-point connections using leased lines.
Packets can be routed to any destination that supports similar services, so businesses are not tied to a particular carrier or telco.
Packet-switched networks have low latency and are suitable for hosting dedicated services such as company Web servers if the connection has sufficient bandwidth.
Customers usually pay monthly rates plus additional charges based on bandwidth use, which means that the primary charges are on a per-transaction basis. The less you use the service, the less you pay.
The main disadvantage of packet-switching services is that they are shared services rather than dedicated ones, although today's telco services offer service level agreements (SLAs) and quality of service (QoS) to guarantee minimum bandwidth for greater reliability.
Notes
If virtual private network (VPN) technologies are employed, the public Internet can also be used as a packet-switching service for multipoint WAN connections, something that is rapidly growing in popularity due to the ubiquity and low cost of Internet access.
See Also Asynchronous Transfer Mode (ATM) , bridge ,Channel Service Unit/Data Service Unit (CSU/DSU) ,circuit-switched services ,customer premises equipment (CPE) ,frame relay ,Frame Relay Access Device (FRAD) ,leased line , quality of service (QoS), router, Switched Multimegabit Data Services (SMDS), T-carrier, telco, virtual private network (VPN), wide area network (WAN), X.25
Stands for packet assembler/disassembler, a device that connects computers and other networking equipment to an X.25 packet-switched network.
See Also packet assembler/ disassembler (PAD)
Stands for Personal Area Network, a network that surrounds and travels with an individual.
See Also Personal Area Network (PAN)
Stands for Password Authentication Protocol, an authentication protocol supported by Point-to-Point Protocol (PPP).
See Also Password Authentication Protocol (PAP)
A form of signal transmission that sends multiple bits simultaneously over a cable.
Overview
Although a serial interface such as RS-232 transfers only 1 bit of data at a time, parallel interfaces typically transfer 8 bits (1 byte) of data at a time. Parallel interfaces are used mainly to connect printers, hard disks, and other peripherals to computers. A typical parallel interface for a computer uses a port that accepts a female DB25 connector. The parallel interface for a printer often uses a 36-pin Centronics connector.
For the DB25 connector, all 25 of the leads must be working for parallel transmission to function. In contrast, serial interfaces, which sometimes also use DB25 connectors, require only three active leads to transmit data. The parallel 25-pin connector has 17 leads for carrying signals and 8 leads for grounding. Of the 17 leads, 8 are used for data bit signals, 5 for status signals, and 4 for handshaking. Typical throughput of a parallel interface is 16 kilobits per second (Kbps) or 128 Kbps. Parallel communication is usually limited to cables of up to 20 feet (6 meters), but devices can be used to boost signals for longer distances.
Notes
A new type of parallel interface, conforming to the IEEE 1284 standard, supports bidirectional parallel communication at speeds of up to 1 megabit per second (MBps) over distances of up to 33 feet (10 meters). Parallel ports that support this standard are referred to as Enhanced Parallel Ports (EPPs) or Extended Capabilities Ports (ECPs).
See Also connector (device) ,IEEE 1284 ,RS-232 ,serial transmission
A domain that contains other subdomains.
Overview
A parent domain is a domain that has subdomains (or child domains) under it within a domain tree. The Domain Name System (DNS) name of the parent domain forms the basis of the names for the subdomains. For example, the parent domain named microsoft.com could include three child domains named dev.microsoft.com, marketing.microsoft.com, and support.microsoft.com. A two-way transitive trust exists between a parent domain and its associated child domains.
See Also Active Directory ,domain (Microsoft Windows) ,domain tree
Redundant information associated with any block of information that provides fault tolerance.
Overview
Parity information for a block of data is typically calculated from the data itself and can be used to reconstruct the data in the event of data loss or link failure. One place that parity information is used is in RAID-5 volumes. These volumes stripe data and parity information across a set of physical disks in such a way that for each stripe one disk contains the parity information while the other disks contain the data being stored. Each stripe uses a different (rotating) disk for storing its parity data.
The parity information for the stripe is created using an exclusive OR (Boolean XOR) operation on the data in the stripe. As a simple example, suppose that the block of binary data 10011 is to be written to a stripe on a RAID-5 volume that comprises six physical disks. Bit "1" is written to the first disk, bit "0" to the second disk, bit "0" to the third disk, and so on. The sixth, or parity, disk in the stripe contains the parity bit:
1 XOR 0 XOR 0 XOR 1 XOR 1 = 1
If the first disk fails so that the "1" bit stored on it is lost, the missing bit can be mathematically reconstructed using the remaining data bits and the parity bit for the stripe as follows:
? XOR (0 XOR 0 XOR 1 XOR 1) = 1 ? XOR 0 = 1 Therefore ? = 1
See Also fault tolerance ,redundant array of independent disks (RAID)
A logical divider for organization information in Active Directory directory service in Microsoft Windows 2000.
Overview
Partitions divide Active Directory into separate sections and enable it to store large numbers of objects in a distributed directory over the network. They also allow Active Directory to scale to millions of objects. A partition functions as a physical storage container for a portion of the directory data for an organization. Each domain's directory information is stored in a separate partition and is identified using the distinguished name of the domain. The global catalog server can find an object in Active Directory by using the object's distinguished name (DN), which can be used to identify a replica of a partition that contains the object.
See Also Active Directory ,distinguished name (DN) ,global catalog server
A portion of a physical disk that functions like a completely separate physical disk.
Overview
Partitions allow physical disks to function as multiple separate storage units for isolating operating systems from applications data on a single-boot system or for isolating operating systems from one another on a multiboot system.
Disks can have two types of partitions:
Primary partitions: You can install a bootable operating system along with its associated file system on primary partitions. A physical disk can have up to four primary partitions.
Extended partitions: A series of logical drives can be created on extended partitions. You can create an extended partition on a disk to overcome the limitation of four primary partitions per disk.
Notes
You can create partitions by using the Fdisk command in MS-DOS and all versions of Microsoft Windows, by using Disk Administrator in Windows NT, or by using the Disk Management tool in Windows 2000, Windows XP, and Windows .NET Server. Using the Fdisk command, you can create one primary partition and one extended partition. Disk Administrator can create up to four primary partitions or three primary and one extended partition. In Disk Management on Windows 2000, Windows XP, and Windows .NET Server, you can create partitions only on basic disks, not on dynamic disks (volumes are created on dynamic disks instead of partitions).
See Also basic disk ,dynamic disk
Another name for a patch panel, a rack-mounted panel with a series of connectors that provides a branching- out point for network cabling to leave the wiring closet and make horizontal runs to wall plates in the work areas.
See Also patch panel
A technology for bypassing the bottleneck of the local loop.
Overview
Traditional telco data services have been limited by the technology of the local loop, the "last mile" of copper wiring connecting businesses to the Public Switched Telephone Network (PSTN). This copper wiring means that data rates delivered to customers are far below the speeds at which data is transported in the core of telco networks. A passive optical network (PON) provides a way of working around this bottleneck that analysts estimate affect three-quarters of all businesses in the United States.
Implementation
Instead of deploying a full "fiber-to-the-curb" buildout with its high cost and complexity, a PON connects an optical access switch (OAS) or optical line terminal (OLT) located at the telco central office (CO) using a single strand of fiber-optic cabling to a passive optical splitter or coupler located in the neighborhood of a group of customers. The fiber connecting the CO to the splitter is passive-that is, it has no active components such as repeaters or optical amplifiers. Instead, a high-power laser is used to ensure that signals maintain strength over the trunk length, which is typically limited to 12 miles (19 kilometers). Multiple splitters can be deployed on a single fiber, up to a maximum of 32 splitters, and these may be configured in various ways to create star or ring networks as needed and support both permanent virtual circuits (PVCs) and switched virtual circuits (SVCs).
Passive optical network. Provisioning business customers with high-speed data services using a PON.
Customers can then be connected to splitters in their neighborhood either by deploying intelligent optical terminals (IOTs) or optical network units (ONUs) located at the customer premises and connecting them to the splitters using fiber-optic cabling (if it has been deployed to the customer premises) or by using existing copper local loop cabling running high-speed Digital Subscriber Line (DSL) technologies. The result is that high-speed data services can be more easily and efficiently provisioned to customers without the need to lay a lot of fiber.
PONs multiplex data at the splitters using either time-division multiplexing (TDM) for downstream traffic or time division multiple access (TDMA) for upstream. Two speed configurations are common: 155 megabits per second (Mbps) in both directions or asymmetric 622 Mbps downstream and 155 Mbps upstream. Some faster speeds have been achieved in test bed environments, such as OC-48 PONS running at 2.48 gigabits per second (Gbps).
Advantages and Disadvantages
PONs help telcos offer high-speed services to more customers without the cost of building out excessive amounts of neighborhood fiber structure. The downside is that they are shared, rather than dedicated, services, but by overlaying dense wavelength division multiplexing (DWDM) on PONs, telcos can provide users with individual lambdas simulating dedicated links. Such services, however, are likely to be several years away.
Marketplace
Several startups have reached market with PON switches, including Quantum Bridge and Terawave Communications. This market is likely to explode in the next few years as real-life PON rollouts accelerate.
For More Information
Visit the Full Service Access Network coalition at www.fsanet.net
See Also central office (CO) , Digital Subscriber Line (DSL) ,fiber-optic cabling ,fiber to the curb (FTTC) , switched virtual circuit (SVC), telco, Time Division Multiple Access (TDMA), time-division multiplexing (TDM)
A terminator such as a resistor that absorbs signal energy and prevents signal bounce.
Overview
Passive termination is generally used in bus topology networks such as legacy 10Base2 and 10Base5 Ethernet networks. Termination is not required in star topology networks because the central concentrator (hub) provides the termination for each signal path. Ring topology networks such as Token Ring also do not require termination points because the signal path has no beginning or end.
Passive termination is also used in some forms of Small Computer System Interface (SCSI) systems for terminating a chain of SCSI devices. Active termination, which involves electronically canceling the signal incident on the end of a transmission system, is generally more expensive than passive termination but more efficient.
See Also 10Base2 ,10Base5 ,bus topology ,Ethernet ,hub ,Small Computer System Interface (SCSI) ,star topology ,Token Ring
In Microsoft Windows NT-based networks, a method of performing authentication to a domain controller that resides in a trusted domain.
Overview
Pass-through authentication enables users to log on to computers in domains in which they do not have a valid user account. Users in a multidomain Windows NT-based network can thus access resources anywhere in the enterprise for which they have suitable permissions.
Consider the example of an enterprise consisting of three domains-two resource domains (the trusting domains) in which network resources such as shared folders or printers reside, and a master domain (the trusted domain) in which all user accounts are defined. The resource domains trust the master domain using Windows NT one-way nontransitive trusts. When a user attempts to log on to a computer in a resource domain, pass-through authentication takes place in one of two ways:
When the user first logs on to the computer, the domain controller in the resource domain passes the user's credentials to the domain controller in the master domain. The user is authenticated, and the user's security identifier (SID) and group membership are returned to the domain controller in the resource domain.
If the user tries to access a shared folder or printer in the other resource domain, the user's credentials are passed to the domain controller in the master domain in order to be authenticated for resource access.
Notes
Windows 2000 and Windows .NET Server networks employing Active Directory directory service and running in native mode use the Kerberos authentication protocol to authenticate across domain boundaries.
See Also Active Directory ,domain (Microsoft Windows) ,Kerberos ,trust
A secure identifier that enables a user to access a secured resource.
Overview
Passwords are a part of a user's credentials, which include, at a minimum, the username and password. In a multidomain Microsoft Windows 2000-based enterprise, these credentials also include the user's domain. Passwords are generally known only to users themselves and possibly to members of the Administrators or Account Operators group on Windows 2000-based networks. Users can use their password to log on to the network and access resources for which they have permission. If a user forgets his or her password, the user cannot log on to the network unless the user contacts the administrator and requests that the password be reset.
Notes
When establishing a password policy for your company, you should determine
Who will control passwords-the administrators or the users. Giving users control over their own passwords makes them completely responsible for their systems and personal data. You can configure Windows NT, Windows 2000, Windows XP, and Windows .NET Server so that the first time users log on to the network they must change their initial password to one that only they know. This is usually the best solution.
How complex passwords should be and how often they should be changed. If you make passwords too complex, such as random scrambles of letters, numbers, and symbols, the network might be less secure instead of more secure because users are likely to write down a difficult-to-remember password and tape it under their keyboard or in some other handy location. Also, if passwords must be changed frequently, users will typically make simple changes such as adding an incremental number to the end of each new password. The best policy is usually to require a password of six to eight characters that does not change and to teach users to select passwords that do not include family names, addresses, postal codes, or other easily obtainable personal information. Passwords should usually be simple combinations of letters and numbers, such as "blue144" or "max13one."
See Also username
An authentication protocol supported by Point-to-Point Protocol (PPP).
Overview
Password Authentication Protocol (PAP) is a clear-text authentication scheme employed in PPP wide area network (WAN) links. PAP is not a secure form of authentication because the user's credentials are passed over the link in unencrypted form. For this reason, Challenge Handshake Authentication Protocol (CHAP) or some other authentication protocol is preferable if the remote PPP client supports it. If the password of a remote client using PAP has been compromised, the authentication server can be attacked using replay attacks or remote client impersonation.
PAP is outlined in RFC 1334.
Implementation
PAP uses a two-way handshake to perform authentication. Once the PPP link is established using the Link Control Protocol (LCP), the PPP client sends a username and password to the PPP server. The server uses its own authentication scheme and user database to authenticate the user, and if the authentication is successful, the server sends an acknowledgment to the client.
PAP is typically used only if the remote access server and the remote client cannot negotiate any higher form of authentication. The remote client initiates the PAP session when it attempts to connect to the PPP server or router. PAP merely identifies the client to the PPP server; the server then authenticates the client based on whatever authentication scheme and user database are implemented on the server.
See Also Challenge Handshake Authentication Protocol (CHAP) , Link Control Protocol (LCP) , wide area network (WAN)
Stands for Provider Architecture for Differentiated Services and Traffic Engineering, an emerging standard for Internet service billing and traffic delivery.
See Also Provider Architecture for Differentiated Services and Traffic Engineering (PASTE)
Stands for port address translation, another name for network address port translation, a form of network address translation (NAT) in which both Internet Protocol (IP) addresses and port numbers are translated.
See Also network address translation (NAT)
A short cable for connecting networking devices.
Overview
Patch cables are usually unshielded twisted-pair (UTP) cabling terminated at both ends with RJ-45 connectors. Cable vendors usually supply patch cables in fixed lengths such as 1, 3, 6, 10, 25, 50, and 100 feet, and also in custom lengths. Patch cables usually come in various colors, which can be helpful in organizing the cabling joining devices on your equipment racks and avoiding "spaghetti." A common use for patch cables is to connect a port on a patch panel to a port on a hub or a switch.
Patch cable. An example of a patch cable.
Types
Always use patch cables that meet the requirements of your networking equipment and wiring infrastructure. Category 5 (Cat5) patch cables, which are certified to 100 megahertz (MHz), or enhanced Category 5 (Cat5e) patch cables, which are certified to 350 MHz and higher, are generally recommended for most modern structured wiring installations. Cat5 UTP patch cables should generally be no longer than 33 feet (10 meters).
Using patch cables with molded boots can help prevent kinks from forming and thus prevent pins from becoming bent through rough handling. Molded boots can also reduce the amount of crosstalk in the cable and allow it to perform at higher frequencies.
Be sure to purchase the correct type of patch cable according to its usage. For example:
The wiring type (pinning) of the cable should match that of your installed premise cabling. Pinning types include TSB 568A, TSB 568B, and USOC, which are described in the table.
Use straight-pinning or crossover cabling depending on the types of devices you are connecting. Crossover cabling, which has the send and receive wire pairs switched, is used primarily for connecting legacy hubs.
UTP Pinning Type | Pinning for Each Wire Pair |
568A | Blue 4 and 5 Orange 3 and 6 Green 1 and 2 Brown 7 and 8 |
568B | Blue 4 and 5 Orange 1 and 2 Green 3 and 6 Brown 7 and 8 |
USOC | Blue 4 and 5 Orange 3 and 6 Green 2 and 7 Brown 1 and 8 |
See Also Category 5 (Cat5) cabling , crossover cable ,crosstalk ,enhanced Category 5 (Cat5e) cabling ,infrastructure , RJ connectors, structured wiring, unshielded twisted-pair (UTP) cabling
A panel for connecting cabling in a structured wiring infrastructure.
Overview
Patch panels are usually standard 19-inch-wide panels for mounting in equipment racks in wiring closets. A typical patch panel is a rack-mounted panel with a series of RJ-45 jacks that provides a branching-out point for network cabling to leave the wiring closet and make horizontal runs to wall plates in the work areas. They typically contain between 16 and 96 ports for connecting to hubs and switches using patch cables.
Patch panels are mainly used to organize wiring and to avoid "spaghetti." The horizontal cables running from the wiring closet to the wall plates are usually connected to the back of the patch panel, and the patch cords connecting to the hubs and switches plug into the front of the patch panel. The back of the patch panel is a form of punchdown block-wires are not soldered but punched down using a sharp tool called a punchdown block tool. Although an older name for a patch panel is "passive hub," a patch panel is a "hub" only in the sense that it is a physical device in which wires are concentrated-patch panels themselves cannot be used to network computers. All true hubs used in networking are active hubs, which are powered devices that regenerate signals coming into one port for transmission through other ports on the hub.
Patch panel. Example of a patch panel.
Types
Modular patch panels allow the greatest flexibility of configuration by allowing different kinds of jacks (RJ-45 or fiber-optic connectors) to be installed as needed.
Although front-access patch panels are the easiest to install in cramped conditions, you can use hinged or folding patch panels as a convenient alternative to full-size, rack-mounted patch panels.
There are a few things you should be aware of when selecting patch panels:
Be sure that your patch panels are Category 5 (Cat5)-approved if you plan to upgrade your network.
Do not remove excessive amounts of cable jacket when you terminate Cat5 cables to terminal blocks.
Purchase patch panels with built-in surge protection to protect expensive Ethernet switches.
Use cable managers to organize and support cables connected to patch panels.
Notes
In telephony applications, the termination point for twisted-pair wiring is usually called a punchdown block instead of a patch panel.
See Also cabling , hub ,infrastructure , rack, RJ connectors, structured wiring, switch, wall plate, wiring closet
The route that a user or application follows to locate a file in a file system, an object in a directory, a server on a network, or some other kind of resource in a hierarchical system.
Overview
A path to an object can be one of the following:
Absolute path: This starts from the root of the file system or directory.
Relative path: This starts from the user's current directory or location.
Examples
On a system running Microsoft Windows, the absolute path to a file is expressed using backslashes, as follows:
C:\Windows\Profiles\Administrator\User.dat
If the current directory is C:\Windows\Profiles, the relative path to the same file is as follows:
\Administrator\User.dat
To access files in shared folders on a Windows network, you can use the Universal Naming Convention (UNC) path:
\\server16\pub\readme.txt
On UNIX platforms, forward slashes are used instead of backslashes, as in this example:
/user/bin/blah.gz
To request a Web page on the Internet, you specify the page's Uniform Resource Locator (URL), which is essentially the path to the page in the hierarchical Domain Name System (DNS), as follows:
http://www.microsoft.com/support/FAQ.htm
See Also Domain Name System (DNS) ,Uniform Resource Locator (URL) ,Universal Naming Convention (UNC)
A utility that combines features of ping and tracert.
Overview
Pathping is a Transmission Control Protocol/Internet Protocol (TCP/IP) troubleshooting tool that was introduced in Microsoft Windows 2000 and is included in both Windows XP and Windows .NET Server. You can use pathping to discover the route to a remote host such as tracert (or the UNIX traceroute). It then pings the remote host for a period of time and collects statistics and reports them.
Examples
The following example pathpings a router on the Internet from a remote location:
C:\>pathping core2-toronto12-pos10-1.in. bellnexxia.net
Tracing route to core2-toronto12-pos10-1.in.bellnexxia.net [206.108.97.29] over a maximum of 30 hops:
0 mtit44 [216.130.91.131]
1 wnpgas06.mts.net [216.130.90.1]
2 216.130.90.7
3 wnpgbr01-g11-102.mts.net [205.200.28.82]
4 dis4-winnipeg32-pos11-0.in.bellnexxia.net [206.108.110.5]
5 core2-winnipeg32-pos6-2.in.bellnexxia.net [206.108.102.129]
6 core2-toronto12-pos10-1.in.bellnexxia.net [206.108.97.29]
Computing statistics for 150 seconds...
Source to Here This Node/Link Hop RTT Lost/Sent=Pct Lost/Sent=Pct Address
0 babel33 [216.129.43.88]
0/ 100 = 0%
1 191ms 0/ 100=0% 0/ 100 = 0% wnpgas06.mts.net [216.130.90.1]
0/ 100 = 0%
2 190ms 0/ 100=0% 0/100=0% 216.130.90.7
0/ 100 = 0%
3 204ms 0/ 100=0% 0/100=0% wnpgbr01-g11-102.mts.net [205.200.28.82]
0/ 100 = 0%
4 225ms 0/ 100=0% 0/100=0% dis4-winnipeg32-pos11-0.in.bellnexxia.net [206.108.110.5]
0/ 100 = 0%
5 225ms 0/ 100=0% 0/100=0% core2-winnipeg32-pos6-2.in.bellnexxia.net [206.108.102.129]
0/ 100 = 0%
6 230ms 0/ 100=0% 0/100=0% core2-toronto12-pos10-1.in.bellnexxia.net [206.108.97.29]
Trace complete.
See Also ping ,tracert ,Transmission Control Protocol/Internet Protocol (TCP/IP)
Stands for Private Branch Exchange, a telephone switch at the customer premises that supports multiple independent telephone extensions.
See Also Private Branch Exchange (PBX)
Stands for pulse code modulation. a common method used by telcos for converting analog signals into digital.
See Also pulse code modulation (PCM)
Stands for Personal Communications Services, a general term for digital cellular phone technologies.
See Also Personal Communications Services (PCS)
Stands for Private Communication Technology, an encryption protocol similar to Secure Sockets Layer (SSL).
See Also Private Communication Technology (PCT)
Stands for Personal Digital Assistant, a handheld computer used mainly as a personal information manager (PIM) and messaging device.
See Also Personal Digital Assistant (PDA)
Stands for primary domain controller, a Microsoft Windows NT domain controller that contains the master copy of the Security Accounts Manager (SAM) database.
See Also primary domain controller (PDC)
A computer that functions as a server for a group of users in a peer-to-peer network.
Overview
For example, in a small office with only five users running Microsoft Windows XP, you can set aside an additional machine running Windows XP as a peer server for storing company files. You should use peer servers only in small networks with no great need for security. Security on peer servers is limited to share-level security, which allows only three kinds of access:
Read-only access based on a password
Full-control access based on a password
A combination of the above, based on two separate passwords
If security is an issue, consider using a dedicated server running Windows 2000 or Windows .NET Server.
See Also peer-to-peer network
A network in which the computers are managed independently of one another and have equal rights for initiating communication with each other, sharing resources, and validating users.
Overview
A peer-to-peer network usually has no special server for authenticating users. Each computer manages its own security, so a separate user account might need to be created for each computer that a user needs to access. Users usually store files on their own computers and are responsible for ensuring that those files are appropriately backed up. In a peer-to-peer network, each computer typically runs both client and server software and can be used to make resources available to other users or to access shared resources on the network.
Peer-to-peer networks are simple to set up and are often ideal for small businesses that have fewer than 10 computers and that cannot afford a server-based solution. The disadvantages of peer-to-peer networks are poor security and lack of centralized file storage and backup facilities.
See Also server-based network
Stands for Privacy Enhanced Mail, a specification for encrypting and securing e-mail.
See Also Privacy Enhanced Mail (PEM)
A security network at the boundary between a corporate local area network (LAN) and the Internet.
Overview
The perimeter network is an important part of the security framework of any corporate enterprise. The perimeter network is designed to protect servers on the corporate network from attack by malicious users on the Internet. Formerly known as a demilitarized zone (DMZ), the term perimeter network emphasizes the location of this security network as standing between the corporate LAN and the Internet.
Implementation
The perimeter network is implemented using a corporate firewall at the border of the corporate LAN. In a typical configuration, such a firewall has three network interfaces:
Internet: The interface exposed to the external, unsecure public network called the Internet.
Intranet: The interface connected to the corporate LAN where vulnerable servers reside.
Perimeter network: The interface connected to the separate network called the perimeter network or demilitarized zone (DMZ). This interface is on the same side of the firewall as the Internet interface, making servers on the perimeter network available to users on the Internet.
The perimeter network typically contains the following kinds of servers:
Proxy servers: These provide secure access for external users to information stored on intranet servers on the corporate LAN.
Web servers: These are public web servers accessible to everyone on the Internet.
Perimeter network. How a perimeter network is implemented.
Virtual private network (VPN) servers: These are remote access and authentication servers that allow company employees to securely access servers on their corporate LAN from outside the LAN over the Internet.
In addition, the perimeter network may contain routers, switches, and other devices to enable it to function as desired.
See Also firewall , network security , virtual private network (VPN)
Stands for Practical Extraction and Reporting Language, an interpreted scripting language used for Web applications.
See Also Practical Extraction and Reporting Language (Perl)
A dedicated circuit between two nodes in a circuit- switched network.
Permanent virtual circuit (PVC). How a PVC can be established between two LANs to form a WAN.
Overview
Permanent virtual circuits (PVCs) are typically used in frame relay networking to establish permanent, dedicated links between remote stations or networks. The effect is similar to that of a leased line, but it has added flexibility because fault-tolerance can be built into the circuit. For example, BellSouth Corporation offers a frame relay service called Intelligent PVCs that are continually monitored so that should a PVC fail, the switches in the frame relay cloud automatically reconfigure to reroute the customer's traffic over a different circuit.
PVCs are best for wide area network (WAN) links that carry steady, high volumes of network traffic. PVCs offer guaranteed bandwidth and extremely low latency for establishing a connection. Also, because the switching pathway is permanent, the quality of the connection does not vary with time. The result is more reliable service than switched virtual circuits (SVCs). However, PVCs are more expensive than SVCs because telco resources are dedicated to the customer and cannot be used for other purposes. Furthermore, with a PVC you pay for the bandwidth whether or not you use it; with SVCs, the amount you pay depends on how much bandwidth you use.
Implementation
To provision a PVC for a customer, switches are first set up and configured by the telco or carrier to provide a permanent, point-to-point connection between the two nodes. These circuits are called permanent because the telco dedicates specific resources (switches) to your company-they cannot be used by anyone else as long as you lease the service. The switches are called "virtual" because the customer does not have a physical wire connecting two networks but rather a logical connection between switches configured by the telco's management software. In fact, the customer does not even need to know how the circuit is set up.
See Also frame relay ,frame relay cloud ,switched virtual circuit (SVC) ,virtual circuit
Authorization to access or perform an operation on a specific object.
Overview
Permissions are settings that you establish for a network resource to control which users and groups can access the resource and what degree of access they have. Permissions are implemented at several levels in Microsoft Windows using discretionary access control lists (DACLs), which are attached to the object they control.
Permissions can be granted to objects by their owners and by anyone to whom owners delegate this ability. Permissions can be used to both grant and deny access to objects-permissions that are not explicitly granted are implicitly denied.
Examples
Examples of permission types on the Windows platform include the following:
Shared folder permissions: Can be applied to shared folders on Windows systems to control access to network shares by users
NTFS permissions: Can be applied to files and folders on NTFS volumes for both local and network control of access to the resources
Print permissions: Can be assigned to printers to control who can manage printers, manage documents, or print documents
Active Directory permissions: Can be assigned to objects within Active Directory directory service of Windows 2000 or Windows .NET Server using Active Directory Users and Computers
Public folder permissions: Can be assigned using Microsoft Outlook to files in public folders to control who can read, edit, or delete those files
See Also access control , Active Directory ,discretionary access control list (DACL) ,NTFS permissions (Windows 2000,Windows XP ,and Windows .NET Server),NTFS permissions (Windows NT) , shared folder permissions
A network connection that is opened for communications to take place and then kept open in case it is needed again.
Overview
One place persistent connections are employed is with the Windows Internet Name Service (WINS) on the Microsoft Windows 2000 platform. Windows 2000 WINS replication partners maintain persistent connections among themselves so that replication can be initiated at any time without the network traffic overhead associated with establishing new connections. This means that WINS databases are updated immediately and shared network resources are always available.
On the other hand, in the earlier version of WINS for Windows NT Server replication partners had to open a new connection between each other every time WINS replication was initiated. As a result, most administrators of large networks configured WINS replication to occur at certain time intervals or after a certain number of updates to the WINS database had accumulated. Because of delays in updating WINS databases on WINS servers, clients sometimes could not access shared network resources.
See Also Windows Internet Name Service (WINS)
A network that surrounds and travels with an individual.
Overview
The idea of a Personal Area Network (PAN) sounds a lot like science fiction, but with the proliferation of mobile devices such as cell phones, laptops, pagers, and Personal Digital Assistants (PDAs) carried by many knowledge workers today, the day of the PAN may at last be at hand. The enabling technology for PANs may be Bluetooth, a wireless communication technology for small, ad-hoc networks. Using Bluetooth, a "PAN- wired" individual could walk to the front door of an office building and the door would open automatically as the building security network detects and communicates with information stored in the user's PDA. As this person walks up to the soft drink machine, his or her PAN could notify the machine to issue a favorite drink and automatically debit the cost from his or her account. PAN enthusiasts have envisioned other far-out scenarios, but they are probably still light years away for most of us!
See Also Bluetooth
A general term for digital cellular phone technologies.
Overview
Personal Communications Services (PCS) technologies were first developed in the early 1990s because the existing Advanced Mobile Phone Service (AMPS) technologies were running out of available bandwidth in the electromagnetic frequency spectrum. PCS systems are end-to-end digital in nature and are more secure than analog cellular systems. PCS networks can be used for voice, fax, and data applications such as e-mail and file transfers. PCS systems were originally circuit-switched, although most are now being migrated to packet-switched networks.
Some of the standards and technologies that developed from the PCS initiatives include the following:
Time Division Multiple Access (TDMA): These digital cellular systems are based on the TDMA IS-136 standard. TDMA divides frequency bands into time slots and then multiplexes user conversations within these slots. TDMA operates in both the 800-megahertz (MHz) and 1900-MHz frequency bands, but only frequencies at 1900 MHz are specifically referred to as PCS, and those in the 800- MHz range are referred to as cellular.
Code Division Multiple Access (CDMA): These digital cellular systems are based on the CDMA IS-95 standard, which was developed by QUALCOMM. CDMA uses spread-spectrum transmission technologies and assigns codes to individual users transmitting within the same broad frequency spectrum. CDMA operates at both the 800-MHz and 1900-MHz frequencies, but only frequencies at 1900 MHz are specifically referred to as PCS, while those in the 800-MHz range are referred to as cellular.
Global System for Mobile Communications (GSM): These digital cellular systems are based on the GSM 1900 standard. GSM is based on TDMA technologies and divides frequency bands into time slots. GSM has the advantage of supporting roaming between Europe and North America. GSM operates in the 1900-MHz frequency range (or the 1800-MHz range in Europe).
Types
PCS systems and services can also be classified as follows:
Narrowband PCS: Uses the 900-MHz portion of the electromagnetic spectrum, specifically the frequency bands 901-902, 930-931, and 940-941 MHz. Narrowband PCS is used for wireless telephony, wireless data transmission, voice message paging and text-based paging, and other services.
Broadband PCS: A newer technology that uses the 2-gigahertz (GHz) portion of the electromagnetic spectrum, specifically the frequency band from 1850 to 1990 MHz, with the exception of a 20-MHz band reserved for unlicensed voice and data services. Broadband PCS with its greater bandwidth allocation is used or intended for wireless telephony, high-speed wireless data transmission, portable facsimile transmission, wireless Personal Digital Assistants (PDAs), and wireless video telephony services.
See Also Advanced Mobile Phone Service (AMPS) , broadband transmission ,cellular communications ,circuit-switched services ,Code Division Multiple Access (CDMA) ,Global System for Mobile Communications (GSM) , Time Division Multiple Access (TDMA)
A handheld computer used mainly as a personal information manager (PIM) and messaging device.
Overview
Personal Digital Assistants (PDAs) are generally used for personal and business functions such as keeping track of appointments, sending and receiving e-mail, browsing the Internet, composing memos, performing spreadsheet calculations, managing contact lists, online banking, and viewing stock quotes. A typical PDA has a small grayscale or color liquid crystal display (LCD) with either a small keyboard or a pen-based user interface for entering data. Information can be exchanged with a desktop or laptop PC by using a docking cradle connected to the computer using a serial port, Universal Serial Bus (USB) port, or infrared (IR) communication port, depending on the make and model. The processing power of a typical PDA is similar to that of a 386 processor, and its memory is typically limited to about 16 megabytes. Many PDAs also support standard or even wireless modems for sending and receiving e-mail or accessing specialized Internet content.
Marketplace
One of the earliest PDAs was the Apple Newton, a device whose reach was beyond the technology of its time (it was too large and heavy). Most PDAs today run one of two operating systems:
Palm OS: This is used by the Palm Pilot and Handspring Visor line of PDAs. Palm OS is the most widely-used PDA platform with about 70 percent of the market share, with particular focus on the business executive and consumer markets. The current version of this platform is Palm OS 4.
Pocket PC: This is a version of Microsoft Windows CE used by the Compaq iPaq and Hewlett-Packard Jornada series of PDAs. The Pocket PC platform is rapidly growing in popularity, especially in the large corporation, where it integrates well with Windows-based networks since the Pocket PC includes scaled-down versions of many popular Microsoft software products. The current version of this platform is Pocket PC 2002.
Because PDA management is becoming an increasingly important job for network administrators, a number of vendors have introduced platforms for managing large numbers of PDAs in the enterprise. Examples include two products from TRG (now called HandEra):
InstallPro Application Guard, which lets administrators deploy applications to Palm OS PDAs.
ImagePro Deployment Manager, which lets you create an image of a PDA's contents for backup or deployment purposes.
The eventual success of PDAs in the enterprise depends largely upon these new management platforms.
See Also universal serial bus (USB)
Stands for Pretty Good Privacy, a popular scheme for encrypting e-mail for secure messaging.
See Also Pretty Good Privacy (PGP)
A popular server-side scripting language.
Overview
PHP is a scripting language used to create dynamic Web applications. It is an open-source platform and is available for a wide range of operating systems including Linux, versions of UNIX, and Microsoft Windows.
PHP is similar to C language in syntax and to Perl in its support for regular expressions. PHP has capabilities similar to other popular Web scripting languages, including Microsoft Corporation's Active Server Pages (ASP), Sun Microsystems' Java Server Pages (JSP), and Allaire Corporation's ColdFusion. When used on the Apache web server platform, PHP can be built as a binary module and run as a Common Gateway Interface (CGI) application. PHP includes support for Open Database Connectivity (ODBC) databases and can be interfaced with external libraries to extend its functionality.
Notes
The acronym PHP originally meant "personal home pages," but the product quickly outgrew this name. The acronym now officially means "PHP: Hypertext Preprocessor," a recursive definition in the style of GNU's not UNIX (GNU).
See Also Active Server Pages (ASP) , Common Gateway Interface (CGI) ,Java Server Pages (JSP) ,open database connectivity (ODBC) , scripting
Another name for MAC address, a Layer 2 address for a network node.
See Also MAC address
Layer 1 (or the PHY layer) of the Open Systems Interconnection (OSI) reference model.
Overview
The physical layer is the bottom layer of the seven-layer OSI networking architecture model. It establishes the physical interface and mechanisms for placing a raw stream of bits onto the wire. It defines the voltage, current, modulation, bit synchronization, connection activation and deactivation, and various electrical characteristics for the transmission media (such as unshielded or shielded twisted-pair cabling, coaxial cabling, and fiber-optic cabling). Protocols at the PHY layer include IEEE 802.3, RS-232C, and X.21. Repeaters, transceivers, network interface cards (NICs), and cabling all operate at the PHY level.
See Also cabling , Open Systems Interconnection (OSI) reference model ,network interface card (NIC) , repeater
The basic building block of Bluetooth wireless networks.
Overview
A piconet is a small network running Bluetooth that has eight or fewer devices on it. Piconets can also be connected to form larger networks called scatternets, but it is unlikely that individual users will often carry more than eight Bluetooth-enabled devices on their person at any given time!
Piconets are not the same as Personal Area Networks (PANs). A PAN may be constructed from one or more separate piconets, but generally devices that need to communicate frequently with each other (such as a cell phone and a head set) should be on the same piconet.
See Also Bluetooth ,
Stands for Protocol Independent Multicast-Dense Mode, a dense mode multicast routing protocol.
See Also Protocol Independent Multicast-Dense Mode (PIM-DM)
Stands for Protocol Independent Multicast-Sparse Mode, a sparse mode multicast routing protocol.
See Also Protocol Independent Multicast-Sparse Mode (PIM-SM)
A utility that verifies the integrity of a network connection.
Overview
The Ping command is one of the first commands to use when troubleshooting communication problems on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. To use ping, you open a command line window and type ping followed by either the IP address or the fully qualified domain name (FQDN) of the host for which you want to test network connectivity. Internet Control Message Protocol (ICMP) echo packets are then transmitted to the host, and if connectivity is working, an equal number of echo replies are received. The replies show the packet size in bytes, response time in milliseconds, and Time to Live (TTL) of the echo reply. The TTL is decremented for each hop along the way and indicates the number of routers (hops) passed through along the network path.
The usual procedure for using ping to troubleshoot communications on a TCP/IP network is as follows:
Verify that TCP/IP is installed and running by pinging the local loopback address using ping 127.0.0.1 .
Ping your own IP address and host name.
Ping the IP address of the default gateway for your local network.
Ping the IP address of a host on a remote network.
If all of these steps produce the expected results, TCP/IP is installed and running properly on your network. If you can ping a host's IP address but not its fully qualified domain name (FQDN), you probably have a name resolution problem. Check your Domain Name System (DNS) configuration and make sure that the DNS server is running, or check your Hosts file if it is implemented.
Notes
Although ping actually stands for Packet Internet Groper, it is almost never referred by that name anymore.
See Also default gateway , Domain Name System (DNS) ,fully qualified domain name (FQDN) ,host ,Internet Control Message Protocol (ICMP) ,loopback address , tracert, Transmission Control Protocol/Internet Protocol (TCP/IP)
Stands for Public Key Cryptography Standards, a set of standards for cryptography.
See Also Public Key Cryptography Standards (PKCS)
Also called the Cryptographic Message Syntax Standard, a cryptographic standard from RSA Security for the exchange of digital certificates in public key cryptography.
Overview
PKCS #7 specifies the syntax of digital certificates and other encrypted information-specifically, the method by which data is encrypted and digitally signed, as well as the algorithms involved. When you use PKCS #7 to digitally sign data, the result includes the signing certificates, a list of relevant certificate revocation lists, and any other certificates in the certification path. If you use PKCS #7 to encrypt data, it usually includes references to the issuer and the serial number of the certificate that is associated with the public key that can be used to decrypt the encrypted data.
PKCS #7 also supports additional features such as
Recursion, in which a digital envelope is enclosed in a digital envelope, which is enclosed in another digital envelope, and so on
Time-stamping of encrypted messages and digital signatures
Counter-signatures and user-defined attributes
Implementation
PKCS #7 can be used to encrypt two types of data:
Base data: Data that has not been encrypted and contains no cryptographic enhancements such as hashes or digital signatures.
Enhanced data: Data that is encrypted or contains cryptographic enhancements or both. Enhanced content encapsulates one form of content within another.
A variety of content types are defined by the PKCS #7 standard, including the following:
Data: String of bytes or octets.
Signed data: Data along with an encrypted message digest. A message digest is the value produced when a hashing algorithm is applied to data. (The terms digest and hash are synonymous.) The recipient uses the message digest to confirm that the original message was not tampered with during transit and to validate the identity of the sender.
Enveloped data: Encrypted data plus the public key that can decrypt the data. You use this method to keep the contents of the message secret from all but trusted recipients.
Signed-and-enveloped data: Encrypted content with its public key and doubly encrypted message digest.
Digested data: Data plus a message digest.
Encrypted data alone: The public key for decrypting the data must be transmitted by some other mechanism in this case.
See Also digital certificate , encryption ,
A cryptographic standard for the exchange of digital certificates.
Overview
PKCS #12 is an industry-standard format for the transfer, backup, and restoration of digital certificates and their associated public or private keys used in public key cryptography. PKCS #12 is the export format that is usually used to export a digital certificate with its private key, because exposing a user's private key using a less secure method of export poses a security risk. PKCS #12 is used to export certificates to other computers, to removable media for backup purposes, or to smart cards to enable smart card authentication schemes.
See Also digital certificate , encryption ,
Stands for public key infrastructure, an infrastructure to enable the use of public key cryptography in a corporate or public setting.
See Also public key infrastructure (PKI)
The basic analog telecommunications service provided by a local telco.
Overview
Plain Old Telephone Service (POTS) is an inexpensive circuit-switched service originally designed for voice communications and supporting data transfer speeds up to 56 kilobits per second (Kbps). POTS was originally the only type of telephone service available, and a majority of residential customers still use it today. Since 1972, however, the old analog POTS is gradually migrating toward an all-digital Integrated Services Digital Network (ISDN) infrastructure, starting mainly with trunk lines and business connections. The combination of the old analog POTS with the newer ISDN infrastructure is commonly called the Public Switched Telephone Network (PSTN).
Architecture
Starting from your home or customer premises, POTS uses a copper twisted-pair cable that eventually terminates at your local telco's central office (CO). Send and receive functions are shared over both wires of the two- wire cable. The connection between the customer premises and the CO forms what is known as the local loop. The CO is a facility with switches that can connect you to another local subscriber, to another CO, or to a long-distance provider, depending on whether your call is local or long distance.
Although POTS is basically an analog service in the local loop and is thus designed for voice traffic, it can also transport data traffic by using a modem to convert analog signals into digital and back again.
See Also central office (CO) , Integrated Services Digital Network (ISDN) ,modem , telco
A standard specifying how Web sites communicate their privacy policy to visitors.
Overview
Platform for Privacy Preferences (P3P) is a project of the World Wide Web Consortium (W3C), whose goal is to give Internet users greater control over the privacy of their personal and financial information. Major industry players such as Microsoft Corporation, IBM, America Online, and AT&T have committed to implementing P3P on their sites. Internet Explorer 6, which comes with Windows XP and Windows .NET Server, is P3P- enabled.
P3P is an ongoing initiative to develop standards to ensure the privacy of e-commerce and other transactions over the Internet. The initial version 1.0 of P3P ensures that users who visit P3P-compliant Web sites will be presented with the site's privacy policy so they can decide whether to give their personal information to the site when doing business or shopping on the Internet. P3P is designed to make corporate privacy policies more accessible to users, instead of requiring users to dig through complex Web sites to find them buried somewhere.
Implementation
P3P specifies a standard format for companies to create machine-readable versions of their privacy policies. When P3P is implemented on a Web site, a user visiting the site will automatically download the company's policy the first time he or she visits the site. Using client- side P3P software, the policy is then displayed on the user's machine along with options about what kind of privacy level the user wants to establish with the site. Once user has selected the privacy level, the next time the user visits the site the policy is automatically downloaded, compared to user settings, and the required degree of privacy is enforced.
Server-side P3P software translates document-based privacy policies into a standardized Extensible Markup Language (XML) format. Client-side P3P software may be integrated into Web browsers, downloaded as a plug in, or built into various applications such as financial applications.
Issues
P3P is an evolving standard. The initial version, P3P 1, has several weaknesses, namely:
There is no provision to ensure that personal information collected by companies will not be used against the user's wishes. In other words, companies may falsify their privacy policies in order to trick users into submitting their personal data. P3P 1 is thus essentially an "honor system" that still requires users to trust the companies they transact with, but it does make the company's privacy policy more visible so the user can take legal action if the policy has been misrepresented.
There is no restriction on any interorganizational transfer of user data that may occur during or after an online transaction. For example, the policy does not restrict what the company does with regard to interaction with credit institutions during payment of a transaction.
For More Information
Visit the W3C's P3P site at www.w3c.org/p3p.
See Also Internet ,World Wide Web Consortium (W3C) ,XML
Cabling used for long cable runs within a building.
Overview
Also known as CMP cabling, plenum cabling is a grade of cabling that is resistant to combustion and is used for horizontal cable runs in building plenums and vertical rises such as elevator shafts. A plenum is a horizontal space within a building that houses building components and allows the movement of air. False ceilings are not considered plenums.
Plenum cabling is less flexible and costlier than polyvinyl chloride (PVC) cabling. The external insulating jacket of plenum cabling is usually a fluoropolymer such as Teflon FEP.
See Also cabling ,
A design philosophy and set of specifications for PC architectures that enables computer hardware, peripherals, device drivers, and operating systems to be easily reconfigured with minimal user understanding and intervention.
Overview
Plug and Play (PnP) frees users from having to manually configure devices and device drivers when they add or remove peripherals from computer systems. For example, to configure a non-PnP sound card, a user typically has to manually change jumpers or dual inline package (DIP) switches on the sound card itself, a task that is often difficult for the inexperienced user. With PnP, you simply plug in the device and follow a series of prompts (if any are necessary) to configure the appropriate drivers for your device.
Implementation
A true PnP system consists of the following three elements:
A PnP operating system such as Microsoft Windows 2000 or Windows XP.
A PnP system basic input/output system (BIOS) that supports Advanced Power Management (APM) or Advanced Configuration for Power Interface (ACPI), automatic configuration of boot and motherboard devices, hot docking, and other features.
PnP system buses such as Peripheral Component Interconnect (PCI) or universal serial bus (USB) and PnP peripheral devices (internal or external) and their associated drivers. PnP peripheral devices include universal serial bus (USB), Institute of Electrical and Electronics Engineers (IEEE) 1394, Small Computer System Interface (SCSI), Personal Computer Memory Card International Association (PCMCIA), and PCI devices. Industry Standard Architecture (ISA), Extended Industry Standard Architecture (EISA), and Video Electronics Standards Association (VESA) devices are not fully PnP. Other PnP devices include Integrated Device Electronics (IDE) controllers, Enhanced Capabilities Port (ECP) parallel ports, and video adapters.
If a system does not support all three of these features, it is not truly PnP, although it might have some limited PnP support. In a completely PnP system, these features work together to automatically enumerate (identify) new devices installed in or connected to the system, determine their resource requirements, establish a system configuration that can support these requirements without device conflicts, program the devices as necessary and load their device drivers, and notify the user of the changes to the system's configuration.
When you add a new hardware device to a PnP system, the Add New Hardware Wizard starts and installs the necessary drivers for the hardware. The wizard selects suitable hardware resources for the device, which might include an interrupt request (IRQ) line, input/output (I/O) address, direct memory access (DMA) channel, and memory range. If the system cannot properly detect the hardware, you can manually run the Add New Hardware Wizard to configure the hardware.
Notes
When using PnP to install new devices on Microsoft Windows platforms, be sure that the new device is attached to the computer and is turned on before you run the Add New Hardware Wizard.
See Also Advanced Configuration and Power Interface (ACPI) ,Advanced Power Management (APM)
A NetBIOS name resolution method used for name registration and resolution.
Overview
P-node is a type of NetBIOS over Transmission Control Protocol/Internet Protocol (TCP/IP) node and is defined in RFCs 1001 and 1002. P-node is supported by computers running Microsoft Windows and is one of four basic methods supported by Windows NT for resolving NetBIOS host names (that is, computer names) into IP addresses. Name resolution is the process of converting the name of a host on the network into a network address (such as an IP address).
Implementation
If a computer running Windows is configured as a P-node machine, it does not use broadcasts to resolve the names of the hosts. Instead, it tries to query a NetBIOS name server to resolve names of other hosts on the network. The advantage of doing this is that name resolution can function across large internetworks consisting of IP subnets connected with routers since routers normally block broadcasts but will forward packets directed toward a specific name server. An example of a NetBIOS name server on a Microsoft Windows network is a Windows NT, Windows 2000, or Windows .NET Server machine running the Windows Internet Name Service (WINS). If the WINS server is unavailable to the client issuing the query, the requested name cannot be resolved into its associated IP address. Furthermore, each client must be configured with the IP address of the WINS server in order for P-node name resolution to work. For this reason, M-node or H-node methods are usually preferred; they can use both broadcasts and directed traffic to resolve NetBIOS names of hosts.
See Also B-node ,H-node ,M-node ,NetBIOS name resolution
Stands for Plug and Play, a design philosophy and set of specifications for PC architectures that enables computer hardware, peripherals, device drivers, and operating systems to be easily reconfigured with minimal user understanding and intervention.
See Also Plug and Play (PnP)
A resource record for reverse name resolution.
Overview
Pointer (PTR) records associate an Internet Protocol (IP) address with a host name in the in-addr.arpa domain. They are used for reverse name lookups to provide host name to IP address mappings.
Examples
Here is an example of a PTR record:
1.141.205.202.in-addr.arpa IN PTR server9.microsoft.com.
In this PTR record, the IP address 202.205.141.1 is mapped to the host Server9 within the microsoft.com domain. Note that the host's IP address appears in the reverse order in the in-addr.arpa domain.
See Also Domain Name System (DNS) ,resource record (RR)
A carrier facility that provides an access point for telecommunication services.
Overview
The term point of presence (POP) generally refers to a data center to which users can connect in order to access dial-up, leased line, and other telecommunication services. The following can all be considered POPs:
The central office (CO) for a telco
The modem bank or switching facility at an Internet service provider (ISP)
A metropolitan area exchange (MAE) or network access point (NAP) where several ISP backbones connect
A base station for a cellular communication system
An ISP's POP, for example, would be a facility that housed call aggregators, modem banks, routers, and high-speed Asynchronous Transfer Mode (ATM) switches. Such a POP generally has one or more unique IP addresses plus a pool of assignable IP addresses for its permanent and dial-up clients. The actual POP for an ISP might be colocated within the telecommunications facility of a telco or a long-distance carrier. The ISP rents or leases space in the facility to install the routers and access servers that provide Internet connectivity for clients and for the equipment that provides the ISP with a high-speed T1 or T3 connection to the Internet's backbone.
See Also Asynchronous Transfer Mode (ATM) ,central office (CO) ,Internet ,Internet service provider (ISP) ,Network Access Point (NAP)
Communication from a single sending station to multiple receiving stations.
Overview
A point-to-multipoint (or multipoint) wide area network (WAN) consists of three or more end nodes interconnected using a packet-switching telecommunications service. A number of Layer 2, or data-link layer, protocols support multipoint WANs, including frame relay, Switched Multimegabit Data Services (SMDS), Asynchronous Transfer Mode (ATM), and X.25 packet-switched networks.
The opposite of point-to-multipoint is point-to-point communications.
Point-to-multipoint. Connecting LANs using a multipoint frame relay service.
A public or private frame relay network can be used to connect multiple networks into a multipoint WAN configuration, as shown in the diagram. Each end node is configured with a unique data-link address, which allows any node on the WAN to communicate with any other node.
See Also Asynchronous Transfer Mode (ATM) , frame relay , Switched Multimegabit Data Services (SMDS), wide area network (WAN), X.25
Communication from a single sending station to a single receiving station.
Overview
A point-to-point connection may be a serial link, a dial-up modem connection, a leased line such as a T1 line, or an Integrated Services Digital Network (ISDN) connection. Consider a leased line, for example, which can be used to create a wide area network (WAN) by linking together two end nodes on different local area networks (LANs). In a typical configuration, a router is connected using a serial transmission interface such as V.35 to a Channel Service Unit (CSU) at the customer premises. The CSU provides the interface between the router and the telco's leased line. An identical setup is configured at the remote customer premises.
Point-to-point. Implementing a point-to-point WAN connection.
Such point-to-point WAN links typically use either High-level Data Link Control (HDLC) for synchronous connections using Cisco routers or Point-to-Point Protocol (PPP) for asynchronous or synchronous communications linking equipment from different vendors. PPP is usually used in heterogeneous networking environments in which the routing and access equipment comes from different vendors, and HDLC tends to be used in homogeneous networking environments in which the routers and access equipment run only Cisco Systems' Internetwork Operating System (IOS) software. One of the derivatives of these protocols, such as Point-to-Point Tunneling Protocol (PPTP), may also be used as the data-link layer protocol for encapsulating local network traffic into frames for transmission over the WAN link.
Note that because there are only two end nodes in a point-to-point WAN link, addressing need not be provided for the end nodes at the data-link layer.
The opposite of point-to-point is point-to-multipoint communications.
Notes
The term point-to-point is also used more generally. For example, the configuration of a terminal connected to a minicomputer using two short-haul asynchronous modems is referred to as a point-to-point connection.
See Also Channel Service Unit (CSU) , data-link layer ,High-level Data Link Control (HDLC) ,Integrated Services Digital Network (ISDN) ,Internetwork Operating System (IOS) ,leased line , T-carrier, V.35
A popular wide area network (WAN) encapsulation protocol.
Overview
Point-to-Point Protocol (PPP) is an industry standard data-link layer protocol developed in the early 1990s in response to problems associated with Serial Line Internet Protocol (SLIP), which supported only static Internet Protocol (IP) addressing for clients. PPP is superior to the older SLIP in that it is much faster, it offers error correction and dynamic negotiation of sessions without user intervention, and it can support multiple network protocols simultaneously.
PPP provides reliable delivery of packets over both asynchronous and synchronous serial communications links. PPP works with a wide variety of network protocols by encapsulating and compressing them for efficient delivery over WAN connections. Because of its flexibility, PPP allows WAN devices from different vendors to interoperate.
PPP is also the basis of Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP), which can be used to create virtual private networks (VPNs). All versions of Microsoft Windows support PPP.
PPP is defined in RFCs 1661 and 1662.
Architecture
PPP encapsulation is based on the High-level Data Link Control (HDLC) derived from the mainframe environment. It supports a wide variety of network layer protocols, including IP, Internetwork Packet Exchange (IPX), NetBEUI, and AppleTalk. Once encapsulated, PPP frames can then be transmitted over serial transmission lines such as Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN), or over packet-switched networks such as X.25.
PPP includes two additional subprotocols:
Link Control Protocol (LCP): This is an extensible protocol for establishing, tearing down, and testing data-link WAN connections.
Network Control Protocol (NCP): This is a family of protocols used for establishing and configuring PPP communication using the different network protocols listed above.
PPP supports a wide range of authentication protocols, including
Password Authentication Protocol (PAP)
Challenge/Handshake Authentication Protocol (CHAP)
Microsoft Challenge/Handshake Authentication Protocol (MS-CHAP)
Shiva Password Authentication Protocol (SPAP)
Implementation
A typical dial-up session using PPP is completely automated and requires no real-time user input. It has four stages:
Link establishment: PPP uses LCP to establish and maintain a PPP link over a serial transmission line. LCP frames are sent over the data link to test its integrity and establish the link.
User authentication: PPP uses one of several authentication protocols, including PAP, CHAP, and Microsoft Challenge Handshake Authentication Protocol (MS-CHAP).
Callback: PPP Callback Control (Microsoft's implementation of PPP) uses Callback Control Protocol (CBCP) if it is configured.
Configuration: NCPs are used to establish network connections, perform compression and encryption, and lease IP addresses using Dynamic Host Configuration Protocol (DHCP), among other functions. NCP frames are sent over the link to establish a network connection between the PPP server and the remote PPP client.
Notes
If you can connect to a remote PPP server but you cannot ping the remote server, try turning off IP header compression. If that does not work, try logging all PPP communication and examining it later for troubleshooting purposes.
See Also asynchronous transmission , Challenge Handshake Authentication Protocol (CHAP) ,data-link layer ,High-level Data Link Control (HDLC) ,Integrated Services Digital Network (ISDN) ,Internet Protocol (IP) ,Layer 2 Tunneling Protocol (L2TP) ,Link Control Protocol (LCP) ,Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) ,Multilink Point-to-Point Protocol (MPPP) ,Network Control Protocol (NCP) , Serial Line Internet Protocol (SLIP), serial transmission, synchronous transmission, wide area network (WAN), X.25
An encapsulation protocol for virtual private networking (VPN).
Overview
Point-to-Point Tunneling Protocol (PPTP) is a data-link layer protocol based on the Internet standard Point- to-Point Protocol (PPP). PPTP was developed by Microsoft Corporation to enable network traffic to be encapsulated and sent over an unsecured public Internet Protocol (IP) network like the Internet. PPTP does this through the creation of virtual private networks (VPNs), which securely tunnel network traffic through the Internet. Remote users can use PPTP to securely access resources on their corporate network over the Internet instead of having to use direct modem connections or costly leased lines.
PPTP is defined in RFC 2637.
Architecture
PPTP is an extension of PPP that is based on standard PPP negotiation, authentication, and encryption schemes. PPTP can encapsulate any form of network traffic including IP, Internetwork Packet Exchange (IPX), or NetBIOS Enhanced User Interface (NetBEUI) packets, and then create a "tunnel" for secure communication across a wide area network (WAN) link. This tunnel is responsible for authentication and data encryption and makes it safe to transmit data over unsecured networks.
PPTP supports two types of tunneling:
Voluntary tunneling: Initiated by the PPTP client, which includes all versions of Microsoft Windows. This type of tunneling does not require support from an Internet service provider (ISP) or network devices such as bridges.
Compulsory tunneling: Initiated by the PPTP server on the corporate network or at the ISP. This type of tunneling must be supported by network access servers (NASs) or routers.
Notes
Because PPTP supports multiple network protocols, including IP, IPX, and NetBEUI, two computers can establish a tunnel over the Internet only if they are r unning the same network protocol. To troubleshoot PPTP over a TCP/IP connection, use ping to determine whether you are connected to your PPTP server. Also be sure that you have trusted credentials in the domain of the PPTP server, and be sure that you do not have an active Winsock Proxy client that might be redirecting PPTP packets to a proxy server instead of to your VPN.
See Also data-link layer , Internet Protocol (IP) ,Internetwork Packet Exchange (IPX) ,NetBIOS Extended User Interface (NetBEUI) , tunneling, virtual private network (VPN), wide area network (WAN)
A grade of network cabling that uses polyvinyl chloride (PVC) plastic for its outer protective insulating jacket.
Overview
PVC cabling is cheap and flexible but gives off dangerous gases during combustion. PVC cabling is usually used to connect wall plates to computers. Building codes usually require that plenum cabling be used instead of PVC cabling for horizontal runs from wiring closets to wall plates.
Both coaxial and twisted-pair cabling are generally available in either PVC or plenum-grade jackets.
See Also cabling ,
Stands for passive optical network, a technology for bypassing the bottleneck of the local loop.
See Also passive optical network (PON)
Stands for point of presence, a carrier facility that provides an access point for telecommunications services.
See Also point of presence (POP)
Stands for Post Office Protocol version 3, an Internet standard protocol for storing and retrieving e-mail.
See Also Post Office Protocol version 3 (POP3)
An endpoint of a connection between two Internet Protocol (IP) hosts.
Overview
Ports identify the applications and services that use connections in Transmission Control Protocol/Internet Protocol (TCP/IP) networks. A port thus identifies a unique process for which a server can provide a service or by which a client can access a service. Ports are identified by two-byte numbers called port numbers and are classified as either TCP ports or User Datagram Protocol (UDP) ports, depending on the type of service being supported.
Notes
In computer terminology, the term port represents a connector for attaching cables or peripherals to the computer-for example, a parallel port for connecting a printer to a computer or a serial port for connecting a serial mouse or modem to a computer. Connectors on networking components, such hubs or routers, are also sometimes called ports, although a better term for such a connector on a router would be an interface .
See Also port number ,Transmission Control Protocol (TCP) ,Transmission Control Protocol/Internet Protocol (TCP/IP) ,User Datagram Protocol (UDP)
A general name for a wide range of platforms and services ranging from Internet search engines to systems for managing corporate data.
Overview
The term portal means doorway and refers to any application or service that provides easy access to useful information or data. The term was first applied to public Web sites such as Yahoo! that provided visitors with a directory of useful and interesting sites on the Internet along with an associated search engine. Today such Internet portals offer a much wider range of services, including instant messaging, managing personal contacts and calendars, online shopping and bill payment, customized information about your local news, sports, and weather, and customized personal pages. A number of Internet portals exist, but the "big three" are MSN, Yahoo!, and America Online (AOL).
In the enterprise arena, the portal concept evolved from the earlier concept of intranets, or internal corporate Web sites. Enterprise portals focus more on knowledge management (KM), which deals with making readily available all the various sources of knowledge in an enterprise. Several kinds of enterprise portals have evolved in the last few years, including
Enterprise Information Portal (EIP): Provides front-end access to business data stored in different applications and repositories
Enterprise Knowledge Portal (EKP): Includes functionality of EIPs and provides virtual workspaces for collaboration and file sharing
Marketplace
Some examples of popular portal products for the enterprise include Brio.Portal from Brio Technology, Corporate Portal from Plumtree Software, DataChannel Server from DataChannel, Epicentric Portal Server from Epicentric, Decision Portal from InfoImage, iPlanet Portal Server from Sun-Netscape Alliance, Oracle9iAS from Oracle Corporation, SharePoint Portal Server from Microsoft Corporation, and many others.
See Also Enterprise Information Portal (EIP) ,Enterprise Knowledge Portal (EKP) ,intranet ,knowledge management (KM)
A 16-bit (2-byte) positive integer used to identify a port on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
Overview
Ports can be assigned numbers ranging from 0 to 65,536. The number assigned to a port identifies the network service or process supported by the port. For example, the File Transfer Protocol (FTP) uses TCP port 20 for transferring data and port 21 for sending control messages. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports are considered distinct.
There are three main types of ports according to their numbering:
Well-known ports: These originally ranged from 0 to 255 but were later expanded to cover 0 through 1023. Well-known port numbers always represent the same network services and are assigned by the Internet Assigned Numbers Authority (IANA). Some of these numbers are currently unassigned and are reserved for future use. For example, FTP uses the well-known port numbers 20 and 21 as discussed above. For a list of well-known port numbers see the article "well-known port numbers" elsewhere in this book.
Registered ports: These are ports used by different vendors to support their operating systems and applications. Registered ports are acknowledged and listed by IANA but are not considered permanently allocated, so other vendors may use the same port numbers provided they anticipate no interoperability issues. Registered ports range from 1024 through 49,151 and overlap with the numbers of dynamically assigned ports below. Examples of registered ports on the Microsoft Windows platform include TCP/UDP port 1512 for the Windows Internet Name Service (WINS) and UDP port 2504 for the Network Load Balancing service.
Dynamically assigned ports: These are ports that an operating system or application assigns as needed to service client requests. Dynamic ports are allocated from the range 1024 through 65,536 and can be released and reassigned as needed.
See Also Internet Assigned Numbers Authority (IANA) , Transmission Control Protocol (TCP), Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), well-known port numbers
A set of standards for cross-platform implementations of UNIX.
Overview
POSIX is a standard UNIX operating system interface and environment developed by the Institute of Electrical and Electronics Engineers (IEEE) that supports portability of applications at the source code level. POSIX arose because different vendors were producing different "flavors" of UNIX and code written for one flavor would not run on another unless it was modified appropriately. The solution was to develop a standard in which code could be portable between all UNIX flavors, so that a POSIX call in one program would work on any other POSIX-compliant system.
Because of vendor-specific enhancements most UNIX systems are not 100 percent POSIX-compliant. The POSIX.1 standard defines the portability of C language code by specifying a standard application programming interface (API). Microsoft Windows NT, Windows 2000, and the 32-bit versions of Windows XP and Windows .NET Server are fully compliant with the POSIX.1 standard, which means that their POSIX subsystem can run native C language code written to the POSIX.1 standard. Windows NT does not support other POSIX standards.
Standard | Description |
POSIX.1 | Specifies the base system interfaces for C language programming |
POSIX.2 | Specifies standards for shells and system utilities plus additional C language interfaces |
POSIX.3 | Specifies methods for testing conformance to POSIX |
POSIX.4 | Adds real-time extensions to POSIX.1 |
POSIX.5 | Extends POSIX.1 to the Ada programming language |
POSIX.9 | Extends POSIX.1 to the FORTRAN77 language |
Notes
Note that POSIX originally stood for Portable Operating System Interface for UNIX, but no one actually refers to it this way any more.
See Also UNIX
Stands for power-on self test, a special set of initialization routines stored in read-only memory (ROM) that run whenever a PC is booted.
See Also power-on self test (POST)
The central message store in a legacy Microsoft Mail messaging system.
Overview
The postoffice consists of a series of message storage directories on the Microsoft Mail file server. The postoffice stores information such as user ID, password, user preferences, message folders, mail messages, and attachments. The postoffice is a passive file system; no active software runs on it. The International Telecommunication Union (ITU) refers to this component of a mail system as the "message store."
See Also e-mail ,International Telecommunication Union (ITU)
An Internet standard protocol for storing and retrieving e-mail.
Overview
Simple Mail Transfer Protocol (SMTP) provides the underlying transport mechanism for sending e-mail messages over the Internet, but it does not provide any facility for storing messages and retrieving them. SMTP hosts must be continuously connected to one another, but most users do not have a dedicated connection to the Internet.
Post Office Protocol version 3 (POP3) solves this problem by providing mechanisms for storing messages sent to each user and received from SMTP hosts in a receptacle called a mailbox. A POP3 server such as Microsoft Exchange Server stores messages for each user until the user connects to download and read them using a POP3 client such as Microsoft Outlook. After a POP3 client reads a message in the user's mailbox on a POP3 server, the message is deleted from the mailbox on the server. Primarily for this reason, POP3 is slowly giving way to a newer protocol called Internet Mail Access Protocol version 4 (IMAP4), which can retain read mail on the server and thus offers better support for mobile users.
Implementation
To retrieve a message from a POP3 server, a POP3 client establishes a Transmission Control Protocol (TCP) session using TCP port 110, identifies itself to the server, and then issues a series of POP3 commands:
Stat: Asks the server for the number of messages waiting to be retrieved
List: Determines the size of each message to be retrieved
Retr: Retrieves individual messages
Quit: Ends the POP3 session
To troubleshoot problems with remote POP3 servers, use Telnet to connect to port 110 and examine the results as you try issuing various POP3 commands such as the ones just described.
See Also e-mail , Internet Mail Access Protocol version 4 (IMAP4) , Simple Mail Transfer Protocol (SMTP), Telnet, Transmission Control Protocol (TCP)
Stands for Plain Old Telephone Service, the basic analog telecommunications service provided by a local telco.
See Also Plain Old Telephone Service (POTS)
A special set of initialization routines stored in read-only memory (ROM) that run whenever a PC is booted.
Overview
The power-on self test (POST) is designed to test whether system components are functioning properly before attempting to boot the operating system, and checks such things as the RAM, keyboard, and disk drives. If a problem is detected during the POST, the system typically emits a series of beeps and displays a corresponding error message giving some indication of the problem. Specific problems are indicated by different numbers of beeps, but the interpretation of these varies depending on the BIOS used.
On Pentium III systems that use the popular AMI WinBIOS, use the following table to interpret the number of beeps in order to troubleshoot the problem.
Number of Beeps | Problem | Resolution |
1, 2, or 3 | Memory error | Check speed and voltage of dual inline memory modules (DIMMs), try reseating DIMMs, or replace DIMMs |
4 | Timer error | Replace motherboard |
5 | CPU error | Try replacing CPU, or replace motherboard |
6 | Gate A20 error | Try reseating keyboard controller chip, try replacing keyboard controller chip, or replace motherboard |
7 | Interrupt error | Replace motherboard |
8 | Video memory error | Try reseating the video RAM (VRAM), try replacing the VRAM, or replace video card |
9 | BIOS ROM error | Replace BIOS ROM chip |
A built-in group in Microsoft Windows 2000, Windows NT 4, Windows XP, and Windows .NET Server.
Overview
The Power Users group is a local group that exists only on stand-alone servers and client machines. The initial membership of this group is empty. Generally speaking, a power user is a person who is familiar with the advanced features of a program's user interface.
The Power Users group has preassigned rights including the following:
Log on locally
Access this computer from the network
Change the system time
Shut down the system
Power users also have the right to share and manage local disk resources and printers and to create and modify local user accounts on the local machine.
See Also built-in group
Stands for Point-to-Point Protocol, a popular wide area networking (WAN) encapsulation protocol.
See Also Point-to-Point Protocol (PPP)
Another name for Multilink Point-to-Point Protocol, a wide area network (WAN) protocol for aggregating multiple Point-to-Point Protocol (PPP) connections.
See Also Multilink Point-to-Point Protocol (MPPP)
Stands for Point-to-Point Tunneling Protocol, an encapsulation protocol for virtual private networking (VPN).
See Also Point-to-Point Tunneling Protocol (PPTP)
An interpreted scripting language used for Web applications.
Overview
Practical Extraction and Reporting Language (Perl) is often used on UNIX platforms to develop Common Gateway Interface (CGI) programs to add dynamic functionality to Web sites-for example, input handlers for Hypertext Markup Language (HTML) forms on Web sites running on Apache web servers. Perl's unique capabilities revolve mainly around its powerful string manipulation capabilities. However, because Perl is an interpreted scripting language, applications that are written in Perl are easy to develop and test but tend to run more slowly than if they were compiled programs written in C or some other high-level programming language.
The current version of Perl is version 6.
Notes
You can use Microsoft Corporation's Windows Script Host (WSH) to run administrative scripts written in Perl by installing a third-party ActiveX scripting engine for Perl. Administrators from UNIX backgrounds can do this to leverage their knowledge of Perl to administer Microsoft Windows 2000.
For More Information
Find out more about Perl at www.perl.com
See Also Apache ,Common Gateway Interface (CGI) ,Hypertext Markup Language (HTML) ,scripting ,UNIX ,Windows Script Host (WSH)
The entire wiring system in a building.
Overview
Premise wiring for a building includes the cabling, power lines, wiring closets, distribution centers, wall plates, and fixtures needed to build out a wiring infrastructure. Premise cabling should be installed according to the Electronic Industries Alliance and Telecommunications Industry Association (EIA/TIA) wiring standards and must comply with all state and municipal building codes and requirements.
Implementation
In most computer networking installations today, the premise wiring system is a hierarchical system based on the star topology, starting with the equipment room (main cross-connect) that houses the main telecommunications equipment for the particular building, including servers, Private Branch Exchanges (PBXs), and routers. The equipment room contains the facilities for telecommunications signals to enter and leave the building. It can be one room or several rooms on different floors, depending on the building layout and administrative considerations.
From the equipment room, a vertical backbone cable runs up the building riser or elevator shaft, connecting the equipment room with wiring closets (intermediate cross-connects) on each floor. Additional backbone cabling runs horizontally to secondary wiring closets (horizontal cross-connects) if necessary. No further cross-connects should be used; in other words, the hierarchy should be no more than three cross-connects deep.
The wiring closets contain cabinets or racks with patch panels and a variety of networking equipment such as hubs, switches, and routers. Horizontal wiring runs from the patch panels through wall and ceiling spaces to wall plates and distribution boxes to form local area network (LAN) drops in the work areas where computers are set up. Patch cables or drop cables then connect computers in the work area to the wall plates or other distribution boxes.
See Also cabinet , cabling ,infrastructure , rack, star topology, structured wiring, wall plate, wiring closet
Layer 6 of the seven-layer Open Systems Interconnection (OSI) reference model.
Overview
The presentation layer structures data that is passed down from the application layer into a format suitable for network transmission. This layer is responsible for data encryption, data compression, character set conversion, interpretation of graphics commands, and other functions. The network redirector also functions at this layer.
Transmission Control Protocol/Internet Protocol (TCP/IP) and other common network protocols do not use a separate presentation layer protocol. The presentation layer is thus really an abstraction in real-world networking.
See Also Open Systems Interconnection (OSI) reference model
A popular scheme for encrypting e-mail for secure messaging.
Overview
Pretty Good Privacy (PGP) is a digital signature and encryption scheme developed by Phil Zimmermann in 1991 for secure exchange of e-mail and attached documents. You can use Pretty Good Privacy (PGP) to encrypt e-mail messages so that no one but the intended recipient can read them and to digitally sign messages so that the recipient can be sure of the identity of the sender and that the message has not been tampered with during transit.
Implementation
PGP generally uses the Rivest-Shamir-Adleman (RSA) or Diffie-Hellman public key cryptography algorithm and supports 128-bit keys. When you send a digital signature, a hashing algorithm generates a hash from the username and other information, which is then encrypted using the sender's private key. The hashing algorithm is MD5 when you use RSA and SHA-1 when you use Diffie-Hellman. As in a typical public key cryptography system, the recipient uses the sender's public key to decrypt the signature and verify the sender's identity. The sender's public key is retrieved by the recipient from a public PGP key management server such as the one maintained by certificate servers at Network Associates Technology.
Prospects
PGP is popular in the Internet community but does not scale well for corporate enterprise applications because its key management facilities are implemented as a distributed "web of trust" rather than the usual hierarchical certificate authority (CA) scheme of a traditional public key infrastructure (PKI) needed for Privacy Enhanced Mail (PEM). However, the complexity and cost of rolling out a large-scale PKI has turned many enterprises away from this technology in search of simpler and cheaper schemes such as PGP, so the outlook for PGP in the enterprise still remains to be seen.
In 1997, Zimmermann sold the rights to PGP technology to NAI, which currently offers both a commercial version and a freeware version to customers. NAI also provides the necessary PKI infrastructure and CA for free PGP users, which currently number more than a million. Zimmerman, meanwhile, has joined Hush Communications in developing encryption software based on the Open PGP standard from the Internet Engineering Task Force (IETF). In contrast to traditional PGP that requires special software to be installed on each client, the new version from Hush delivers the private key for authenticated user using a Java applet running in the user's Web browser. This allows PGP to be used on machines without dedicated PGP client software installed, an advantage for mobile users.
For More Information
You can get PGP at www.nai.com
See Also certificate authority (CA) , e-mail ,encryption ,
Stands for Primary Rate Interface ISDN, a high-speed version of Integrated Services Digital Network (ISDN).
See Also Primary Rate Interface ISDN (PRI-ISDN)
A Microsoft Windows NT domain controller that contains the master copy of the SAM database.
Overview
A Windows NT domain has one primary domain controller (PDC), which periodically undergoes directory synchronization to copy its directory database to back up domain controllers in the domain. The primary domain controller (PDC) must be the first computer installed in a domain and defines the domain. The PDC contains the master copy of the SAM database, but backup domain controllers (BDCs) contain read-only versions of this database.
If a PDC needs to be taken offline for maintenance or repair or if it unexpectedly goes down, a BDC can be promoted to the role of PDC. This is necessary because BDCs contain read-only copies of the domain directory database, so user accounts cannot be modified and passwords cannot be changed unless there is a PDC on the network.
See Also backup domain controller (BDC) ,domain controller ,SAM database
A name server that maintains its own local database of resource records.
Overview
A primary name server has a master copy of resource records for each zone over which it has authority. In the Berkeley Internet Name Domain (BIND) implementation of DNS, these resource records are stored locally on the name server in the form of a text file called the zone file. All changes to the resource records for a zone must be made on the primary name server.
Secondary name servers obtain their resource records from master name servers, which can be either primary name servers or other secondary name servers. The usual configuration when name servers are used within a Transmission Control Protocol/Internet Protocol (TCP/IP) internetwork for name resolution is one primary and one secondary name server, with the primary configured as the master name server for the secondary, which is sometimes called the slave name server.
See Also Domain Name System (DNS) ,master name server ,name server ,secondary name server ,zone
A disk partition on which a bootable operating system can be installed.
Overview
Primary partitions cannot be subdivided into further segments, as extended partitions can. The partition table on a drive's master boot record can contain entries for up to four primary partitions or three primary and one extended partition. Only one primary partition at a time can be the active partition (contain the currently running operating system files). In Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server, the active partition is sometimes known as the system partition.
Primary partitions can also be used in multiboot systems to isolate the files of each operating system from one another.
See Also extended partition
A high-speed version of Integrated Services Digital Network (ISDN).
Overview
In the United States and Japan, a Primary Rate Interface ISDN (PRI-ISDN) connection consists of 24 digital channels that are divided between 23 B channels and a single D channel. This flavor of PRI-ISDN is often referred to as 23B+D because of the types and numbers of channels that it uses. The B channels carry the voice or data between the customer premises and the telco's central office (CO), while the D channel is used for establishing and tearing down connections and for signaling. The bandwidth of each B channel and of the single D channel is 64 kilobits per second (Kbps), so the total bandwidth of PRI-ISDN is 1.544 megabits per second (Mbps), which is identical to that of a T1 circuit. By using the BONDING protocol, the 23 B channels can be combined to form a single 1.472-Mbps data channel.
The other flavor of PRI-ISDN, the European version, employs 30 B channels and one D channel, in other words 30B+D. The bandwidth of an E1 circuit is greater at 2.048 Mbps.
See Also Basic Rate Interface ISDN (BRI-ISDN) ,Integrated Services Digital Network (ISDN) ,T-carrier
The main ring used in the dual ring topology of a Fiber Distributed Data Interface (FDDI) network.
Overview
The primary ring is the only ring used unless it has a fault, in which case the network reconfigures itself to use the secondary ring with the data traveling in the opposite direction. This dual ring configuration provides FDDI with fault tolerance. It is usually a good idea to run the primary and secondary rings along different physical paths to make the FDDI network more fault-tolerant. An accident or disaster affecting one of the rings will thus not affect the other.
See Also fault tolerance ,Fiber Distributed Data Interface (FDDI) ,secondary ring
A technique used to connect one printer to multiple print devices.
Overview
In Microsoft Windows printing terminology, a print device is the physical hardware that does the printing, but a printer is a software interface on a computer that enables jobs to be sent to a print device. Normally, a separate printer is configured for each individual print device. Using a printing pool, however, you can identify several print devices as a single printer to the operating system. Then, when a client sends a print job to the pool, the printer sends the job to the first available print device managed by the printer. Clients can thus print jobs without having to check to see which print device is actually free.
Printing pools are typically used in networks with high printing volume and are also used to provide a form of fault tolerance. Printing pools also simplify the administration of large numbers of print devices. Print devices that are pooled can, however, be a mix of local and network interface print devices. Note that the print devices in a printing pool must be the same make and model or at least be similar devices that use the same printer driver. If you do not have identical print devices and thus cannot create a printing pool, you can take other measures to meet the needs of increased printing volume:
Share an existing printer that is currently not shared for network use
Configure priorities between printers to enable critical documents to be printed before noncritical ones
Institute company policies on how to use printers properly and audit printer usage
Be sure to place pooled print devices in close physical proximity to one another so that users do not have to search for the device that printed their job.
See Also printing terminology
Terminology used to describe different aspects of printing.
Overview
In Microsoft Windows networking, the following are some important printing-related terms that administrators should know:
Print device: A hardware device that produces printed output, such as a LaserJet, ink-jet, or dot- matrix print device. Most people loosely refer to these devices as printers, but the term printer has a specific meaning in the Windows operating system, as described below.
Printer: A software interface installed on a Windows computer that allows users and applications to print to a print device. Microsoft uses the term print device to refer to the actual hardware device; printer refers to the software interface that controls that device. To create a printer, you use the Add Printer Wizard in the Printers folder.
Print server: A computer with which a print device is associated. A print server receives print jobs from clients and sends them to the print device.
Printer driver: A series of files that convert printing commands into machine-specific language for sending them to a print device. Each model and make of print device has its own specific printer driver.
In Microsoft Windows, print devices can be further subdivided into two types:
Local print device: A print device that is locally attached to the parallel or serial port on the print server. If a local print device is being used only on the local machine, its software interface is called a local printer. If a local print device is shared, clients can access it over the network and its software interface is called a network printer from the clients' perspective.
Network-interface print device: A print device that has its own built-in network interface card (NIC) and can be plugged into the network anywhere that a local area network (LAN) drop is free. A network-interface print device is not connected directly to the print server; it is managed remotely by the print server.
Notes
Keep network-interface print devices on the same network or subnet as their print server to minimize the extra network traffic. Be sure that your print server has sufficient RAM (random access memory) for processing documents and sufficient disk space for spooling print jobs. Dedicating a computer to the role of print server is usually recommended, especially if that computer will manage several print devices.
A built-in group in Microsoft Windows 2000, Windows XP, and Windows .NET Server.
Overview
Print operators are users who can administer network printers. The Print Operators group is a domain local group whose initial membership is empty. This group has the following preassigned rights:
Log on locally
Shut down the system
Print operators also have the right to set up and configure network printers.
See Also built-in group
A set of permissions assigned to users and groups to control access to the printers on a Microsoft Windows print server.
Overview
Suitable print permissions are an important part of network administration, especially in enterprise-level networks with different administrative levels. There are four levels of print permissions in Windows, as described in the following table. You can permit or deny any of these permissions, and by clicking the Advanced button on the Printer Properties property page you can configure more granular customized sets of printer permissions if you like.
Permission | What It Allows Users To Do |
Connect to a printer Print a document Manage your own documents only | |
manage documents | Print permissions plus: Pause and restart any document Delete any document Manage job settings for all documents |
manage printers | Manage documents permissions plus: Share a printer Change printer properties Delete a printer Change printer permissions |
Notes
In Windows 2000, you can remotely administer printers over the Internet using a Web browser by accessing the following Uniform Resource Locator (URL):
http://Print_Server_Name/printers
Administrators can use this feature to configure printer permissions and settings, check the status of printers, and create real-time reports on printer usage.
See Also printing terminology ,print server Uniform Resource Locator (URL)
A server that manages a printer on a network.
Overview
A printer can either be directly connected to a port on the print server (called a local printer), or it can have its own built-in network interface card (NIC) and be connected directly to the network (called a network printer). Clients that want to print jobs send them to the print server, which queues or spools the jobs and then sends them to the printer.
Implementation
To deploy a print server on your network, you can use a Microsoft Windows 2000 or Windows .NET Server machine and configure it to be your print server. Alternatively, instead of dedicating a computer to managing a printer on a network, you can use a stand-alone print server device. These devices generally have a small footprint-some are even pocket-sized-and can be used to attach a printer anywhere in the network. Typically, an RJ-45 port on the device can be plugged directly into an Ethernet hub or into a wall plate in a work area, while an IEEE 1284 port on the device is connected to the printer. Stand-alone print server devices generally have built-in support for a variety of protocols (such as Transmission Control Protocol/ Internet Protocol [TCP/IP], Internetwork Packet Exchange/Sequenced Packet Exchange [IPX/SPX], NetBIOS Enhanced User Interface [NetBEUI], and Data Link Control) and platforms (such as Windows 2000, Windows XP, Novell NetWare, and UNIX) and support a wide variety of makes and models of printers. Other features of stand-alone print server devices can include the following:
Support for two or four parallel printer connections
Support for Line Printer Daemon/Line Printer Remote (LPD/LPR) or Dynamic Host Configuration Protocol (DHCP)
Support for Token Ring or AppleTalk networking architectures
See Also network interface card (NIC) ,
Any hardware device that enables two or more computers to directly share one or more attached printers without using a network.
Overview
Print sharers are basically just switches and include the following types:
Manual switch boxes: Here the user turns a rotary switch to select which computer controls the printer. The manual switch boxes are usually in a 2-to-1, 4-to-1, or 6-to-1 configuration. A special switch called an X-switch can allow either of two computers to print to either of two printers. Do not use manual switch boxes with laser printers, as the switching mechanism can cause voltage spikes that can seriously damage the printer.
Electronic print-sharing switches: Here the user uses knobs or toggle switches to select a computer or printer. These switches have solid-state circuitry inside that performs the switching, unlike manual switch boxes, which have simple metallic contacts.
Port-contention or FIFO (first in, first out) switches: These switches automatically monitor all input ports. When a signal enters an input port from a computer, the switch automatically assigns that port to the output printer port.
Code-operated switches: These switches examine the input (computer) data ports for an ASCII string indicating which output (printer) port to switch the incoming printer data to.
Scanning switches: These switches function like port-contention switches except that they sequentially scan the input ports instead of monitoring them all continuously.
Notes
If more than two computers need to share a printer, the best solution is to connect the computers to a local area network (LAN) and use a print server to set up a shared network printer. The print sharing devices listed previously are intended primarily for nonnetworked computers that must be directly connected to printers. In a small peer-to-peer networking setting, you can use a machine running Microsoft Windows XP. In larger networks, Windows 2000 or Windows .NET Server is a better choice.
See Also printing terminology ,print server
The concept that personal or business information should not be shared or accessed without authorization.
Overview
With the emergence of online shopping and business- to-business (B2B) e-commerce in the last few years, privacy has become a critical concern for both consumers and businesses. Privacy involves both ethical and legal issues, and building and maintaining trust is fundamental to its success.
Privacy in the United States generally uses the honor system, although the Federal Trade Commission (FTC) is beginning to establish itself as the privacy defender in the consumer arena. By contrast, the issue of employee privacy in corporations is basically an issue dealt with by state law. Corporations generally issue privacy policies to employees and customers, and many companies practice some form of online monitoring to ensure that employees are not misusing company resources. Examples of such monitoring including logging Web traffic and keeping copies of all e-mails sent and received. In the consumer arena, e-commerce companies sometimes sell customer information to other companies or use it for marketing purposes. Ideally, the privacy policy on the site should explain what the site does with your information and help you decide whether you will transact with the site.
The privacy situation in Europe is generally much stricter, and generally business cannot share a customer's personal information with a third party without the customer's explicit consent. This difference in privacy law can have a significant effect for large enterprises spanning the globe-solutions either involve adopting a strictest common denominator or partitioning company information.
Several independent organizations issue privacy compliance certifications, a popular one being eTrust. Another important development in the area of ensuring online privacy is the emergence of the Platform for Privacy Preferences (P3P), a standard specifying how Web sites communicate their privacy policy to visitors that is being developed by the World Wide Web Consortium (W3C) and is supported by major companies such as Microsoft Corporation, IBM, and America Online (AOL).
Notes
Before you shop online at an e-commerce Web site, be sure to read the privacy policy posted on the site (if you can find it!). Look for a seal from a privacy organization such as eTrust, and be sure not to use things such as your mother's birth name for privacy questions, such as those asked by your credit cards and bank. You should also make sure when making a purchase that the site is secure by looking for https:// in your browser's address field. You might also want to disable cookies on your browser if you are concerned about sites tracking your visits and spending habits, but be aware that this can affect your ability to access certain kinds of sites, such as e-commerce sites.
See Also B2B , cookie ,e-business ,network security , World Wide Web Consortium (W3C)
A specification for encrypting and securing e-mail.
Overview
Privacy Enhanced Mail (PEM) was developed by the Internet Engineering Task Force (IETF) as a standard method for encrypting e-mail messages and protecting their authenticity and integrity. PEM needs to be implemented only on the sending and receiving hosts and does not require any modification of the Internet's Simple Mail Transfer Protocol (SMTP) mail forwarding hosts.
PEM can work with a variety of encryption algorithms including
MD2 and MD5 for message digests
Data Encryption Standard (DES) for secret keys
Rivest-Shamir-Adleman (RSA) for public keys
PEM is documented in RFCs 1421 through 1424.
Implementation
PEM modifies plain text SMTP e-mail messages by converting portions of the message to unintelligible blocks of ASCII code. Three different types of PEM blocks can be included in a message:
MIC-CLEAR: PEM adds an integrity check block to the message but does not encrypt the message.
MIC-ONLY: PEM first encrypts the message and then adds an integrity check.
ENCRYPTED: PEM adds an integrity check to the message and then encrypts the message and the added block.
Issues
Although PEM can be used with either symmetric (secret) key cryptography or public key cryptography, it is mainly intended for use with public key cryptography and therefore requires a public key infrastructure (PKI) to be established before it can effectively be used. This has been the major stumbling block hindering the widespread adoption of PEM, since PKIs have been slow to emerge in the public arena. It has also given room for other schemes such as Pretty Good Privacy (PGP) to emerge and become popular in the market.
See Also cryptography , encryption ,hashing algorithm ,Internet Engineering Task Force (IETF) , Simple Mail Transfer Protocol (SMTP)
A telephone switch at the customer premises that supports multiple independent telephone extensions.
Overview
Private Branch Exchanges (PBXs) can save businesses the cost of supplying an individual local loop connection for each employee because employees can share external trunk line connections. The PBX provides connectivity between the client's private telephone system that it supports and the telco's public trunk lines. In Europe a PBX is known as a Private Automatic Branch Exchange (PABX).
PBXs were originally switch consoles controlled by human operators, who would plug and unplug patch cords to establish connections for customers. The modern electronic PBX (also known simply as a switch) is a solid-state device that essentially establishes a private switching system that mimics the functions of a telco's much larger central office (CO) switching facility. PBXs allow businesses to have better control of their own telecommunications equipment, and they reduce costs by more effectively routing local telephone traffic.
PBXs support a number of features, including the following:
Direct Inward Dialing (DID): A form of call routing that allows outside users to dial directly to any of the extensions
Direct Outward Dialing (DOD): A form of call routing that allows extensions to dial directly to any outside phone number
Station-to-Station Dialing (SSD): Allows any extension to call any other extension without using a business line
Most modern PBXs support digital phone extensions and T1 or multirate Integrated Services Digital Network (ISDN) for their telco connection and can handle data, fax, and other forms of traffic in addition to voice traffic. PBX boards can also be installed in servers to support computer-telephony integration (CTI). Many products and configurations are available.
Implementation
Typically, a telco or other service provider leases and installs a PBX in the main equipment room of a building or campus. The PBX handles all calls initiated and received in the building. If an outgoing call is directed to another line on the PBX, the PBX routes the call directly to its destination instead of forwarding it to the local CO. Outgoing calls directed to destinations outside the PBX are routed to the CO for handling.
Private Branch Exchange (PBX). Connecting customer premises equipment to a PBX.
Telephones and other devices are connected by individual circuits directly to the PBX unit, and trunk lines coming in from the outside terminate at a multitrunk channel band (MCB) unit. The MCB interfaces with the main distribution frame (MDF), which provides the individual circuits that connect the outside world to the PBX unit. The more circuits that the MDF creates from the trunk lines, the more simultaneous outgoing calls can be initiated and received by users of the PBX system. Add-ons for the PBX unit can include call management systems (CMSs), which provide call notification and control services; call accounting services; and modem pools for remote dial-up access.
PBX switches come in various sizes. The smallest is a 3-by-8 switch that supports three business lines and eight extension lines. This configuration permits eight phones to be connected, but only three of them can make or receive calls at a time.
Prospects
The traditional PBX is generally expensive and proprietary. An alternative that is rapidly growing in popularity is the IP PBX, a PBX that uses a packet-switched Internet Protocol (IP) network as its transport instead of traditional circuit-switched telephone lines. IP PBXs are particularly useful for companies that need to support mobile knowledge workers or telecommuters, as they are more flexible and manageable than traditional PBXs. Some analysts predict the IP PBX market will pass the traditional PBX market in 2005.
Notes
An alternative to installing a PBX at the customer premises is to lease a Centrex service from the telco's CO. This service offers similar features to a PBX but from a remote location, and it is managed remotely by the telco.
See Also central office (CO) ,telco
An encryption protocol similar to Secure Sockets Layer (SSL).
Overview
Private Communication Technology (PCT) is a security technology that was developed by Microsoft Corporation in response to certain weaknesses in version 2 of the SSL protocol. These issues were solved in version 3 of SSL and in its cousin, Transport Layer Security (TLS). As a result, PCT is now considered a legacy protocol and should generally not be used for securing transmissions over the Internet.
See Also encryption ,Secure Sockets Layer (SSL) ,Transport Layer Security (TLS)
An Internet Protocol (IP) network ID that can be reused for different networks.
Overview
Because the pool of available IP addresses began to become exhausted in the 1990s, the Internet Engineering Task Force (IETF) came up with a way of reusing certain addresses. They designated three blocks of IP addresses for private use. In other words, any company can use any of these addresses for internal networking purposes. The caveat is that these addresses are not routable to the Internet and networks using them need to use network address translation (NAT) to establish connectivity with the Internet.
The three blocks of private IP addresses specified in FRC 1918 include
16,777,216 unique Class A addresses in the range 10.0.0.0 through 10.255.255.255
1,1048,576 unique Class B addresses in the range 172.16.0.0 through 172.31.255.255
65,536 unique Class C addresses in the range 192.168.0.0 through 192.168.255.255
See Also Class A ,Class B ,Class C ,Internet Engineering Task Force (IETF) ,Internet Protocol (IP) ,IP address ,network address translation (NAT)
An ongoing project of the Institute of Electrical and Electronics Engineers (IEEE) for defining local area network (LAN) and wide area network (WAN) standards and technologies.
Overview
The 802 specifications define the operation of the physical network components-cabling, network adapters, and connectivity devices such as hubs and switches. The Project 802 standards are constantly evolving, and new subcategories are being created to standardize new networking technologies.
Project 802 has a number of subsections, including the following:
802.1: Internetworking standards
802.2: The logical link control (LLC) layer of the Open Systems Interconnection (OSI) reference model data-link layer
802.3: Ethernet (Carrier Sense Multiple Access with Collision Detection)
802.4: Token Bus LAN
802.5: Token Ring LAN
802.6: Metropolitan area network (MAN)
802.7: Broadband technologies
802.8: Fiber-optic technologies
802.9: Integrated voice/data networks
802.10: Network security standards and technologies
802.11: Wireless networking technologies and standards
802.12: Demand priority access technologies
802.14: Cable television access
802.15 : Wireless Personal Area Network (WPAN)
802.16 : Fixed broadband wireless networking
802.17 : Resilient Packet Ring (RPR)
See Also 802.1 ,802.2 ,802.3 ,802.4 ,802.5 ,802.6 ,802.7 ,802.8 ,802.9 ,802.10 ,802.11 ,802.12 ,802.14 ,802.15 ,802.16 ,802.17 ,Institute of Electrical and Electronics Engineers (IEEE) ,local area network (LAN) ,wide area network (WAN)
A mode in which a network device listens to all traffic present on the local segment.
Overview
Devices such as network interface cards (NICs) typically listen only to traffic that is specifically addressed to the card and to broadcast traffic directed to every host. This is done to improve the card's performance, for if it had to process every frame or packet that arrived, the overhead could be great enough to cause errors or saturate the NIC.
Some NICs can be configured to operate in promiscuous mode, a mode of operation in which the NIC accepts all frames on the wire, including those not specifically directed to it. A NIC operating in promiscuous mode reads every frame it receives, whether the frames are broadcast, multicast, or unicast. In some networks, this can be a security problem because nodes that act "promiscuously" can be configured not only to read frames but also to store them and even retransmit them. Sensitive information can thus be intercepted on the network and retransmitted to remote stations. This problem can occur in both Ethernet and Token Ring networks when NICs are configured to act promiscuously.
Sometimes, however, a network device should act promiscuously. Examples include bridges, which must listen to all traffic in order to build their media access control (MAC) address tables; protocol analyzers; and other network troubleshooting devices that need to capture and analyze all traffic on a particular local area network (LAN) segment.
See Also bridge ,MAC address ,network interface card (NIC) ,network troubleshooting
A set of rules or procedures for sending information over a network.
Overview
Protocols perform such functions as initializing and terminating communication sessions, addressing and routing packets, sending and broadcasting data, performing authentication or encryption, compressing data, and performing error correction. Some protocols have been developed by specific vendors and then accepted as de facto standards by the industry, but others were initially formulated by independent standards bodies and then accepted and implemented by vendors. The most widely implemented protocols are those relating to Transmission Control Protocol/Internet Protocol (TCP/IP) and the Internet.
Types
Protocols are usually classified according to the layer they correspond to in the Open Systems Interconnection (OSI) reference model for networking. Types of protocols include the following:
Data-link protocols: Govern the framing of data, physical addressing of network nodes, and media access control methods. For local area networks (LANs), these primarily include Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI). For wide area networks (WANs), they include Point-to-Point Protocol (PPP), High-level Data Link Control (HDLC), frame relay, Asynchronous Transfer Mode (ATM), and X.25.
Network protocols: Handle link services and are responsible for addressing, routing, and error checking. Examples include NetBEUI, Internetwork Packet Exchange (IPX), NWLink, and Internet Protocol (IP).
Transport protocols: Enable the establishment of sessions and ensure reliable flow of data. Examples include NetBEUI, Sequenced Packet Exchange (SPX), NWLink, and Transmission Control Protocol (TCP).
Application layer protocols: Enable applications to access network services. Examples include Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Telnet, Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), Network News Transfer Protocol (NNTP), X.400, X.500, Server Message Block (SMB), and Network File System (NFS).
For More Information
Visit www.protocols.com
See Also Open Systems Interconnection (OSI) reference model
A device that emulates the behavior of another device.
Overview
Protocol converters are often used in mainframe computing environments where they enable one device to emulate the communication functions of another device. For this reason, a protocol converter is sometimes known as an "emulator," and such emulators can be either hardware-based or software-based. One common type of protocol converter lets you communicate asynchronously with a mainframe host from a PC over a synchronous communication link. This enables you to use the PC as the front end to the host instead of using expensive synchronous terminals. To support this synchronous/asynchronous conversion, the emulation hardware/software must perform several conversions:
Connect the twinax or coax synchronous connection from the host to an asynchronous RS-232 connection for the PC. For a remote connection, the converter might include X.21 or V.35 serial interfaces as well.
Take the Synchronous Data Link Control (SDLC) data stream from the host and convert it to an asynchronous format.
Perform synchronous Extended Binary Coded Decimal Interchange Code (EBCDIC) to asynchronous ASCII conversion and translate standard input/ output into appropriate screen/keyboard mappings.
Protocol converter. Two scenarios where you might use a protocol converter.
For example, you can turn a PC into a 5250 terminal by installing a 5250 emulator card (a PC typically emulates a 3270 terminal for remote connections or a 5250 terminal for local connections). Here you might use twinax cabling to connect the port on the card directly to an AS/400 or System 390 mainframe. The 5250 emulator software running on the PC typically supports multiple concurrent 5250 sessions.
You can also use protocol converters to connect ASCII printers to AS/400 or System/3x mainframe hosts. A protocol converter for this purpose is sometimes called a printer emulation card.
See Also 3270 ,5250 ,mainframe ,terminal emulator
A text file that provides resolution of protocol names into their respective RFC-defined protocol numbers on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
Overview
The entries in a protocol file include friendly names for TCP/IP protocol numbers and can be used for well- known service (WKS) records in Domain Name System (DNS) servers and other Windows Sockets applications.
The protocol file is in the following location on computers running Microsoft Windows:
Windows 2000, Windows XP, and Windows .NET Server: %SystemRoot%\system32\ drivers\etc\protocol
Windows Millennium Edition (Me): \Windows\protocol
Each line in the protocol file contains the standard name for a protocol followed by the assigned number as defined in RFC 1060, an alias, and an optional comment prefixed with a pound sign (#). The following example comes from the sample protocol file included with Windows 95 and Windows 98:
ip 0 IP # Internet protocol icmp 1 ICMP # Internet control message protocol ggp 3 GGP # Gateway-gateway protocol tcp 6 TCP # Transmission control protocol
See Also hosts file ,lmhosts file ,Networks file ,services file
A dense mode multicast routing protocol.
Overview
Protocol Independent Multicast-Dense Mode (PIM-DM) is a multicast routing protocol similar to Distance Vector Multicast Routing Protocol (DVMRP). PIM-DM shares the following similarities with DVMRP:
Builds source-based trees using reverse-path forwarding
Operates in dense mode to forward multicast traffic everywhere
The main difference between PIM-DM and DVMRP is that although DVMRP uses its own routing protocol for building its multicast routing tables, PIM-DM can utilize any underlying unicast routing protocol for this purpose, including Interior Gateway Routing Protocol (IGRP), Enhanced Interior Gateway Routing Protocol (EIGRP), Routing Information Protocol (RIP), or Open Shortest Path First (OSPF). This makes PIM-DM considerably more powerful and flexible than DVMRP, particularly for large internetworks.
See Also dense mode , Distance Vector Multicast Routing Protocol (DVMRP) ,Enhanced Interior Gateway Routing Protocol (EIGRP) ,Interior Gateway Routing Protocol (IGRP) ,multicasting ,Open Shortest Path First (OSPF) , Routing Information Protocol (RIP), routing protocol, sparse mode, unicasting
A sparse mode multicast routing protocol.
Overview
Protocol Independent Multicast-Sparse Mode (PIM-SM) is closely related to its dense mode cousin, Protocol Independent Multicast-Dense Mode (PIM-DM). Like PIM-DM, PIM-SM can also use a variety of underlying unicast routing protocols for building its routing tables. The differences are that PIM-SM is optimized for wide area network (WAN) usage where the distance between multicast source and receivers is assumed to be great and that there may be limited amounts of bandwidth available for communications between them. To optimize performance in a WAN environment, PIM-SM uses explicit join messages and builds a single shared tree for the entire multicast group instead of using source-based trees as in PIM-DM.
See Also dense mode , routing protocol, sparse mode, wide area network (WAN)
A collection of protocols that work together as a group.
Overview
Most networking protocols are actually collections or suites of protocols that work together to perform various complementary functions. Examples of protocol suites include the following:
NetWare's Internetwork Packet Exchange (IPX) and Sequenced Packet Exchange (SPX) and related protocols, such as NetWare Core Protocol (NCP) and Service Advertising Protocol (SAP)
The Internet's TCP/IP protocol suite, which consists of Internet Protocol (IP), Transmission Control Protocol (TCP), and related protocols such as Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), and Hypertext Transfer Protocol (HTTP)
AppleTalk and its related protocols, such as AppleShare, EtherTalk, and LocalTalk
See Also protocol
An emerging standard for Internet service billing and traffic delivery.
Overview
The Internet Engineering Task Force (IETF) is developing Provider Architecture for Differentiated Services and Traffic Engineering (PASTE) as a way of defining how Internet service providers (ISPs) can deliver different traffic types to their clients and bill them accordingly. PASTE uses the Multiprotocol Label Switching (MPLS) protocol and the Resource Reservation Protocol (RSVP) to provide these differentiated services.
Existing traffic management technologies such as Cisco Systems' tag switching require that routers maintain state information for every virtual circuit they detect. PASTE eases this requirement by aggregating traffic flows that share a common path into a trunk. Routers need only maintain tables of trunks instead of tables for virtual circuits, which greatly reduces router overhead. Packets can then join or leave a trunk at any router. PASTE can thus be implemented without adding overhead to an ISP's routers, whose tables are often burdened by the rapidly expanding address space of the Internet.
See Also Internet Engineering Task Force (IETF) ,Internet service provider (ISP) ,Multiprotocol Label Switching (MPLS) ,Resource Reservation Protocol (RSVP) ,router
Delivering telecommunications services to the customer premises.
Overview
In enterprise networking, provisioning commonly refers to the process of requesting, obtaining, deploying, and configuring various telco services, mainly in order to build wide area networks (WANs) or to provide high-speed Internet access. For example, one could say "The provisioning of our T1 line took several weeks to complete."
Provisioning also has a more limited usage in terms of configuring various options for telco services. For example, an analog telephone line can be provisioned with only a few options, such as caller ID and call waiting. An Integrated Services Digital Network (ISDN) line can be provisioned with many more options, and the configuration of the ISDN equipment at the customer premises must match that at the telco's central office (CO) for communication to function properly. For example, the service profile identifier (SPID), which is a phone number with additional digits prefixed and appended to it, must be configured properly on the customer's ISDN equipment for the telco's ISDN switching equipment to recognize the type of equipment that is attached, recognize whether one or more devices is attached, and enable calls to be routed appropriately to the equipment.
See Also central office (CO) ,Integrated Services Digital Network (ISDN) ,T-carrier ,telco ,wide area network (WAN)
A type of proxy server that caches Web pages that users request on the Internet.
Overview
A proxy cache server can be used like a regular proxy server at the border of a private corporate network in order to cache the Web pages returned from the Internet when users in the private network request them. When users request these pages again, the pages are returned instantly from the cache; a new request need not be sent over the Internet. This speeds up browsing for frequently accessed Web sites and reduces the amount of bandwidth used on the corporate Internet link. Proxy cache servers can also be used at Internet service providers (ISPs) and at strategic locations on the Internet's high-speed backbone to provide relief to heavily accessed Web servers and to reduce overall backbone traffic. Another name for this kind of server is caching proxy .
Basically, proxy cache servers can perform two kinds of caching:
Passive caching: Web pages that clients request are cached for later retrieval if requested.
Active caching: The proxy server tries to anticipate which Web pages clients will request, and when the server has idle time and the network is sufficiently quiet, the proxy server requests the pages and stores them in the cache.
See Also caching ,
An application that acts as an intermediary between a private network and the Internet.
Overview
Proxy servers act as secure gateways to the Internet for client computers, and are usually components of firewalls. They are transparent to client computers-a user interacting with the Internet through a proxy server is not aware that a proxy server is handling the requests unless the user tries to access a resource that the proxy server is configured to disallow. Similarly, the Web server receiving the requests from the proxy server interprets these requests as though they came directly from client computers.
Types
Two basic types of proxy servers are used in network firewall environments:
Circuit-level gateways: These are used to establish virtual circuits (VCs) between machines on the internal private network and the proxy server on the border of the private network. The proxy server controls all connections between the internal private network and the external public network. If a client on the private network wants to access the Internet, for example, the Hypertext Transfer Protocol (HTTP) request packet generated by the client's Web browser traverses the virtual circuit to the proxy server; the proxy server then changes the source IP address of the packet to that of the external (public) network interface of the proxy server and forwards the packet onto the Internet. When a remote HTTP server on the Internet sends a response, the proxy server routes this response back through the virtual circuit to the client that made the request.
Application-level gateways: These operate at Layer 7 (the application layer) and can be used to implement security policies for analyzing packets that reach the external (public) interface of the proxy server from distrusted public networks. These security policies can examine packet addresses and other header information, permit or deny packets on the basis of their contents, and modify the address, header, or contents of packets that they monitor in order to hide key information about the internal network's applications and services. Application-level gateways provide proxy services only for specifically configured applications and protocols such as HTTP, File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Telnet. For each type of application for which you want to regulate access through the firewall, you must install and configure a related proxy service on the proxy server. Applications and protocols for which a proxy service is not installed cannot be accessed through the firewall.
Uses
Proxy servers are generally used to secure private networks connected to unsecured public networks such as the Internet. They have greater functionality than packet filtering routers because they operate at a higher level of the protocol stack and afford greater control over monitoring and managing network access. A proxy server functioning as a security agent for a private network is an essential part of a firewall.
Advantages and Disadvantages
The advantages of using a proxy server include the following:
It provides a single, secure gateway to manage between your private corporate network and the public Internet.
It can provide different types of access to the Internet for different groups of users as appropriate.
It can monitor and track Internet usage for each user.
It can enable multiple users to share a single high- speed Internet connection.
Instead of using a proxy server, you could provide modems for, and run telephone lines directly to, each user who needs Internet access, but this option is costly. You can also configure a physically separate network with several computers that have shared Internet access, but this is cumbersome for users.
See Also firewall , virtual circuit
A group of protocols that are part of the X.400 messaging standards.
Overview
Five P-series protocols relate to messaging systems that support X.400, such as Microsoft Exchange Server:
P1: Specifies the layout of messages transferred from one Message Transfer Agent (MTA) to another. This protocol specifies that X.400 messages consist of two parts: a P1 header, which acts as an envelope and must contain a globally unique recipient address for message routing and control purposes, and a P2 message, which is the actual content of the message.
P2: Defines the format for transmitting the content of an X.400 message. This format includes a P2 header (which is not used because the P1 header provides the necessary routing information for the message) and a P2 body, which is the actual content of the message and consists of one or more body parts of various types (such as text, images, voice, or telex).
P3: Specifies how a user agent (UA) communicates directly with an MTA for sending or receiving a message. This protocol is not used as often as the P7 Protocol for the same reason that Post Office Protocol version 3 (POP3) is used instead of Simple Mail Transfer Protocol (SMTP) to receive Internet mail.
P7: Specifies how a UA communicates with a message store (MS) in order to selectively retrieve messages from the store and delete unwanted messages without downloading them.
P22: A 1988 revision of the P2 Protocol that clarifies and extends certain features of P2.
See Also Post Office Protocol version 3 (POP3) ,Simple Mail Transfer Protocol (SMTP) ,X.400
Stands for Public Switched Telephone Network, the public telephone network managed by the local telco and long-distance carriers.
See Also Public Switched Telephone Network (PSTN)
Stands for pointer record, a resource record for reverse name resolution.
See Also pointer (PTR) record
A popular method for encrypting data for transmission over a network.
Overview
Also known as asymmetric cryptography, public key cryptography is an encryption method developed by Martin Hellman and Whitfield Diffie in 1976 that is used for securing transmission of data over unsecure networks such as the Internet. Earliest forms of cryptography involve a private or secret key that was shared by the individuals involved in the transmission. The key is a mathematical entity that the sender can use to encrypt a message and the receiver can use to decrypt it. This form of cryptography is known as secret key cryptography or symmetric cryptography. The main problem with this form of cryptography is the question of how the owner of the key can securely transmit the key. In other words, the main problem is one of key management-how to create, store, and transmit the key to those who will need it to decrypt messages sent to them.
Public key cryptography solves this problem by creating a set of two different keys for anyone needing to transmit encrypted information. A precise mathematical relationship exists between the two keys, which together are called a key pair. Both keys are produced at the same time using a mathematical algorithm such as Rivest-Shamir-Adleman (RSA). As a result, when either one of the two keys is used to encrypt a message, the other can be used to decrypt it.
The two keys in a key pair are as follows:
Private key: Held privately by the owner of the key pair and kept secret from anyone else. The responsibility for safe storage of the private key rests entirely with the key pair owner, who has no need to transmit the private key to others.
Public key: Made available by the key pair owner to anyone who requests it. Because the public and private keys are related mathematically, in principle someone could take another person's public key, perform complex mathematical calculations on it, and extract the corresponding private key. The solution is to use keys sufficiently long and with a sufficiently complex mathematical relationship so that it is all but impossible to extract the private key from the public one.
Once a key pair is generated for someone, that person can use it to encrypt messages and to digitally sign messages so that the recipient can be sure of the sender's identity.
The entire public key cryptography system is ultimately founded on trust. All persons who are issued key pairs must trust the third-party authority who provided the key pairs. This trusted authority is called a certificate authority (CA). Someone who wants to obtain a key pair from a CA must contact the CA and present proof of identity. This could involve a face-to-face meeting, examination of a driver's license with photograph, or some other method of establishing a user's identity.
See Also cryptography , digital certificate ,digital signature ,encryption , Secure Sockets Layer (SSL)
A set of standards for cryptography.
Overview
The Public Key Cryptography Standards (PKCS) were developed by an industry consortium headed by RSA Laboratories and including Microsoft Corporation. PKCS specifies how a public key cryptography system should be implemented and operated. The following table shows the standards that are important to public key cryptography.
Standard | Description |
PKCS #1 | Specifies how to encrypt and sign data using RSA encryption |
PKCS #2 | Now included in PKCS #1 |
PKCS #3 | Describes the Diffie-Hellman key exchange protocol |
PKCS #4 | Now included in PKCS #1 |
PKCS #5 | Specifies how to encrypt data using a secret key derived from a user's password |
PKCS #6 | Specifies the syntax standard for extended certificates |
PKCS #7 | Specifies the general syntax of messages that include cryptographic enhancements such as encryption and digital signatures |
PKCS #8 | Specifies the format for private key information |
PKCS #9 | Specifies various attribute types that are used in other PKCS standards |
PKCS #10 | Specifies the syntax for requesting digital certificates |
PKCS #11 | Specification for the Cryptoki application programming interface (API), which is used in smart cards |
PKCS #12 | Specifies a portable format for storing and transporting certificates, private keys, and so forth |
PKCS #13 | Specifies standards for elliptic curve cryptography (under development at the time of this writing) |
PKCS #14 | Specifies standards for generating pseudo-random numbers (under development at the time of this writing) |
PKCS #15 | Specifies the standard format for cryptographic token information (under development at the time of this writing) |
See Also cryptography ,
An infrastructure to enable the use of public key cryptography in a corporate or public setting.
Overview
In order to implement public key cryptography, a public key infrastructure (PKI) must first be deployed. A PKI is essentially a group of services that enables key pairs to be generated, securely stored, and securely transmitted to users so that users can securely send encrypted transmissions and digital signatures over public networks such as the Internet. A PKI can be used to secure e-mail messages and World Wide Web (WWW) transactions, e-commerce and business-to-business (B2B) linkages, and corporate virtual private networks (VPNs).
Architecture
A public key infrastructure consists of a framework of coordinated services that are standardized to a degree by the Public Key Infrastructure X.509 (PKIX) working group of the Internet Engineering Task Force (IETF), although some work in this area still needs to be done. These coordinated services generally include
A trusted certificate authority (CA) that can obtain a digital certificate and key pair that maps to their identity. This CA may be the enterprise itself, a trusted business party, or a trusted third party such as a government agency or vendor of public PKI services.
A registration authority (RA) that can accept requests for digital certificates and cache them while the user's alleged identify is verified. Sometimes the verification of user identities is performed by a separate RA, but this service can also be integrated with the functions of the CA.
A certificate store in which users can access the public keys of other users for encrypting messages or validating digital signatures. This store is usually based on the X.500 directory recommendations and must include a certificate revocation list (CRL) mechanism for identifying certificates that are compromised, expired, or otherwise no longer valid.
A digital certificate and key management system for generating, storing, and securely transmitting certificates and key pairs to users who request them.
Implementation
Although companies can implement their own in-house PKI systems using software such as Microsoft Windows 2000's Certificate Services and other products, many enterprises employ the services of PKI vendors such as those discussed below to outsource their PKI needs. These vendors provide client software, plug-ins, and CA/RA/CRL services to help enterprises implement public key cryptography as their underlying security mechanism. Unfortunately, implementing PKI is usually easier said than done, and it can be time-consuming and costly (most PKI vendors charge on a per user basis, which adds up quickly for large enterprises). The net result is that PKI often suffers from the perception that it is difficult to implement and use, which has resulted in few large-scale PKI deployments being done so far.
Actually, the most difficult part of implementing PKI in the enterprise arena is usually application integration-getting all the various existing client software packages to recognize and utilize public key cryptography as the basis of their security. Many enterprises have backed away from PKI after getting their feet wet because of the difficulty of integrating PKI throughout their applications platforms. As an example of the kind of situation you want to avoid, consider the case of an employee who is leaving your company. You delete that person's information from your human resources database-but does your PKI system automatically revoke the employee's digital certificate? This is the sort of automated task that requires careful application integration to ensure your enterprise's security, and it can be difficult to achieve in enterprises with many legacy application packages. Rivest-Shamir-Adleman (RSA) has an innovative solution in this regard with its Web Passport, which uses a small downloadable plug-in module to bridge legacy applications to digital certificates without the need to build support for PKI into these applications.
Marketplace
Major vendors of PKI software and services include Baltimore Technologies, Entrust, RSA Security, and VeriSign. Products from these vendors vary greatly in manageability, application integration, and cost, so before settling on one solution, you should exercise due diligence in testing and piloting popular systems.
Before deciding to implement PKI in your enterprise, it is a good idea to consider first whether it is really needed. E-commerce and messaging are currently being successfully transacted in a relatively secure fashion without the need of PKI-for example, using the Secure Sockets Layer (SSL) protocol. Some startup companies are also developing products that sidestep some of the difficulties of implementing a PKI and provide innovative ways of securing corporate e-mail and Web transactions. Examples include SafeLoop, which sends encrypted electronic messages using Hypertext Transfer Protocol (HTTP) instead of Simple Mail Transport Protocol (SMTP), and Hilgraeve, which enables secure online document collaboration using online storage services instead of sending documents as e-mail attachments. P2P (peer-to-peer) technologies are also emerging as an alternative to traditional Internet messaging and collaboration protocols and may provide an additional option for enterprises seeking innovative solutions to secure electronic communications.
Prospects
Many industry analysts consider PKI's prospects of succeeding in the enterprise and in the larger public arena uncertain. The complexity and cost of implementing PKI has caused many enterprises to balk at the process, especially when funds are more urgently needed for putting out other security-related fires. Many IT (information technology) managers see e-mail filtering, antivirus software, firewalls, and intrusion detection systems as more of a priority than rolling out a complex PKI system. A few spectacular failures of large-scale PKI rollouts have also had a discouraging effect on the market. Another serious issue has been interoperability issues between software and platforms from different PKI vendors, a result of the effect of vendor politics on the standards process.
On the other hand, there have been many successful PKI implementations, even in the public arena. The U.S. Patent and Trademark Office has a PKI system that allows patent applications to be securely filed online, and the result has been considerable cost savings. But by and large the world is still years away from a time when digitally signed documents can be used as easily as paper ones for legal, medical, financial, and contractual transactions between individuals and companies. One positive step occurred in October 2000 with the passing into U.S. law of the Electronic Signatures in Global and National Commerce (E-Sign) Act. However, this law recognizes the legal validity of digital certificates, but it also hedges bets by avoiding defining exactly what a "digital certificate" actually is.
For More Information
Visit the PKI Forum at www.pkiforum.org
See Also certificate authority (CA) , cryptography ,digital certificate ,encryption ,key pair , Secure Sockets Layer (SSL)
The public telephone network managed by the local telco and long-distance carriers.
Overview
The Public Switched Telephone Network (PSTN) consists of a digital Integrated Services Digital Network (ISDN) backbone of switched circuits together with the analog local loop wiring still found in many residences. The PSTN is sometimes referred to as the Plain Old Telephone Service (POTS), but this term actually refers to the older analog portion of the PSTN.
The PSTN provides the most popular basis for creating wide area networks (WANs) either through dial-up or leased lines. The PSTN is often used in wide area networking because of its ubiquitous nature since local loop connections to the service exist almost everywhere in the world. However, with the advent of alternative services such as high-speed cable modem services and passive optical networking (PON), the days of the slow, analog local loop connection may be approaching their end.
See Also analog , cable modem ,digital ,Integrated Services Digital Network (ISDN) ,local loop , wide area network (WAN)
In Active Directory directory service, the process of making directory objects accessible to users on the network.
Overview
Many objects created in Active Directory are automatically published or made available to users on the network. For example, when you create a new user object containing information about that user, such as the user's phone number and e-mail address, other users on the network can look up this information in Active Directory.
If an object that does not reside in Active Directory is published, Active Directory points to the object's location on the network. Most objects are automatically published in Active Directory if they reside on computers running Windows 2000, Windows XP, or Windows .NET Server, but you might have to manually publish the location of other objects, such as shared folders and printers on downlevel computers running Windows NT.
When you consider whether to publish an object in Active Directory, consider whether the information will be changed frequently. Published information should be relatively static. Information should be published when it will be useful to a large segment of the enterprise community. Structured information is more useful to publish than individual items such as files, which should be published instead in file systems accessed through share points. Applications can publish their connection points and application data in Active Directory.
See Also Active Directory
A common method for converting analog signals into digital ones used by telcos.
Overview
Pulse code modulation (PCM) is the standard method used by telephone companies and telecommunications providers for converting analog signals into digital ones that can be transmitted over the Integrated Services Digital Network (ISDN) and Asynchronous Transfer Mode (ATM) backbones of the Public Switched Telephone System (PSTN). Digital signaling has replaced analog in the PSTN backbone because digital signals can be transmitted long distances with little degradation in signal quality.
Implementation
The basis of PCM is the Nyquist Theorem from Information Theory, a branch of mathematics concerned with information and signaling. The Nyquist Theorem states that in order to accurately represent an analog signal as a digital one, the signal must be sampled at twice the maximum analog signal frequency. Since the maximum frequency used in analog voice communications in the local loop is 4 kilohertz (4000 hertz or 4000 cycles/second), the theorem indicates that analog signals must be sampled at twice that or 8 kHz. PCM does just this by taking analog signals with continually varying voltages and quantizing these signals into discrete voltages using an 8-bit (1 byte) representation for each sample. The voltage levels correspond to powers of 2 and represent a series of binary numbers so that the output of a PCM device is essentially a binary number. This sampling and quantization process results in a data transmission rate of 8 bits x 8 KHz = 64 Kbps, which explains why 64 Kbps DS-0 trunk lines form the basis of the PSTN's backbone.
A typical PCM converter consists of a sample-and-hold circuit that samples the analog voltage signal and holds it long enough so that an analog-to-digital converter can convert it into digital (binary) format. A single device plus its associated software that can perform both the analog-to-digital conversion and its reverse is known as a codec or coder/decoder.
See Also Asynchronous Transfer Mode (ATM) , DS-0 ,Integrated Services Digital Network (ISDN) ,local loop , telco
Stands for permanent virtual circuit, a dedicated circuit between two nodes in a circuit-switched network.
See Also permanent virtual circuit (PVC)
Stands for polyvinyl chloride cabling, a grade of network cabling that uses polyvinyl chloride (PVC) plastic for its outer protective insulating jacket.
See Also polyvinyl chloride (PVC) cabling