An object-oriented programming language based on the earlier C language that is used for developing applications, including Win32 applications for Microsoft Windows platforms. The standard form of C++ is called ANSI C++ and is defined by the American National Standards Institute (ANSI).
C++ is an important language for developing tools and applications for high-speed networking because it is a compiled language whose object code runs extremely fast. For example, a form handler written for a Hypertext Markup Language (HTML) form that runs on a UNIX Apache Web server will run much faster if it is written in a compiled language such as C or C++ than if it is written in an interpretive language such as Perl or Microsoft Visual Basic, Scripting Edition (VBScript). High-performance Internet Server API (ISAPI) applications and dynamic-link libraries (DLLs) written for Internet Information Services (IIS) generally perform best when written in C++. Powerful distributed Web-based applications for the Internet can be developed using a combination of Active Server Pages (ASP) scripts in VBScript or JScript, with Microsoft ActiveX components and ISAPI DLLs written in C++ using Microsoft Visual C++.
C++ programs for Windows network operating system platforms can be developed using a variety of tools:
Traditional C++ development tools using editors, compilers, and debuggers support low-level application programming interface (API) access, Microsoft Foundation Classes (MFC), software development kits (SDKs), and other supporting elements.
Rapid application development (RAD) tools provide integrated development environments (IDEs) that focus on providing developers with ease-of-use features.
Component deployment tools take a component-based approach to generating and reusing C++ code for building distributed and multitier applications.
Visual C++ combines the best features of these various classes of tools. It is an excellent choice for developing large-scale distributed networking applications based on the C++ language and Microsoft’s own specific extensions to ANSI C++ that are designed for the Win32 platform.
A security standard for computer systems established by the National Computer Security Center (NCSC), a U.S. government agency responsible for evaluating the security of software products. The C2 security standard is defined in the Trusted Computer Systems Evaluation Criteria manual (or Orange Book) published by the NCSC.
The NCSC rated Microsoft’s Windows NT 3.5 (with Service Pack 3) C2-compliant. The C2 designation assures that the base operating system satisfies a number of important security criteria. This designation also represents an independent, unbiased evaluation of the security of the system architecture with regard to the government’s operating and implementation standards.
A C2 rating does not indicate that a system is free of security bugs; instead, this rating certifies that the underlying architecture of the computer system is suitable for high-security environments in specific networking configurations. It is incorrect to say that Windows NT is C2-certified or runs in C2 mode. Only a complete computer system (including hardware) can be rated C2. A rating of C2 means that in a particular implementation, in a particular networking environment and configuration, using specific hardware and software, a computer network using a Windows NT operating system can apply for and might receive C2 certification.
How It Works
According to the Orange Book, in a C-level system, the security policy must be based on what is known as Discretionary Access Control (DAC), which essentially means that users of the system can own objects (files, directories, and so on) and can control access to these objects by other users. A user who establishes control over an object is responsible for granting or denying all access rights to that object. In other words, the owner of an object grants or denies users access to the object at his or her discretion. This is in contrast to a B-level system, in which Mandatory Access Control (MAC) specifies that all objects have security levels that are defined independent of the object’s owner.
On the Web
•
NCSC home page : http://www.radium.ncsc.mil
See certificate authority (CA)
An enclosure with a built-in rack for holding and organizing patch panels, switches, hubs, routers, servers, and any other networking equipment within a wiring closet.
How It Works
Cabinets can be wall-mounted or freestanding, come in various heights, and are usually standardized for 19-inch-wide shelving and paneling. They generally come in 83-inch and 48-inch heights, although many vendors offer custom-designed cabinets. The reason for standardizing the width to 19 inches (18.31 inches to be precise) is that hubs, switches, routers, and other networking devices are produced in this width so that they can be organized in racks and cabinets designed for this purpose. Cabinets come with a variety of accessories for organizing cables, power strips, and so on. Because heat can accumulate in cabinets, they usually include vented walls and have an exhaust fan on top. A cabinet will often have a locking front panel made of clear plastic so that status lights on equipment are easily visible. Shelves can be fixed, mounted, or sliding to enable easy access to the sides and backs of equipment.
                      
                     
Graphic C-1. Cabinet.
TIP
When should you choose a cabinet instead of a rack? Choose a cabinet for equipment that is exposed to user traffic, and then you can lock equipment away when the room itself is not locked. Cabinets are also best for expensive networking equipment that you don’t want anyone but authorized administrators to touch. Cabinets with filter fans installed can protect equipment in environments where dust is a problem. Use filler panels to enclose areas of the cabinet that are not occupied by equipment.
See also premise cabling, rack
Files with the extension .cab that store compressed files, usually for distributing software. Cabinet files can contain multiple files in a compressed state, or a single compressed file can be spread over several cabinet files. During installation of software, the setup program decompresses the cabinet files and copies the resulting files to the user’s system.
Cabinet files can be digitally signed using a Microsoft technology called Authenticode. This allows setup files to be downloaded safely over untrusted networks such as the Internet. Cabinet files are compressed using a compression algorithm called MSZIP, which is based on the Lempel-Ziv algorithm.
NOTE
Cabinet files in Microsoft Windows 95 were located in the Win95 directory on the source CD, and most were represented as a series of large files named Win95_1.cab, Win95_2.cab, and so on. Windows 98 uses a different naming convention and names many of its smaller cabinet files by function rather than by the order in which they are used during setup. Naming by function makes the extraction of files easier, which in turn makes the setup process smoother.
TIP
In Windows 95, if you want to extract specific operating system files from a cabinet file (for example, to replace a missing or corrupt file), you have to use the command-line utility called extract. Using Windows 98, you can simply double-click on a cabinet file using Windows Explorer to view its contents in a new window, double-click on the specific file you want to extract, and specify the destination folder to send it to. You can also use the System File Checker tool to extract files without knowing which specific cabinet file they are located in.
A device that allows your computer to access the Internet through dedicated broadband transmission networking services by means of your home cable TV (CATV) connection.
How It Works
There are generally two types of cable modem services:
One-way cable modems are used by unidirectional cable services. Most cable TV services are designed to carry information in one direction only—from the broadcaster to the customer premises. With one-way cable modems, the customer uses a regular telephone modem to send information to the cable company but uses the cable TV system with cable mode to receive signals from the company. The telephone modem handles all upstream communication, while the cable modem handles all downstream communication. One-way cable modems are typically cards installed inside a subscriber’s computer.
Two-way cable modems require that the broadcasting cable company has converted its cabling and repeater infrastructure for bidirectional communication. Two-way cable modems are typically external devices connected to a network interface card (NIC) that is installed in the subscriber’s computer. The cable modem is used for both upstream and downstream communication in this configuration. Most cable companies currently have initiatives under way to make such a conversion, but it requires a large capital investment. Therefore, it will be several years before these systems become widely available.
Cable modems modulate and demodulate analog signals like regular modems, but for transmission over broadband video services instead of telephone voice services. A cable modem can be internal or external, and can interface with the coaxial cable connection at the user’s end and the Cable Modem Termination System (CMTS) at the head office of the cable provider.
In a one-way cable modem implementation, the CMTS uses separate subsystems for upstream and downstream connections that terminate at a router. The downstream subsystem is designed for converting incoming Internet Protocol (IP) traffic into radio frequency broadband signals that are broadcast using a broadband network hub (BNH) over cable TV wiring to local groups of connected subscribers. The upstream subsystem usually consists of banks of ordinary telephone modems to allow for easy expansion of services to additional subscribers. The router is used to route network traffic between clients and local content servers hosted by the cable provider, and to the Internet.
                      
                     
Graphic C-2. A one-way cable modem service.
Cable modem and Asymmetric Digital Subscriber Line (ADSL) are two competing technologies for bringing high-speed broadband Internet services to homes and businesses. Cable modems offer downstream speeds comparable to T1 lines, but competing technologies, lack of standards, and implementation costs are hindering widespread deployment and use of this technology.
NOTE
All subscribers in a one-way cable modem local service area are essentially on a local area network (LAN) and, if they have a packet sniffer, they can see each other. If you are using a one-way cable modem with the Microsoft Windows 98 operating system on your computer, you should disable file and print sharing so that other users in your local service area cannot see your system or access resources on it.
TIP
If you have a one-way cable modem installed on a computer running Windows 98 and it is not working properly, you might have IP Auto-Configuration Addressing enabled, causing an addressing problem that prevents packets from being routed successfully to your machine. Also try checking with your cable service provider to determine whether you have correctly configured the line-in frequency, line-out phone number, and proxy server address.
On the Web
•
Cablemodems.com : http://www.cablemodem.com
•
IEEE 802.14 Cable-TV Protocol Working Group : http://www.com21.com/pages/ieee-802.14.html
A length of installed cable connecting two network components that are not in immediate proximity to one another. Laying cable runs is the main work of installing premise cabling in a customer premises. Types of cable runs include
Horizontal cable: Runs through building plenums (the space between the floor and the ceiling) and false ceilings, connecting wiring closets together and connecting patch panels to wall plates
Vertical cable: Runs through vertical building rises, connecting wiring closets on each floor with the building’s main equipment room
Different grades of cabling must be used for different runs to ensure compliance with building codes and safety standards. Examples include PVC (polyvinyl chloride) cabling and plenum cabling. The EIA/TIA wiring standards specify guidelines for using cable types and grades.
NOTE
Cables connecting computers to patch panels (drop cables) and connecting patch panels with hubs and switches (patch cables) are generally not referred to as cable runs because they are not permanently installed and are usually quite short. The term “cable run” generally applies to cables that run from the patch panels in a wiring closet to other parts of the building.
TIP
When installing horizontal or vertical cable runs, use the highest grade that your budget will allow in order to accommodate future upgrades of your network’s speed and bandwidth. Use the enhanced category 5 cabling—which is a variety of unshielded twisted-pair (UTP) cabling—for all copper cabling installations. If you can, install parallel vertical runs of fiber-optic cabling with copper cabling in vertical rises to allow for future expansion of your network backbone. Installing two cables at once saves costs later, even if you need only the copper cabling now.
See also cabling, premise cabling
A device for measuring the integrity and transmission characteristics of cabling. Cable testers perform various functions to test network cabling for compliance with cabling standards developed by bodies such as the Telecommunications Industry Association (TIA), the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC). Cable testers are useful to local area network (LAN) administrators, cable installers, and field service providers for testing and certifying cabling installations as compliant with these standards.
                      
                     
Graphic C-3. Cable tester.
How It Works
Cable testers come in a variety of forms, ranging from handheld to briefcase size. They are generally divided between those used for testing fiber-optic cabling and those used for testing copper cabling. Different testers have different capabilities, but their general function is to measure various electrical characteristics across different ranges of frequencies. Testers will typically measure some or all of the following parameters at various frequencies from 100 MHz to 350 MHz and beyond:
Attenuation, which is the decibel decrease in signal strength as a signal propagates through a physical medium
Impedance, which is the resistance to the flow of alternating current
Noise, indicated by the floor values for randomly generated electrical signals
Near-end crosstalk (NEXT), which is a decibel measurement of crosstalk taken at the end where a signal is injected
Attenuation to crosstalk ratio (ACR), which is the decibel difference between NEXT and attenuation values
PowerSum NEXT, which measures the crosstalk between a single pair of wires and all other pairs in the cable
The distance to a short or unterminated cable end, used for link-testing the continuity of circuits
TIP
Look for cable testers that can perform comprehensive and programmable sets of autotests for a variety of cable types. A good cable tester can tell you at the push of a button whether installed wiring can support different kinds of networking architectures—such as coax, 10BaseT, 100BaseT, 100BaseVG, and token ring. Cable testers should be able to store measurements taken so that they can be analyzed separately afterward. The most accurate types of cable testers for unshielded twisted-pair (UTP) cabling are those that can test and certify category 5 cabling to Level II TSB-67 compliance. An all-in-one cable tester is an invaluable tool and a good investment for the network administrator. It can make up for its cost in higher network availability.
Use a fiber-optic tester and an optoelectronic light source to test both ends of a new spool of fiber-optic cabling before beginning an installation with this cable. A good fiber-optic cable test should give you not only a pass/fail analysis of an installed cabling setup, but also quantitative values of the optical link capabilities of your wiring configuration.
See also cabling
Wires made of either copper or glass that are used to connect computers and other network components to enable them to communicate, thus forming a network of computers. Laying cables is the foundation for both creating local area networks (LANs) and connecting LANs into wide area networks (WANs). Network administrators are usually involved only in the planning and laying of LAN cabling, since WAN cabling is the responsibility of telecommunications carriers.
How It Works
There are two basic types of cabling used in LAN networking environments:
Copper cabling, which consists of insulated copper conductors that transmit signals using electrical voltages and currents. Copper cabling can be either coaxial cabling (such as thinnet or thicknet) that is used mainly in industrial environments, or the more commonly employed twisted-pair cabling. Twisted-pair cabling comes as either unshielded twisted-pair (UTP) cabling (commonly used in Ethernet or Fast Ethernet environments) or the less common shielded twisted-pair (STP) cabling (employed for token ring networks and sometimes for Gigabit Ethernet installations). Copper cabling is mainly used for shorter cable runs such as horizontal cable runs between wiring closets and wall plates in work areas, for patch cables, and for equipment interconnects.
Fiber-optic cabling, which is made of glass strands that transmit signals as light waves or pulses. Fiber-optic cabling can be either single-mode, which is used for the longest cable runs, or multimode, which has a much higher carrying capacity. Fiber-optic cabling is generally used for backbone cable runs such as vertical rises in buildings and building-to-building interconnects on a campus, for high-speed interconnects between networking devices in a wiring closet, and for connections to high-speed servers and workstations.
NOTE
The Telecommunications Industry Association (TIA) and Electronic Industries Alliance (EIA) have defined a series of standards on proper layout and organization of premise cabling called the EIA/TIA wiring standards. Cabling installed in a building must meet all legal requirements, including federal and local building regulations. Do not attempt to wire a building unless you are fully familiar with the required regulations. The EIA/TIA-568A Commercial Building Telecommunication Cabling Standard specifies standards for each of the following:
Establishing wiring closets on each floor of the building to contain rack-mounted equipment such as hubs, switches, and patch panels
Running vertical backbone plenum cabling through building risers and building plenums, for connecting wiring closets to the main equipment room
Running horizontal PVC (polyvinyl chloride) cabling for each floor through false ceilings
Connecting the patch panels in the wiring closet to wall plates in computer work areas
Specialized cables—such as serial, parallel, or SCSI cables—are used to connect peripherals, and therefore do not serve the same purpose as the cables just discussed. Serial cables and other special purpose cables are generally very short and are not permanently installed. Cabling for a LAN must be installed according to the standards described in the previous list. Not all networks use physical cabling. Wireless networks can use infrared, microwave, radio, or some other form of electromagnetic radiation to allow networking components to communicate with each other.
TIP
Choosing the right kind of cabling at the beginning of an installation can save considerable expense when networking equipment is later upgraded for higher transmission speeds.
See also copper cabling, fiber-optic cabling, premise cabling
A digital certificate, also called a root certificate, that can be used to verify the identity of a certificate authority (CA). The CA certificate contains the identification information and public key for the certificate authority it identifies. A certificate authority that is part of a hierarchical public key infrastructure (PKI) receives its CA certificate from the CA directly above it in the hierarchy. A root CA at the top of a PKI hierarchy must self-sign its own certificate, in effect certifying itself.
How It Works
The CA certificate plays an important part in the workings of the Secure Sockets Layer (SSL) protocol. The public key of the CA, contained in the CA certificate, is used to validate all other digital certificates that have been issued by that CA for entities (individuals, systems, companies, and organizations). When an entity such as a Web browser (perhaps Microsoft Internet Explorer) or a Web server (perhaps Internet Information Services) requests a digital certificate from a CA, the CA certificate identifies the CA that issues the certificate.
This CA certificate is downloaded from a shared storage location at the certificate authority and installed onto the Web server or browser. Later, when the Web browser tries to access the Web server using the SSL protocol, the Web browser uses the CA certificate to validate the Web server’s certificate. Similarly, the server can use the CA certificate to validate the browser client’s certificate, if it has one.
NOTE
The digital CA certificate for a certificate authority must be kept in a location that is readily available for all servers and clients that will access it and install it on their Web browser or Web server. From this location, Web servers and Web clients that need to use the SSL protocol must obtain and install the CA certificate in their certificate stores. On Microsoft Certificate Server this location is the default Web location http://Server Name/certsrv, where Server Name is the name of the Microsoft Windows NT server on which Microsoft Certificate Server is installed.
TIP
Internet Explorer comes with the CA certificates of a number of certificate authorities preinstalled. These root certificates enable Internet Explorer to be used for SSL authentication, sending secure e-mail, and so on. If you want to use the services of a CA that does not have its CA root certificate installed in Internet Explorer, you can visit that CA’s Web site to find instructions on how to obtain their root certificate. Administrators can also use the Internet Explorer Administration Kit (IEAK) for importing and installing root certificates on Web browsers prior to installation on client machines.
See also client certificate, server certificate
A server used to speed corporate access to Web content on the Internet by caching the Web pages that users most frequently request.
How It Works
Cache servers reduce network traffic and speed up access to frequently requested content by caching that content. Pages are held in the cache until they expire. If a user requests a page that has recently been cached, the page will be retrieved from the cache server instead of from the Internet. The cache server thus stores the content closer to the users who need it, reducing overall WAN link traffic and congestion. This saves valuable bandwidth on the wide area network (WAN) connection between the company’s network and its Internet service provider (ISP).
Many firewalls and proxy servers include some form of content caching. While firewalls and proxy servers are mainly concerned with securing access between a private corporate network and an untrusted public network such as the Internet, including cache server functionality in these products enhances their overall performance.
                      
                     
Graphic C-4. Cache server.
NOTE
Dedicated cache servers are also starting to be used in high-traffic situations within the Internet backbone itself to reduce congestion of the backbone. Content caching servers can be located at ISPs and Network Access Points (NAPs) for improving the performance and responsiveness of the Internet.
TIP
Microsoft Proxy Server is both a firewall and a content caching server that provides private corporate networks with secure and efficient access to resources on the Internet. Proxy Server integrates firewall and proxy server capability with content caching to provide improvements of up to 50 percent in content access speeds.
Any mechanism for storing frequently needed information in accessible memory so that it can be quickly retrieved. Caching technologies are used in various ways by operating systems, applications, and network devices to improve performance by providing temporary storage of information that needs to be quickly accessed. Many Microsoft networking technologies support various kinds of caching, for example
The file system cache for the Microsoft Windows NT operating system, which speeds up file access from hard disk drives
Offline Files in Windows 2000, which allows users to browse network file system content when disconnected from the network
Domain Name System (DNS) cache for caching recently resolved host names on a name server, which speeds up the resolution of host names for the DNS on the Internet
Address Resolution Protocol (ARP) cache on a host connected to an IP internetwork, which is used for caching IP addresses that have recently been resolved into MAC addresses, thus speeding up network communications between hosts
Microsoft Proxy Server, which allows Web content obtained from the Internet to be cached locally for faster access and reduction of WAN link congestion
Caching of ODBC connections for improved access to Microsoft SQL Server databases for Active Server Pages (ASP) applications written for Internet Information Services (IIS)
A protocol developed by Microsoft and implemented in Microsoft Proxy Server that allows multiple proxy servers to be arrayed as a single logical cache for distributed content caching.
How It Works
Caching Array Routing Protocol (CARP) is implemented as a series of algorithms that are applied on top of Hypertext Transfer Protocol (HTTP). CARP allows a Web browser or downstream proxy server to determine exactly where in the proxy array the information for a requested Uniform Resource Locator (URL) is stored.
CARP enables proxy servers to be tracked through an array membership list that is automatically updated using a Time to Live (TTL) countdown function. This function regularly checks for active proxy servers in the array. CARP uses hash functions and combines the hash value of each requested URL with each proxy server. The URL/proxy server hash with the highest value becomes the owner of the information cached. This results in a deterministic location for all cached information in the array, which enables a Web browser or downstream proxy server to know exactly where a requested URL is locally stored, or where it will be located once it has been cached. The hash functions result in cached information being statistically distributed (load balanced) across the array. Using hashing means that massive location tables for cached information need not be maintained—the Web browser simply runs the same hashing function on the object to locate where it is cached.
CARP provides two main benefits:
It saves network bandwidth by avoiding the query messaging between proxy servers that occurs with conventional Internet Cache Protocol (ICP) networks.
It eliminates the duplication of content that occurs when proxy servers are grouped in arrays, resulting in faster response times and more efficient use of server resources.
A name server in the Domain Name System (DNS) that can resolve name lookup requests but does not maintain its own local DNS database or zone file of resource records.
How It Works
Caching-only name servers do not have their own DNS databases. Instead, they resolve name lookup requests from resolvers by making iterative queries to other name servers. Once the responses to these queries are received, they are cached by the caching-only name server, in case another resolver issues the same request within a short period of time.
A caching-only name server is not authoritative for any particular DNS domain. It can look up names that are inside or outside its own zone.
NOTE
Caching-only name servers aren’t the only kind of name server that performs caching of resolved queries. For example, primary name servers also cache name lookups that they perform. This caching generally improves the response of the primary name server to name lookup requests from resolvers. Caching-only name servers are distinguished by the fact that they perform only one function: issuing iterative queries to other name servers and then caching the results.
TIP
Caching-only name servers provide support for primary and secondary name servers in environments where name lookup traffic is heavy. Using caching-only name servers where possible also reduces the overhead of zone transfers between name servers on a network.
See also Domain Name System (DNS), name server
A company that maintains caching servers that speed the transfer of information across the Internet’s infrastructure and offers managed access to these servers for a fee.
How It Works
Many companies think that if they host their Web site at an Internet service provider (ISP) or at a major Web hosting company, the site will always be accessible from anywhere on the Internet, but this is not necessarily true. Traffic congestion can cause access to a Web server to be slow and unreliable from various parts of the Internet at various times of the day, and equipment failures (such as routes going down at Internet peering points) can make a server completely inaccessible to certain portions of the Internet until the problem is fixed. (“Peering” means two ISPs or other providers passing traffic between each others’ customers.)
One solution is to mirror (replicate) your Web server at various points around the globe so that a copy of your site is relatively close to any location on the Internet. For companies with a global presence, this is a fairly simple solution to implement, but most companies do not have the presence or the resources to implement global mirroring. A better solution might be to use the services of a caching service provider (CSP), which maintains cached copies of your Web site at various points in the Internet’s infrastructure and provides tools for managing and load balancing the content to handle traffic spikes that occur at certain times of the day or year.
CSPs maintain data centers around the world with caching server farms that have high-speed connections to the Internet’s backbone. These caching servers are usually designed to cache Web content and often support features such as content management and proxying. Caching servers can also be used within the corporate network to speed access to large, distributed corporate intranets.
See also caching
A Microsoft Windows command for displaying and modifying the access control list (ACL) of a file or folder on an NTFS volume in Windows NT and Windows 2000. The cacls command can be used for viewing and modifying the ACL of a file and is an alternative to opening the property sheet of the file using Windows Explorer. Cacls gives you more granular control over the ACL of the file than Windows Explorer, but it displays the information in a more complex fashion.
Example
The command cacls C:\pub displays the ACL of the folder C:\pub on an NTFS partition of a machine running Windows NT or Windows 2000. Typical output might be
c:\pub BUILTIN\Administrators:F BUILTIN\Administrators:(OI)(CI)(IO)F Everyone:C Everyone:(OI)(CI)(IO)C BUILTIN\Administrators:F CREATOR OWNER:(OI)(CI)(IO)F BUILTIN\Server Operators:C BUILTIN\Server Operators:(OI)(CI)(IO)C NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
For the full syntax of this command, type cacls/? at the command prompt.
TIP
Cacls can be used with the redirection symbol to save the details of an ACL in a file. The output of the command can also be redirected to a printer for a hard copy of its details.
See client access license (CAL)
An optional feature supported by the Remote Access Service (RAS) on Microsoft Windows NT servers and the Routing and Remote Access feature of Windows 2000 servers. Callback provides an extra layer of security for users dialing in to a remote access server. When callback is configured, the client software dials in to a remote access server and has the user’s credentials authenticated. The remote access server then disconnects the client and calls the client back at a prespecified phone number. Callback might be configured
To ensure that the user matches his or her credentials by verifying the telephone location
For accounting reasons; for example, to charge the phone bill to the remote access server instead of the client
NOTE
In Windows 2000, the phone number specified for callback is called the Caller ID number.
TIP
Windows NT remote access servers configured for callback will call the dial-in client back after a preconfigured time interval of 12 seconds. This callback interval can be modified by editing the registry. See Microsoft TechNet information on callback for more details.
                      
                     
Graphic C-5. Callback.
See also Remote Access Service (RAS)
A protocol that is part of Microsoft’s implementation of the Point-to-Point Protocol (PPP). The Callback Control Protocol (CBCP) makes it possible for a PPP server to call back the remote dial-in client to complete initiation of a PPP dial-up session. Callback is a useful security feature for ensuring that dial-in clients are authentic.
How It Works
The CBCP is used during the third phase of establishing a PPP connection. After the PPP link is established using the Link Control Protocol (LCP) and the user’s credentials are authenticated using Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) or some other authentication protocol supported by the client, the network access server (NAS) at the PPP service provider can optionally initiate a PPP callback control phase, provided that callback is configured on the server. The NAS and the PPP clients both disconnect from the PPP link, and the NAS calls the client back using the specified callback phone number. If the client responds, the link is reestablished; no further authentication is needed, and compatible network protocols are negotiated so that data transmission can begin.
CBCP is supported by the Remote Access Service (RAS) for Microsoft Windows NT.
TIP
Use CBCP as an extra layer of remote access security to secure corporate networks based on Windows NT. If Windows 95 or Windows 98 clients have trouble connecting to Windows NT remote access servers when CBCP is configured on the servers, try checking the ppplog.txt file on the Windows 95 or Windows 98 clients.
See carrierless amplitude and phase modulation (CAP)
A collection of frames gathered from network traffic. You can use packet-sniffing software such as Network Monitor (which is included in Microsoft Systems Management Server and in a simplified form in Microsoft Windows NT and Windows 2000) for capturing all kinds of traffic on the network. This captured traffic is displayed in the capture window as a variety of statistics and details about the nature of the traffic. Additional windows can display details about individual packets that have been captured.
Capturing network traffic is a common troubleshooting technique on enterprise-level networks. Captures can show whether services such as Dynamic Host Configuration Protocol (DHCP), Windows Internet Name Service (WINS), Domain Name System (DNS), and other common network services are performing properly. Captures can also isolate servers that are generating excessive network traffic because of failed hardware. Captures can even be used to detect unauthorized traffic initiated by malicious hackers and disgruntled employees, and to profile network traffic for planning purposes.
See also capture window, Network Monitor
In Microsoft Network Monitor, the window that displays the statistics about the frames being captured on a network. The capture window displays four kinds of real-time statistics concerning the traffic that an administrator captures using Network Monitor:
Graph statistics: A graphical representation of current network activity that shows the percent of network utilization, frames captured per second, bytes captured per second, and broadcasts or multicasts captured per second
Session statistics: Information about current sessions between computers on the network, showing which hosts have sent packets to each other
Station statistics: Information about various stations involved in sending or receiving packets, showing how many of each type of packet they have sent or received
Total statistics: Summary statistics about network activity since the capture began, showing the number of frames, bytes, frames dropped, and so on during the capture
                              
                             
Graphic C-6. Capture window.
TIP
You can toggle these various window panes on and off during a capture to focus on statistics of interest.
See also Network Monitor
See Caching Array Routing Protocol (CARP)
A telephone or telecommunications company that provides different kinds of telecommunication services to its users or subscribers. A carrier is a provider of any kind of telecommunication service that can make use of the customer premises telephone connections. These services include voice transmission, data transmission over analog modems, Integrated Services Digital Network (ISDN), Asymmetric Digital Subscriber Line (ADSL), frame relay, and anything else the carrier’s equipment supports. There are two kinds of carriers:
A local exchange carrier (LEC) is a local telephone company that provides access to both local and long-distance telephone services through the local loop connecting the telco’s central office (CO) with the customer premises. In the United States, LECs are either local phone companies or Regional Bell Operating Companies (RBOCs).
An inter-exchange carrier (IXC) is a company that provides long-distance services only. IXCs own their own telecommunication facilities and provide long-distance services between LECs located in different toll-free areas. Examples include AT&T, MCIWorldCom, and Sprint.
See also telecommunications services
A line coding scheme in which data is modulated using a single carrier frequency for transmission over a phone line. The transmission is considered “carrierless” because the carrier is suppressed before transmission and is reconstructed at the receiver. Carrierless amplitude and phase modulation (CAP) is algorithmically similar to the quadrature amplitude modulation (QAM) line coding scheme, which encodes bits as discrete phase and amplitude changes but has different transmission characteristics.
TIP
Some competitive local exchange carriers (CLECs) deploy Asymmetric Digital Subscriber Line (ADSL) using CAP as the encoding method, but results of some independent tests suggest that CAP-encoded ADSL lines might cause spectral interference with proximate T1 lines and Integrated Services Digital Network (ISDN) circuits, resulting in bit errors that can reduce throughput. However, these tests might be misleading because of the limited number of ADSL circuits currently deployed by CLECs. Check with your carrier before signing up for ADSL services to get the latest information about this issue.
Such interference is not a problem with Symmetric Digital Subscriber Line (SDSL) technologies, which use the 2B1Q encoding scheme. Furthermore, ADSL deployed by incumbent local exchange carriers (ILECs) uses discrete multitone (DMT) technology, which doesn’t produce the same degree of spectral interference as CAP. Competitive local exchange carriers generally do not use DMT for ADSL because they must deal with the copper local loop, which effectively supports DMT only about half the time but can support CAP about 85 percent of the time. Furthermore, DMT has been adopted as the standard for ADSL by both the American National Standards Institute (ANSI) and the International Telecommunication Union (ITU).
A type of media access control method for placing signals on baseband transmission networks. Since baseband networks can carry only one data signal at a time, there must be some way of controlling which station has access to the media at any given time. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is one such control method.
How It Works
In networking technologies that use CSMA/CA as their access method, stations announce their intention to transmit before they actually transmit their data onto the network media. Each station “listens” constantly to the wire for these announcements, and if it hears one, it avoids transmitting its own data. In other words, on a CSMA/CA network, stations try to avoid collisions with signals generated from other stations. The extra signaling generated by CSMA/CA makes it a slower access method than the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method used in Ethernet networking.
NOTE
CSMA/CA is the standard access method for AppleTalk networks based on LocalTalk. LocalTalk is a legacy network media technology that specifies the proprietary cabling components of the original AppleTalk networking architecture. LocalTalk uses a bus topology or tree topology that supports up to 32 stations on a network.
See also media access control method
A type of media access control method for placing signals on baseband transmission networks. Since baseband networks can carry only one data signal at a time, there must be some way of controlling which station has access to the media at any given time. Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is one such control method.
How It Works
In networking technologies that use CSMA/CD as their access method, a station first “listens” to the network media to make sure there is no signal already present from another station before it tries to place its own signal on the media. If a carrier signal is detected on the media, which indicates that a station is currently transmitting a signal, no other station can initiate a transmission until the carrier stops. If no carrier is detected, any station can transmit a signal.
If two stations listen to the wire and detect no carrier signal, they may both decide to send signals simultaneously. If this happens, a collision occurs between the two signals generated. Next, both stations detect the collision and stop transmitting their signals immediately, sending out a jamming signal that informs all other stations on the network that a collision has occurred and that they should not transmit. Meanwhile, the two stations whose signals created the collision cease transmitting and wait random intervals of time (usually a few milliseconds) before attempting to retransmit.
CSMA/CD is known as a contention method because computers contend for the chance to transmit data onto the network media. CSMA/CD is the standard access method for Ethernet networks. This method has two main drawbacks:
Only a relatively small number of computers can exist within any one collision domain. More computers will produce more collisions and slow overall network traffic.
CSMA/CD is not reliable beyond a distance of 1.5 miles (2500 meters) because of signal attenuation.
NOTE
The designation CSMA/CD derives from the following:
CS means that stations first s ense a c arrier present on the media before transmitting their own signals.
MA means that m ultiple stations can a ccess the network media.
CD means that if a c ollision is d etected because of multiple simultaneous transmission of signals, the stations that are transmitting signals stop, and then retransmit a short time later.
See also media access control method
An alternating electromagnetic signal with a steady frequency upon which information is superimposed by some form of modulation. The specific frequency at which the carrier signal runs is called the carrier frequency and is measured in hertz (Hz). The modulation of the carrier signal enables information such as voice or data traffic to be integrated into the carrier signal. The carrier signal thus “carries” the voice or data information using modulation technologies.
The type of modulation used in digital communication systems depends upon whether the underlying carrier signal is analog or digital. For example, in digital radio or microwave communication, some form of digital-analog modulation, such as frequency-shift keying (FSK), is used to impose the digital (binary) information on the analog carrier wave. On the other hand, in Ethernet networking, a digital-digital encoding scheme called Manchester coding is used to enable the digital signal to carry binary 1s and 0s.
NOTE
In Ethernet networks, the carrier signal plays an important role in the media access control method that Ethernet uses, namely the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method.
See star topology
A standard from the World Wide Web Consortium (W3C) that gives Web developers more control over how the pages of a Web site will look when displayed on a Web browser. The cascading style sheets (CSS) standard gives Web developers control over design elements such as fonts and font sizes, and allows two-dimensional overlapping and exact positioning of page elements. The CSS standard also makes it easier to globally change the style and appearance of a Web site.
How It Works
Traditionally, Hypertext Markup Language (HTML) was designed for logical communication of linked information without much regard for its style or format, and was not designed to provide a high degree of control over how that information is laid out on a page. Using CSS, a Web developer can control the appearance of an entire Web site, or a portion of it, using a single HTML page called a style sheet. These style sheets define the functions of different HTML tags on your site’s Web pages and allow you to make global changes to your site’s style by changing a single entry on a style sheet. Web pages then link to style sheets using a <LINK> tag.
For example, you can use a style sheet to define the <H1> tag as representing green, 18-point, Arial font text, and you can then apply this style to the entire site or a portion of it. Cascading style sheets involve the operation of several levels of style sheets that provide control over how an element on an HTML document is placed. CSS applies these settings in the following order:
The STYLE attribute in the object’s tag
The STYLE element between the <TITLE> and <BODY> tags that specifies the style sheet to be used
The settings of the browser accessing the page and its default style sheet
On the Web
•
W3C standard for CSS 2 : http://www.w3c.org/Style
See category 5 cabling
The top-level organizational structure in Microsoft Index Server, containing the master index and other persistent indexes. The Index Server catalog is located by default in the directory %systemdrive%\inetpub\catalog.wci, but this can be overridden during installation. Index Server is included in the Microsoft Windows NT Option Pack (and the Windows 2000 Server CD) and is usually installed along with Internet Information Server (IIS) in Windows NT 4.0 or Internet Information Services in Windows 2000 to support the indexing of Web content for IIS.
If you are hosting more than one virtual server on an IIS machine, and these virtual servers represent different companies, you might want to create multiple catalogs for Index Server, one for each virtual server. Each catalog will then be used for indexing a specific virtual server, and queries based on a catalog will return only results for content on the associated virtual server.
NOTE
An Index Server query can span only one catalog at a time, so don’t create multiple catalogs unless you want to completely separate the indexing of their documents—for example, if you are hosting Web sites for multiple companies on your server.
TIP
The maximum size of the index for Index Server is 40 percent of the size of the documents being indexed (the corpus), so it is important when installing Index Server to locate the catalog on a drive with sufficient free space. For example, if you will be indexing 10 GB of documents, you will need about 4 GB of space for locating your catalog.
The lowest grade of unshielded twisted-pair (UTP) cabling. Category 1 cabling was designed to support analog voice communication only. Category 1 cabling was used prior to 1983 for wiring installations of analog telephone systems, otherwise known as the Plain Old Telephone Service (POTS). The electrical characteristics of category 1 cabling make it unsuitable for networking purposes, and it is never installed as premise wiring. Instead, all premise wiring must use either category 3 cabling, category 4 cabling, or category 5 cabling, with category 5 or enhanced category 5 cabling preferred for all new installations.
See also cabling, premise cabling
The second-lowest grade of unshielded twisted-pair (UTP) cabling. Category 2 cabling was designed to support digital voice and data communication. Category 2 cabling was capable of data transmissions up to 4 Mbps. It was used primarily in the installation of premise wiring for legacy Token Ring networks from IBM. The electrical characteristics of category 2 cabling make it unsuitable for most networking purposes today, thus it is no longer installed as premise wiring. Instead, all premise wiring today must use only category 3 cabling, category 4 cabling, or category 5 cabling, with category 5 or enhanced category 5 cabling preferred for all new installations.
See also cabling, premise cabling
The third-lowest grade of unshielded twisted-pair (UTP) cabling. Category 3 cabling was designed to support digital voice and data communication at speeds up to 10 Mbps. It uses 24-gauge copper wires in a configuration of four twisted-pairs enclosed in a protective insulating sheath. Category 3 cabling is the lowest grade of UTP cabling that can support standard 10BaseT types of Ethernet networks and was often used for legacy 4-Mbps Token Ring installations.
Category 3 cabling still has an installed base in older buildings where it is often cheaper to use the existing cabling than to upgrade to newer grades. Installing higher-grade cabling for backbone cabling in vertical rises and elevator shafts can extend the life of work areas that still use category 3 cabling. However, if greater speeds are required at users’ workstations, the best solution is to rewire the work areas using category 5 cabling or enhanced category 5 cabling.
NOTE
The following table summarizes the electrical characteristics of category 3 cabling at different frequencies, which correspond to different data transmission speeds. Note that attenuation increases with frequency, while near-end crosstalk (NEXT) decreases.
Category 3 Cabling Characteristics
| Characteristic | Value at 10 MHz | Value at 16 MHz | 
| Attenuation | 27 decibels/1000 feet | 36 decibels/1000 feet | 
| NEXT | 26 decibels/1000 feet | 23 decibels/1000 feet | 
| Resistance | 28.6 ohms/1000 feet | 28.6 ohms/1000 feet | 
| Impedance | 100 ohms ( 15%) | 100 ohms ( 15%) | 
| Capacitance | 18 pF/feet | 18 pF/feet | 
See also cabling, premise cabling
The second-highest grade of unshielded twisted-pair (UTP) cabling. Category 4 cabling was designed to support digital voice and data communication at speeds up to 16 Mbps. It uses 22-gauge or 24-gauge copper wires in a configuration of four twisted-pairs enclosed in a protective insulating sheath. Category 4 cabling can support standard 10BaseT types of Ethernet networks. It was also commonly used in older 16-Mbps Token Ring installations.
Category 4 cabling still has an installed base in older buildings where it is often cheaper to use the existing cabling than to upgrade to newer grades. Installing higher-grade cabling for backbone cabling in vertical rises and elevator shafts can extend the life of work areas that still use category 4 cabling. However, if greater speeds are required at users’ workstations, the best solution is to rewire the work areas using category 5 cabling or enhanced category 5 cabling.
NOTE
The following table summarizes the electrical characteristics of category 4 cabling at different frequencies, which correspond to different data transmission speeds. Note that attenuation increases with frequency, while near-end crosstalk (NEXT) decreases.
Category 4 Cabling Characteristics
| Characteristic | Value at 10 MHz | Value at 20 MHz | 
| Attenuation | 20 decibels/1000 feet | 31 decibels/1000 feet | 
| NEXT | 41 decibels/1000 feet | 36 decibels/1000 feet | 
| Resistance | 28.6 ohms/1000 feet | 28.6 ohms/1000 feet | 
| Impedance | 100 ohms ( 15%) | 100 ohms ( 15%) | 
| Capacitance | 18 pF/feet | 18 pF/feet | 
See also cabling, premise cabling
The highest and most commonly used grade of unshielded twisted-pair (UTP) cabling in networking today. Category 5 cabling was designed to support digital voice and data communication at speeds up to 100 Mbps. It uses 22-gauge or 24-gauge copper wires in a configuration of four twisted-pairs enclosed in a protective insulating sheath. Category 5 cabling is the standard grade of UTP cabling for networks such as
The standard 10BaseT variety of Ethernet
Fast Ethernet networks of the 100BaseTX variety
Category 5 cabling is always recommended for new installations of premise cabling and for upgrading existing premise wiring for higher-speed networks, because of its superior electrical characteristics. It is the highest grade of UTP cabling currently recognized by the Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA), although proposals there have made for higher category 6 and category 7 grades. Many vendors offer an enhanced category 5 cabling grade with electrical characteristics exceeding those of standard category 5. Enhanced category 5 cabling supports data transmission up to frequencies of 350 MHz, and new standards are under development to allow even higher data transmission frequencies.
NOTE
The following table summarizes the electrical characteristics of category 5 cabling at different frequencies, which correspond to different data transmission speeds. Note that attenuation increases with frequency, while near-end crosstalk (NEXT) decreases.
Category 5 Cabling Characteristics
| Characteristic | Value at 10 MHz | Value at 100 MHz | 
| Attenuation | 20 decibels/1000 feet | 67 decibels/1000 feet | 
| NEXT | 47 decibels/1000 feet | 32 decibels/1000 feet | 
| Resistance | 28.6 ohms/1000 feet | 28.6 ohms/1000 feet | 
| Impedance | 100 ohms ( 15%) | 100 ohms ( 15%) | 
| Capacitance | 18 pF/ft. | 18 pF/ft. | 
TIP
Category 5 cabling is usually referred to simply as “CAT5.” UTP cables using CAT5 should be no more than 90 meters in length for typical Ethernet and Fast Ethernet installations, and patch cords should be no longer than 10 meters.
See also cabling, enhanced category 5 cabling, premise cabling
See Callback Control Protocol (CBCP)
See Copper Distributed Data Interface (CDDI)
See Common Desktop Environment (CDE)
See Channel Definition Format (CDF)
Text files used for creating Active Channels, Active Desktop items, and channel screen savers for managed webcasting of content to users’ desktops. CDF files are based on the Channel Definition Format (CDF) standard. CDF files provide a mechanism for allowing users to select the content they want to download from a Web site, and they let administrators schedule content for delivery to users’ desktops.
How It Works
CDF files are used to convert existing Web sites into Active Channels without the need to change the existing site in any way. You simply create a CDF file using a text editor such as Microsoft Notepad and include it in your site. This will allow the content of the site to be webcast to users’ browsers. The CDF file must be saved with the extension .cdf, and a link on your site should point to this file so that users can subscribe to the channel.
A typical CDF file defines a channel hierarchy for the different Web sites making up the Active Channel. This channel hierarchy contains a table of contents for webcasting the content and consists of a top-level channel, subchannels, and actual content items (Web pages). The simplest format for a CDF file is a list of Uniform Resource Locators (URLs) that point to specific Web pages in the site. More advanced CDF files can contain information such as
A map of the hierarchical structure of the URLs in the Web site
Logical groupings of different content items within a site that can differ from the observable link structure of the site itself
The title of each referenced Web page and a brief abstract of its contents
Information controlling the scheduling of content updates
The syntax of advanced CDF file items is based on the Extensible Markup Language (XML), an open specification that provides extensibility to standard Hypertext Markup Language (HTML) files. More than one CDF file can be created for a site, allowing users to subscribe to information in different fashions. For example, a news site can have separate CDF files for news, sports, and weather subscriptions.
NOTE
For specific information on the syntax of CDF files and how to create them, refer to the Microsoft Internet Client SDK.
TIP
Channels in Active Channel enable personalized delivery of Web content using Web applications designed for Internet Information Server (IIS) for Windows NT (Internet Information Services for Windows 2000). Active Server Pages (ASP) can be used for dynamically generating personalized CDF files for users. Cookies can also be used for dynamically generating customized CDF files for users. These CDF files can be customized on the basis of preferences that a user specifies on an HTML form prior to subscribing to the channel.
See also Channel Definition Format (CDF)
A file system designed for Microsoft Windows 95 that supports the reading of compact discs. A CD file system (CDFS) provides the same kind of file and directory management for CD-ROM devices that the file allocation table (FAT) or NTFS file systems do for hard disks. CDFS is also implemented on the Windows 98, Windows NT, and Windows 2000 platforms.
How It Works
On Windows 95 and Windows 98, CDFS uses a 32-bit protected-mode driver that supports the ISO 9660 CD file system standards. This 32-bit driver replaces the 16-bit real-mode MSCDEX driver that was used in the legacy 16-bit Windows and MS-DOS operating system platforms. In Windows 95 and Windows 98, the file system driver that supports CDFS is called cdfs.vxd, while in Windows NT and Windows 2000, it is called cdfs.sys. CDFS is optimized for reading compact discs that have a standard data block size of 2048 bytes (2 KB). The implementation of CDFS includes a dynamic, protected-mode cache pool for caching CD-ROM data to improve read performance. This allows CDFS to read ahead to ensure that playback of multimedia content from CDs is smooth and seamless.
NOTE
CDFS on Windows NT, Windows 2000, Windows 95 OSR2, and Windows 98 includes a number of enhancements over the original version of CDFS for Windows 95, such as
CD-XA support for optimized reading of MPEG video CDs having larger block sizes of 2352 bytes.
Auto-Run, which allows applications on CDs to start immediately when the CD is inserted into the drive. To do this, the operating system reads the autorun.inf file that is stored in the root of the directory structure on the CD.
TIP
Using Services for Macintosh, you can create a Macintosh-accessible volume on a CDFS volume by following the same steps you would use to make an NTFS volume accessible to Macintosh clients. Of course, the CDFS volume has one difference: it is read-only.
See CD file system (CDFS)
See Code Division Multiple Access (CDMA)
A proposed hardware upgrade for the existing Code Division Multiple Access (CDMA) cellular telephone system. CDMA2000 was developed by the Telecommunications Industry Association (TIA) and is part of the International Mobile Telecommunications-2000 (IMT-2000) initiative of the International Telecommunication Union (ITU). CDMA2000 boosts the bandwidth of existing CDMA cellular systems to 2 Mbps. Another common name for this system is 3G 3X.
The existing interim standard for CDMA is IS-95a, commonly called CDMAone (the brand name used by the vendor consortium called the CDMA Development Group). This standard has approximately 30 million users in the United States and Asia and competes with Time Division Multiple Access (TDMA) systems such as the Global System for Mobile Communications (GSM), with 150 million users worldwide; Digital Advanced Mobile Phone Service (D-AMPS), with 15 million users in the United States; and Personal Digital Cellular (PDC), with 45 million users in Japan. Since the CDMA upgrade includes only a small portion of the overall wireless communication market, the IMT-2000 initiative also includes proposed upgrades to TDMA systems. A competing upgrade for TDMA systems is General Packet Radio Service (GPRS), which is closer to implementation than CDMA2000 and might therefore win more support than CDMA2000.
NOTE
The term “3G 1X” is used to describe a CDMA2000 system that uses the existing IS-94a base stations. This configuration limits transmission speeds to 144 Kbps. The CDMA Development Group promotes its implementation of the ANSI IS-95c standard as an alternative upgrade path from CDMAone. This implementation is commonly known as high data rate (HDR) and involves a hardware upgrade that gives users up to 10 aggregated 14.4-Kbps channels, but few vendors support this proposal because of the IMT-2000 initiative.
On the Web
•
CDMA Development Group : http://www.cdg.org
See also cellular phone technology, Code Division Multiple Access (CDMA)
See Collaboration Data Objects (CDO)
See Cellular Digital Packet Data (CDPD)
Stands for Consumer DSL, a broadband transmission technology based on Digital Subscriber Line (DSL) technology. CDSL was developed by Rockwell and is a slower technology than the more common DSL variant called Asymmetric Digital Subscriber Line (ADSL). CDSL provides data rates of about 1 Mbps downstream (about 128 Kbps upstream) to the customer premises over standard Plain Old Telephone Service (POTS) local loop wiring.
However, CDSL has the advantage of not requiring installation of a splitter at the customer premises. CDSL can operate only at distances of up to 18,000 feet from the telco’s central office (CO).
See also Digital Subscriber Line (DSL)
A 53-byte packet of data, the standard packet size used by Asynchronous Transfer Mode (ATM) communication technologies. Cells are to ATM technologies what frames are to Ethernet networking. In other words, they form the smallest element of data for transmission over the network.
                      
                     
Graphic C-7. Cell in ATM.
How It Works
ATM cells are standardized at a fixed-length size of 53 bytes to enable faster switching than is possible on networks using variable-packet sizes (such as Ethernet). It is much easier to design a device to quickly switch a fixed-length packet than to design a device to switch a variable-length packet. (Switching a fixed-length packet is easier because the device knows in advance the exact length of the packet and can anticipate the exact moment at which the last portion of the packet will be received. With variable-length packets, the device must examine each packet for length information.) Using fixed-length cells also makes it possible to control and allocate ATM bandwidth more effectively, making support for different quality of service (QoS) levels for ATM possible.
The functions of information stored in the 5-byte header of an ATM cell include the following:
Providing information about the physical layer transmission method being used
Providing flow control to enable a steady flow of cell traffic and to reduce cell jitter
Specifying virtual path or channel identification numbers so that multiplexed cells belonging to the same ATM connection can be distinguished from cells belonging to other ATM connections, and so that cells can be switched to their intended destination
Specifying the nature of the payload contained in the cell—that is, whether it contains actual user data or ATM cell-management information
Specifying the priority of the cell to determine whether the cell can be dropped in congested traffic conditions
Providing error checking by means of an 8-bit field containing cyclical redundancy check (CRC) information for the header itself
There are two kinds of header formats used in ATM cells:
User-Network Interface (UNI) format: Used for communication between end nodes and an ATM network
Network-Node Interface (NNI) format: Used within the ATM network itself after the cell has been multiplexed for transmission over its virtual path
NOTE
Why a 48-byte data payload for ATM cells? This is the result of a trade-off between larger 64-byte payloads that contain more data but take longer to package and unpackage—and are therefore not suitable for real-time transmissions such as voice or multimedia—and shorter 32-byte payloads that provide better real-time transmission but are inefficient for larger amounts of data. By compromising at a 48-byte payload size, ATM has good transmission capabilities for both voice and data communication, providing efficient packet transfer with low latency.
In wireless communication technologies, the geographical region that is covered by a transmission facility. The term “cell” is most often used in reference to cellular phone technology, but it can also be used in reference to the coverage areas for transmission of cordless telephones, satellite transmissions, wireless local area networks (LANs), packet radio, and paging technologies.
How It Works
Cells range in size from a few dozen meters to thousands of kilometers in diameter, depending on the technology being used, the power of the transmission station, and the terrain topography. The following table summarizes typical cell size ranges for different wireless communication technologies. These figures are only approximate because wireless technologies are constantly evolving.
Satellite-based systems have by far the largest cell sizes and are rapidly increasing in popularity. Cellular phone technologies in rural areas typically use cells with a radius of 10 to 50 kilometers, while cells in urban areas range in size from 1 to 10 kilometers. For highly dense urban areas, cell sizes as small as 100 meters can be used, especially in high-tier Personal Communications Devices (PCD) cellular technologies.
Cell Radius Measures by Technology
| Wireless Technology | Cell Radius | 
| Wireless LANs | 10 to 100 meters | 
| Cellular telephone | 0.1 to 50 kilometers | 
| PCD | 0.1 to 1 kilometer | 
| Satellite-based | 1000 kilometers or more | 
NOTE
When a mobile caller using a cell phone passes from one cell to another, the cellular phone system transfers the call to the system servicing the adjacent cell, a process called roaming.
See also cellular phone technology, wireless networking
A specification for overlaying digital data transmissions on the existing circuit-switched analog cellular phone service. This phone service is called the Advanced Mobile Phone Service (AMPS). Cellular Digital Packet Data (CDPD) was developed by IBM (along with a consortium of Regional Bell Operating Companies) and other organizations to leverage the existing installed base of AMPS cellular equipment in the United States to provide low-cost, packet-switched data services. CDPD was first offered in 1994 by Bell Atlantic Mobile.
How It Works
CDPD makes use of idle times between calls in cellular phone network channels for interleaving packets of digital data. In other words, CDPD makes use of the “bursty” nature of typical voice transmission on the AMPS cellular system. Voice communication has gaps or pauses where packet data can be inserted and transmitted without interfering with the communication taking place between customers.
Although CDPD supports data transmission rates of 19.2 Kbps and higher, actual data throughput is usually around 9.6 Kbps. This is because of the large overhead added by CDPD to each data block transmitted. This overhead is designed to ensure that communications are reliable and to maintain synchronization between the modems at each end of the transmission. In addition, a color code is added to every data block to detect interference resulting from transmissions on the same channel from neighboring cell sites.
CDPD uses the Reed-Solomon forward-error-correcting code to encode each block or burst of data sent, and includes built-in RC4 encryption to ensure security and privacy of the transmitted data. CDPD is also based on the industry standard Internet Protocol (IP), allowing data to be transmitted to and from the Internet.
A typical implementation of CDPD consists of three components:
Mobile-End System (M-ES): A user device such as a laptop equipped with a cellular modem. This system communicates in full-duplex mode with a Mobile Data Base Station (MDBS) using the Digital Sense Multiple Access protocol, which prevents collisions of data streams from multiple Mobile-End Systems.
Mobile Data Base Station (MDBS): A telco device for receiving and transmitting CDPD data.
Mobile Data Intermediate System (MDIS): Provides the central control for a CDPD network.
CDPD is typically used to provide wireless access to public packet-switched networks such as the Internet so that mobile users can access their e-mail and other services. Multiple users can share the same channel; the user’s modem determines which packets are destined for the user’s machine. CDPD also supports IP multicasting and is an open standard based on the Open Systems Interconnection (OSI) reference model for networking.
On the Web
•
CDPD Forum : http://www.cdpd.org
See also cellular phone technology, wireless networking
A general term for a series of different technologies that enable cell-based wireless communication. A variety of different cellular phone technologies have evolved in recent years through the efforts of different vendors and standards organizations. This evolution is expected to continue as technologies mature and develop.
How It Works
The first generation of cellular phone systems were analog, with the Advanced Mobile Phone Service (AMPS) achieving widespread implementation in the United States in the 1980s. Analog cellular phone systems use frequency modulation for voice transmission and frequency-shift keying (FSK) for transmission of signaling information. Channel access is provided by the Frequency Division Multiple Access (FDMA) media access method.
Digital cellular technologies developed in the 1990s, and different competing systems have evolved, including
Time Division Multiple Access digital cellular, which uses Time Division Multiple Access (TDMA) as its media access method. TDMA supports both analog and digital transmission in a dual-mode configuration.
Code Division Multiple Access digital cellular, which uses Code Division Multiple Access (CDMA) as its media access method. CDMA is more complex than TDMA, but it is more efficient in its utilization of the frequency spectrum.
Global System for Mobile Communications (GSM), a popular digital cellular phone technology used in Europe and parts of Asia. GSM uses Time Division Multiple Access (TDMA) as its media access method.
Personal Communications Services (PCS), a set of multitier technologies that evolved from cordless telephony technologies. PCS systems use smaller cell sizes than other cellular technologies.
                      
                     
Graphic C-8. Cellular phone technology.
Common to all cellular phone technologies is the concept of the cell in wireless communication. Cellular technologies divide their geographical coverage zone into a series of smaller areas called cells that are each serviced by a transmission station. These stations are implemented in a distributed fashion to provide an overlapping series of cells that ensure all portions of a geographical region are serviced. Channels are then allocated to cells in such a way that no two adjacent cells use the same group of channels. Repeating patterns of cells are then used to optimize coverage while maintaining the maximum number of available channels per cell. For example, if you travel in a certain direction, every third cell might utilize the same set of frequencies.
When a mobile client is in one of the cells, he or she can receive and transmit information to the station servicing that cell. When the client moves to a different cell during a conversation, the new cell’s station seamlessly assumes communication with the client. One of the advantages of this system over the use of a single high-powered transmission station is that the client equipment (cell phone) itself does not need to be very powerful, which saves on size and cost.
Other aspects of designing a cellular phone technology include
Choice of modulation techniques
Signal-encoding methods
Error-detection and error-correction methods
Security-coding methods
Multiplexing methods for creating different channels from available bandwidth
NOTE
With the advent of cellular modems for mobile users, knowledge of cellular phone technologies is becoming an important aspect of wide area network (WAN) connectivity for the networking professional.
The main switching facility for a telco, providing access to the Plain Old Telephone Service (POTS), leased lines, and circuit-switched services that the telco offers to customers. The central office (CO) contains the switching equipment that connects telephone subscribers to both local and long-distance phone services. Subscribers are connected to their local CO through a segment of wiring called the local loop. In countries other than the United States, a CO is often referred to as a public exchange.
How It Works
A typical CO looks like a fortress built to withstand an earthquake or any other natural disaster. Building standards for COs are high because of the importance of the communications infrastructure to a nation’s economic health and safety. Banks of batteries and diesel generators provide backup power in case of blackouts so that phone communication will not be disrupted.
Multitudes of twisted-pair copper telephone lines from customer premises usually enter the building through the underground cable vault. These twisted-pair lines are grouped into bundles of thousands of lines, forming large cables 3 to 4 inches in diameter. The cables have grounding mesh to provide a drain for unwanted electrical surges and tough PVC (polyvinyl chloride) insulating jackets that are pressurized to prevent water from seeping in at cable junctions. Steel racks organize these cables as they enter the cable vault.
From the vault, the cables snake their way to the main cross-connect grid. It is in these steel-frame grids that all the individual twisted-pairs fan out and connect through feeders to the main switching equipment. The importance of the feeders is that they allow any incoming twisted-pair line to connect to virtually any switching bank. This makes it possible for customers to move to a different part of the city and maintain their old telephone number at their new location. It also allows for redundancy: if a switch fails, a CO technician can rewire the feeder blocks quickly and easily. The main switches are then used to route calls to other local subscribers or to a long-distance telecommunications carrier such as AT&T or MCI WorldCom.
An acronym for Central Office Exchange Service, a business telephone service provided by local telcos. By using a Centrex instead of a Private Branch Exchange (PBX), a business can eliminate the necessity of having its own dedicated switching facilities at its customer premises. Centrex also eliminates the need for customers to upgrade to expensive new telephones, since existing telephone lines and touch tone phones can be used with it. This frees the customer from the need to invest in the cost and management of customer premises equipment (CPE).
How It Works
Centrex services partition the switching capabilities of the telco’s central office (CO) equipment and allow a portion of these capabilities to be dedicated to a particular customer. In essence, the business customer is leasing dedicated switching facilities at the CO to enable a large number of employee telephones to be routed through a few telephone lines. All routing of calls to individual employee telephones takes place using the Centrex. Configuration changes can be performed at the CO instead of requiring technicians to visit the customer premises. This can save the cost of installing a local PBX at the customer premises.
Centrex can handle advanced communication features such as internal call handling, inbound and outbound call handling, and multiparty calling. Each individual connected can have customized calling features just as they can with a PBX. Maintenance is entirely the responsibility of the telco central office, which provides around-the-clock support.
NOTE
Some carriers such as Pacific Bell also offer Integrated Services Digital Network (ISDN) as a Centrex service in addition to standard business ISDN lines.
See digital certificate
A Web-based tool for administering Microsoft Certificate Server, which is included with the Microsoft Windows NT Option Pack and, as Certificate Services, with Windows 2000. The Certificate Administration Log Utility allows administrators to manage digital certificates and certificate revocation lists (CRLs) stored in the server log. Management of digital certificates and revocation lists is an essential component of a public key infrastructure (PKI). Certificate server administrators can use this tool to
View a list of all or filtered subsets of issued or revoked certificates, in either list or form view
View the details of individual certificates stored in the log
Revoke a certificate that is no longer considered secure
See also Certificate Administration Queue Utility, certificate authority (CA), Microsoft Certificate Server
A Web-based tool for administering Microsoft Certificate Server, which is included with the Microsoft Windows NT Option Pack (and with Windows 2000 as Certificate Services). The Certificate Administration Queue Utility is used to display and manage the server queue. The server queue contains the PKCS #10 requests submitted to Microsoft Certificate Server for issuing standard X.509 format digital certificates. Issuing and managing digital certificates is an essential part of a public key infrastructure (PKI) for secure networking based on public key cryptography methods.
How It Works
For example, suppose you want to obtain and install a certificate for a Web site or virtual server on an Internet Information Server (IIS) version 4 server. Using the Key Manager component of Internet Services Manager, you first create a new key pair along with a certificate request file. The certificate request file is then enrolled using the certificate server administration Web page. The Certificate Administration Queue Utility can be used by the certificate server administrator to display details of the submitted certificate request—such as its serial number, when it was submitted, and the current disposition of the request. Using this tool, you can view a list of all or filtered subsets of received certificate requests, or view the details of individual certificate requests.
See also Certificate Administration Log Utility, certificate authority (CA), Microsoft Certificate Server
Any entity (individual, department, company, or organization) that issues digital certificates to verify the identity of users, applications, or organizations. Before issuing a digital certificate to someone, the certificate authority (CA) must verify the user’s identity according to a strictly established policy, which can involve face-to-face communication, examination of a driver’s license with photograph, or another method of establishing a user’s identity. Once the user’s identity has been verified, the certificate is issued to the user. This certificate can then be presented by the user as a “digital driver’s license” to identify himself or herself during network transactions.
How It Works
CAs can be trusted third parties such as the private companies VeriSign, Inc., CyberTrust, and Nortel; or they can be established within your own organization using Microsoft Certificate Server. CAs can be stand-alone authorities with their own self-signed certificates (that is, they validate their own identity as a root CA), or they can be part of a hierarchy in which each CA is certified by the trusted CA above it (up to a root CA, which must always be self-certified).
For digital certificates to work as an identification scheme, both client and server programs must trust the CA. In other words, when a client program presents a certificate to a server program, the server program must be able to validate that the certificate was issued by a valid and trusted CA. Certificate authorities also maintain a certificate revocation list (CRL) of revoked certificates. Certificates issued by CAs expire after a specified period of time.
Certificate authorities are necessary for the functioning of a public key infrastructure (PKI), which is essential to the widespread acceptance and success of any public key cryptography system. Microsoft Windows 2000 can use standard X.509 digital certificates to authenticate connections across unsecured networks such as the Internet and to provide single sign-on using smart card authentication systems.
NOTE
Microsoft Certificate Server, a component of the Windows NT Option Pack (and of Windows 2000, as Certificate Services), is a tool that can be used for issuing, managing, and revoking digital certificates within your enterprise, without the need for third-party CAs.
On the Web
•
VeriSign, Inc. : http://www.verisign.com
•
CyberTrust : http://www.cybertrust.gte.com
•
Nortel : http://www.nortelnetworks.com
See also Microsoft Certificate Server, public key infrastructure (PKI)
A snap-in tool for Microsoft Management Console (MMC) in Microsoft Windows 2000 that allows issuing and managing digital certificates for public key cryptography. Certificate Manager can perform functions such as
Adding or removing certificate templates to allow different types of certificates to be issued
Revoking certificates and publishing a certificate revocation list (CRL)
Backing up and restoring the certificate information database
Starting and stopping Certificate Services
Certificate Manager can be used to either store issued certificates locally or publish them to Windows 2000 Active Directory. Publishing certificates to Active Directory enables users and groups with appropriate permissions to access certificates as needed.
A feature of Internet Information Server (IIS) version 4 that allows mapping between user accounts and digital certificates. This is useful when an organization issues client certificates to users. Client certificates are digital certificates that verify the identity of client software (Web browsers) belonging to users. Client certificates are often used in situations in which mobile clients using laptops require secure access to a corporate intranet site.
How It Works
Before users can be granted remote access to the corporate intranet, they must be authenticated by the Web server they are connecting to. IIS supports four kinds of Web authentication mechanisms:
Anonymous access: Allows anonymous users access to Web sites—such as public sites on the Internet.
Basic Authentication: Passes a user’s credentials over the network as clear text. Although this mechanism is not very secure, it has the advantage of being able to work through a firewall or a proxy server.
Windows NT Challenge/Response Authentication (called Integrated Windows Authentication in Windows 2000): A secure authentication method that does not actually pass the user’s credentials over the network but uses a cryptographic exchange instead. The only Web browser that supports this authentication method is Microsoft Internet Explorer. This method cannot work through a firewall or a proxy server.
Certificate mapping: Uses the Secure Sockets Layer (SSL) protocol to authenticate users by examining the contents of their client certificate in order to log them on to the network without requiring them to enter their credentials.
Client certificates provide verification of identity, while certificate mapping associates a user’s account with the user’s client certificate and permits the user to log on to the network. The user typically utilizes a Web browser with SSL protocol to connect to a secure company Web site. The company Web server checks the Web browser’s client certificate. If the certificate is valid, the user is automatically logged on using his or her user account without ever having to enter credentials, and can access whatever intranet resources for which the account has permissions.
NOTE
Certificate mapping is also supported by Active Directory in the Windows 2000 operating system. The Active Directory Users and Computers administrative tool can be used for this purpose.
TIP
IIS allows two kinds of client certificate mappings:
One-to-one mappings between user accounts and client certificates on the user’s browser. This type of mapping is typically used to allow users secure access to corporate intranet resources; for example, to view or modify their employee information.
One-to-many mappings of several client certificates to a single user account. One-to-many mappings have the advantage of permitting administrators to allow a single certificate (issued by a specific organization to a particular user account) to be used to grant all users access to the corporate intranet. For example, an agency that provides your company with temps can assign the same client certificate to all temps who share one user account on your company’s network.
A file containing an entity’s identification information and public key that is submitted to a certificate authority (CA) in order to obtain a digital certificate. A certificate request file is a text file encoded using Base64 encoding. This text file is generated by an application in response to the entity’s request for a key pair and digital certificate. The entity here refers to the individual, system, company, or organization requesting the certificate. The certificate request is then submitted to a CA to obtain a digital certificate for the entity.
The Key Manager utility in Internet Services Manager (the utility used to manage Internet Information Services) can be used to generate a key pair and a standard PKCS #10 format certificate request file. The certificate request file is a simple text file that can be viewed with Microsoft Notepad. If this file is submitted to a public certificate authority, such as VeriSign, Inc., or to the company’s own certificate authority, such as Microsoft Certificate Server, a standard X.509 format digital certificate will be granted in return.
See also Microsoft Certificate Server
A list, maintained by a certificate authority (CA), of digital certificates that have been issued and then later revoked. A certificate revocation list (CRL) is similar to lists of revoked credit card numbers that credit card companies used to give to vendors. The certificate authority makes the CRL publicly available so that users can determine the validity of any digital certificate presented to them.
Creating and maintaining a CRL is an essential ingredient in running a public key infrastructure (PKI) to support public key cryptography systems. Microsoft Certificate Server includes a Web-based utility called the Certificate Administration Log Utility that can be used to revoke certificates and maintain a CRL.
See also public key cryptography, public key infrastructure (PKI)
See Microsoft Certificate Server
An education-delivery company such as a school or training center that is qualified by Microsoft for the delivery of Microsoft Official Curriculum (MOC) courseware. Certified Technical Education Centers (CTECs) are one of Microsoft’s main channels for training on Microsoft products and technologies. CTECs can deliver training in a variety of forms, including instructor-led, self-paced, customized, and online training. CTECs are one of the ways that Microsoft contributes to solutions addressing the shortage of skilled IT professionals worldwide.
Network professionals who want to become familiar with Microsoft operating systems, applications, and development platforms can take MOC courses offered by CTECs at various locations around the world. Microsoft CTECs are also a source for the best in self-paced training materials on Microsoft products and services.
On the Web
•
Microsoft CTEC home page : http://www.microsoft.com/ctec
See Common Gateway Interface (CGI)
An encrypted authentication scheme in which the unencrypted password is not transmitted over the network. Challenge Handshake Authentication Protocol (CHAP) is one of several authentication schemes used by the Point-to-Point Protocol (PPP), a serial transmission protocol for wide area network (WAN) connections. Other authentication schemes supported by PPP include Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP), and Microsoft Challenge Handshake Authentication Protocol (MS-CHAP). PAP is a widely implemented authentication protocol, but CHAP is more secure than PAP because CHAP encrypts the transmitted password, while PAP does not. SPAP and MS-CHAP are vendor-specific implementations.
How It Works
A typical CHAP session during the PPP authentication process works something like this:
A client connects to a network access server (NAS) and requests authentication.
The server challenges the client by sending a session ID and an arbitrary string.
The client uses the MD5 one-way hashing algorithm and sends the server the username, along with an encrypted form of the server’s challenge, session ID, and client password.
A session is established between the client and the server.
To guard against replay attacks, the challenge string is chosen arbitrarily for each authentication attempt. To protect against remote client impersonation, CHAP sends repeated, random interval challenges to the client to maintain the session.
NOTE
CHAP is supported by the Remote Access Service (RAS) on Microsoft Windows NT and the Routing and Remote Access feature of Windows 2000 as a way to allow non-Microsoft clients to dial in and receive authentication for a RAS session, and to allow Microsoft RAS clients to connect to any industry-standard PPP server.
A type of telecommunications equipment that allows multiple analog signals to be transmitted over a single digital connection. Channel banks are typically located at the telco’s central office (CO) and support the digital switching functions of the Public Switched Telephone Network (PSTN).
How It Works
A channel bank interfaces with the wires of the local loop connection that carry the phone signals from the customer premises to the telco’s CO. The channel bank combines the analog signals using a technique called multiplexing, which allows multiple signals to be combined for transmission over a single line. The channel bank also includes circuits for converting the analog signals to digital signals using pulse code modulation (PCM) techniques. The resulting digital signal format conforms to the standard 64-Kbps DS0 (Digital Signal Zero) format. The signals can then be routed through the digital switching backbone of the PSTN as necessary.
NOTE
Channel bank equipment can also be installed at customer premises for larger enterprises.
A component of Microsoft Internet Explorer version 4 that displays the available user-subscribed Active Channels. Active Channels provide a way of webcasting information to subscribers using Microsoft’s Channel Definition Format (CDF) technology.
How It Works
When Internet Explorer is first installed on a user’s machine, a selection of preloaded channels is stored in the channel bar according to the country preference the user specified during installation. These channels are stored by default in C:\Windows\Favorites\Channels on a computer running Microsoft Windows 95 or Windows 98 and in C:\Winnt\Profiles\<user> \Favorites\Channels on a computer running Windows NT. When a user subscribes to a channel, a small red gleam appears next to the icon representing the channel. This gleam indicates that new content has been downloaded and is available for browsing.
NOTE
Administrators who plan to deliver and install Internet Explorer on users’ machines can use the Internet Explorer Administration Kit (IEAK) to customize the users’ set of startup channels. Administrators can thus use the channel bar to deliver important information to users through the company’s intranet site.
See also Channel Definition Format (CDF)
An open standard created by Microsoft for Microsoft Internet Explorer version 4 (and proposed as a standard to the World Wide Web Consortium) that defines a “smart pull” technology for webcasting information to users’ desktops. Based on the Extensible Markup Language (XML), Channel Definition Format (CDF) lets administrators create Active Channels for delivery of content through the users’ Web browser, and Active Desktop elements and channel screen savers for delivery directly to the users’ desktops. Channel content can be personalized, and delivery can be scheduled according to users’ needs and preferences. Using CDF also reduces server load and allows delivery of just the needed content, instead of requiring users to download large quantities of unnecessary content.
How It Works
Let’s consider the delivery of Web content to the user’s browser using Active Channels. A Web site can be made into an Active Channel through the addition of a CDF file. The CDF file is a simple text file that is formatted using XML. It forms a kind of table of contents of the logical subset of the Web site that comprises the Active Channel. A link is then created to the CDF file on the Web site. The user clicks the link to subscribe to the Active Channel and download the CDF file. The Active Channel then appears on the channel bar on the user’s desktop. The content for the channel is downloaded to a cache on the user’s system. Channel updates are accomplished by scheduled Web crawls, using either the publisher’s predefined schedule or a user’s customized one. Users can also receive updates to channels by e-mail.
Some of the advantages of using CDF for the distribution of Web information to users include
Simplicity: Turning an existing Web site into a channel merely involves creating a CDF file with a text editor and creating a hyperlink to this file.
Structure: CDF describes how to logically group information in a hierarchical structure, independent of the content format.
Personalization: Standard Hypertext Transfer Protocol (HTTP) cookies can be used to deliver personalized information to users.
Administrator control: The administrator can control how much of the site can be downloaded by users.
User control: The user can use CDF to specify which portions of a site to download to his or her browser, instead of pulling a lot of content off the site and hoping that it contains the needed information.
NOTE
CDF is not true webcasting in the sense of Internet Protocol (IP) multicasting because it is a “pull” technology. True webcasting is supported by Microsoft NetShow for delivery of content using IP multicasting.
The delivery method in Active Channel, a technology for Microsoft Internet Explorer that allows Web content to be “webcast” to users. Channels deliver content to users’ Web browsers. The content is displayed as ordinary Web pages and can be viewed off line. Channels are delivered to users by way of Microsoft’s Channel Definition Format (CDF) technology. Channels can contain Hypertext Markup Language (HTML); Microsoft ActiveX controls; Microsoft Visual Basic Scripting Edition (VBScript); Java applets; and other dynamic Web elements. The channels that a user has subscribed to are listed as part of his or her channel bar.
See also Channel Definition Format (CDF)
In Microsoft NetShow, a mechanism that supplies clients with information needed to receive and render Advanced Streaming Format (ASF) streams. The channel specifies the multicast address and port number the clients should listen to in order to receive the stream. The channel also specifies the data types and formats in the stream, enabling the client to correctly render the stream. NetShow saves channel information as files with the extension .nsc. A NetShow channel is analogous to a television channel or a radio frequency: if a NetShow client is tuned to a channel at the right time, the client receives streaming information sent by the NetShow server.
NetShow channels also support additional features such as
Roll over to unicast: If clients cannot receive a multicast, you can configure the channel so that they automatically receive a unicast of the same program.
Stream distribution: On corporate TCP/IP networks whose routers do not support multicasting, one NetShow server can distribute a stream to other NetShow servers that are each located on separate local area network (LAN) segments. These secondary servers can then multicast to clients on their own LAN segment.
NOTE
NetShow supports channels only when using ASF streams.
A form of screen saver supported by Microsoft Internet Explorer version 4. Channel screen savers are Hypertext Markup Language (HTML) pages that can include such dynamic elements as Microsoft ActiveX controls; Microsoft Visual Basic Scripting Edition (VBScript); Java applets; and so on. Channel screen savers are delivered to users through Web sites using Microsoft’s Channel Definition Format (CDF). If multiple channel screen savers have been downloaded to the user’s desktop, the user’s system cycles through by default, displaying a new one every 30 seconds.
When a channel screen saver is being displayed, the user can still use the mouse to interact with objects on the screen without causing the screen saver to disappear. For example, if the channel screen saver contains a hyperlink, the user can click the hyperlink to open a new Web browser window, which causes the screen saver to disappear. If a user clicks on a section of the screen saver that is not a hyperlink, the screen saver closes, revealing the items on the user’s desktop.
See also Channel Definition Format (CDF)
A digital communication device that is used to connect a digital line to a digital device. Channel Service Units (CSUs) can be used to link local area networks (LANs) into a wide area network (WAN) using telecommunications carrier services such as
Digital data service (DDS)
T-carrier services such as a T1 line
Frame relay links
How It Works
The CSU is used to terminate the end of the digital telecommunications line located at the customer premises. It terminates on the customer premises end with a data terminal equipment (DTE) device such as a router, switch, multiplexer (MUX), or dedicated server. The connection to a DTE is typically an RS-232 or a V.35 serial transmission interface. The service provider interface of the CSU must connect to a Data Service Unit (DSU), which is a data communications equipment (DCE) device responsible for converting signals into a format suitable for transmission over the digital communications line, and for creating and maintaining the connection.
                      
                     
Graphic C-9. Channel Service Unit (CSU).
Typically, the telecommunications service provider will lease the CSU to the customer, having preconfigured it for the type of communications to be supported. CSUs typically include remote diagnostic capabilities, such as remote loop testing and even Simple Network Management Protocol (SNMP) features that allow the unit to be monitored by the service provider.
NOTE
Currently, CSUs are usually combined with DSUs to create a single device called a CSU/DSU (Channel Service Unit/Data Service Unit). Dedicated stand-alone CSUs are typically used only for interfacing with installed customer premises telecommunications equipment that contains integrated DSUs. This installed equipment could be a channel bank, Private Branch Exchange (PBX), T1 multiplexer, or some other device.
See also Channel Service Unit/Data Service Unit (CSU/DSU)
A digital communications device that combines the functions of both a Channel Service Unit (CSU) and a Data Service Unit (DSU). These devices lie between the telephone company network and the customer network at the demarcation point and are the local interfaces between the data terminal equipment (DTE) at the customer premises and the telco’s digital communications line (such as a T1 line).
How It Works
CSU/DSUs essentially function as the digital counterpart to analog modems. They are typically external units that look similar to an external modem, but they can also come in sizes that can be mounted in a rack. Unlike analog modems, CSU/DSUs do not perform signal conversion because the signal at both ends is already digital. CSU/DSUs package digital data into a format suitable for the particular digital transmission line they are servicing, and buffer and rate-adapt digital signals going to and from the telephone company network. CSU/DSUs ensure that data frames are properly formed and timed for the telephone company network and provide a protective barrier to electrical disturbances that can harm customer premises equipment (CPE).
                      
                     
Graphic C-10. Channel Service Unit/Data Service Unit (CSU/DSU).
Digital lines usually terminate at customer premises with four-wire connections having various connector types, including RJ-45, four-screw terminal blocks, and M-block connectors (used for V.35 interfaces). The four-wire connection is joined to the appropriate connector on the CSU/DSU. The CSU/DSU typically adjusts itself to the line speed of the digital data service (DDS) line using an autosensing feature. The customer’s CSU/DSU then connects directly to the customer’s router, and from there connects to the customer’s network.
At the other end of the DDS line at the central office (CO), the telco has a similar CSU that interfaces with a multiplexer to feed into the carrier’s backbone network.
TIP
When purchasing CSU/DSUs, consider first the traffic requirements of your wide area network (WAN) link and make sure they support the full range of data rates for the DDS lines you plan to use (56 K, 64 K, or T1 speed).
See Challenge Handshake Authentication Protocol (CHAP)
An accessory in Microsoft Windows NT and Windows 2000 (winchat.exe) for communicating with text in real time with other users on the network. Chat is an interactive tool that displays each character as it receives it. Chat supports text-based communication over a Windows network only, and is not intended as a tool for Internet Relay Chat (IRC).
                      
                     
Graphic C-11. The version in Windows NT.
The generic term “chat” describes any system that supports text-based communication over a network for logged-in users. Such a system typically includes a display that shows text as another user types it.
How It Works
Chat consists of a window with two panes, one for the message you type and one for messages you receive. A user dials another user by specifying the name of the other user’s computer. A chat window then opens on the receiver’s computer. Once the receiver answers, the text that one user types in the left or upper pane immediately appears in the right or lower pane on the other user’s chat window.
NOTE
The Windows NT and Windows 2000 Chat utility requires that the Network Dynamic Data Exchange (DDE) service and related services be running on the participating computers. In Windows NT, use the Services applet in Control Panel, and in Windows 2000, use the Services item in Computer Management to set the startup configuration of this service.
In Microsoft Windows NT and Windows 2000, a built-in utility for checking for errors on a hard disk volume. To access this utility, open the Properties dialog box of the volume you want in Windows Explorer or My Computer, select the Tools tab, and click the Check Now button. This displays the Check Disk dialog box, which has two options:
Automatically correct any file system errors that are found.
Scan the disk volume for bad sectors and repair those found.
                      
                     
Graphic C-12. The utility in Windows NT.
NOTE
All files must be closed on the volume for Check Disk to attempt to correct errors. If files are open, you will be prompted to schedule Check Disk to run at the next system restart. If Check Disk is run on an NTFS volume, bad clusters will automatically be replaced and all file transactions will be logged.
A domain in a domain tree in Microsoft Windows 2000 whose Domain Name System (DNS) name is a subdomain of a parent domain. For example, if the name of the parent or company domain is microsoft.com, some typical names of child domains might include dev.microsoft.com, marketing.microsoft.com, and support.microsoft.com.
NOTE
New child domains can be created using the Active Directory Installation Wizard. A child domain must be created in an existing domain tree, since creating a new tree automatically creates a new parent domain. A two-way transitive trust exists between a parent domain and its child domains.
See also Active Directory, domain tree
A utility used in Microsoft Windows for locating, reporting, and correcting file system errors on disks. There are versions of chkdsk for all Windows platforms as well as for MS-DOS. The versions for Windows NT and Windows 2000 can be used on both file allocation table (FAT) and NTFS volumes. The syntax for the command can be displayed by typing chkdsk/? at the command prompt.
Example
Typing chkdsk c: tells the computer to check the C drive. Note that using the /f switch will force chkdsk to attempt to repair file system errors. The chkdsk command will attempt to lock the disk first, but if the errors are associated with open files, chkdsk will be scheduled to run at the next reboot.
NOTE
The chkntfs command is a different command that is included in Windows NT 4 (Service Pack 2 or later) and Windows 2000. It allows administrators to exclude specific volumes from having chkdsk /f performed on them by the autochk.exe program after an unexpected reboot.
TIP
Running chkdsk /f can result in data loss if chkdsk cannot repair the volume. Either back up your volumes before running chkdsk, or use scandisk instead.
See classless interdomain routing (CIDR)
See Common Internet File System (CIFS)
See Common Information Model (CIM)
A path between two points over which an electrical signal can pass. In telecommunications, a circuit is a path over which voice, data, or other analog or digital signals can pass. A physical circuit is a collection of wires or cables that are connected with switches or other devices; it can be thought of as a straight line between the two endpoints.
For an electrical signal to actually flow between two points in a circuit, the circuit must be closed—that is, there must be a return path for the current. Two basic types of circuits are used in serial transmission for telecommunications technologies:
Balanced circuits, such as those based on the RS-422 interface, use a separate signal path and return path, with two separate wires.
Unbalanced circuits, such as those based on the RS-232 interface, use a single signal path, adding ground to complete the circuit.
Balanced circuits typically support higher data transmission rates because they are less susceptible to noise caused by electromagnetic interference (EMI) than unbalanced circuits.
                      
                     
Graphic C-13. Circuit.
NOTE
A typical serial interface such as RS-232 includes specifications for a number of different types of circuits, including data circuits, control circuits, timing circuits, secondary circuits, and ground connections.
See also circuit-switched services, virtual circuit
Any service or server that provides proxy services using a specially installed component on the client computer to form a circuit between the proxy server and the client computer. Circuit layer proxies support a wider variety of protocols than application layer proxies.
Microsoft Proxy Server version 2 is a product that combines firewall and proxy server functions and has two Microsoft Windows NT services for providing circuit-level proxy functions:
The Winsock Proxy Service enables Windows Sockets clients such as Microsoft NetShow Player, RealAudio, and Internet Relay Chat (IRC) to function as if they are directly connected to the Internet. The Winsock Proxy Service provides Windows NT Challenge/Response Authentication with clients, regardless of whether the clients support it, and supports Windows Sockets version 1.1–compatible applications on computers running Windows. The Winsock Proxy Service can control access by port number, protocol, and user or group. Ports can be enabled or disabled for specific users or groups, and the list of users that can initiate outbound connections on a given port can differ from the list of users that can listen for inbound connections on that port.
The SOCKS Proxy Service includes support for the SOCKS 4.3a protocol. The SOCKS Proxy Service provides support for Macintosh-based and UNIX-based client computers, while the Winsock Proxy Service supports only Windows-based computers. SOCKS uses Transmission Control Protocol (TCP) and can be used to control access to the Telnet, File Transfer Protocol (FTP), Gopher, and Hypertext Transfer Protocol (HTTP) protocols. The SOCKS Proxy Service does not support RealAudio, streaming video, or NetShow clients.
See also application layer proxy
A type of firewall that provides session-level control over network traffic. Similar in operation to packet filtering routers, circuit-level gateways operate at a higher layer of the Open Systems Interconnection (OSI) reference model protocol stack.
How It Works
Circuit-level gateways are host-based and reside on individual clients and servers inside the network, rather than on a dedicated machine as they do with other types of firewalls. Circuit-level gateways examine incoming Internet Protocol (IP) packets at the session level—Transmission Control Protocol (TCP) or User Datagram Protocol (UDP)—and act as relays by handing off incoming packets to other hosts. Circuit-level gateways are rarely used as a stand-alone firewall solution; instead, they are typically used in combination with application layer proxy services and packet filtering features in dedicated firewall applications.
Microsoft Proxy Server combines the features of packet filtering, circuit-level gateways, and application layer proxy to provide a full firewall solution for protecting your corporate network. Proxy Server supports both the SOCKS protocol, which provides nontransparent circuit-level gateway security, and the Winsock Proxy, which provides transparent circuit-level gateway security.
See also firewall, proxy server
A telecommunications service provided to businesses by telcos and long-distance carriers. “Circuit-switched services” is an umbrella term describing any service that provides switched connections between a consumer and a provider. The telephone system is an example of a circuit-switched service. Circuit-switched services are temporary circuits only, and can be compared with leased lines, which use dedicated switches.
How It Works
With circuit-switched services, a new switched circuit must be established each time one local area network (LAN) attempts to connect to a remote LAN. Different switches can be used for each attempt, depending on availability and traffic, so the quality of services can vary between connections. Your LAN is connected through bridges, routers, modems, and terminal adapters to the telco’s central office (CO), which sets up switches on demand to connect you to your destination LAN. When you disconnect the wide area network (WAN) link, the switches are freed up for other purposes.
                      
                     
Graphic C-14. Circuit-switched services.
One advantage of circuit-switched services is that they are generally less expensive than leased lines. This is because switches are not dedicated to your network like leased lines are, and can therefore be used for other purposes when you are not using them. The cost for circuit-switched services is usually based on usage.
Another advantage of circuit-switched services is that you are not restricted to a single destination as you are with leased lines; you can dial up any destination that supports services similar to yours. However, dial-up or connection times vary with the technology used. For example, analog modems might take 10 to 20 seconds to establish a connection, while an Integrated Services Digital Network (ISDN) terminal adapter might take only 1 to 2 seconds. This latency interval tends to make circuit-switched lines unsuitable for dedicated services, such as those used for connecting company Web servers to the Internet.
Another disadvantage of circuit-switched services is that the quality can differ substantially between connections, because each circuit is a temporary connection that can exist along different paths, switches, and communication devices.
TIP
Circuit-switched services are often used as backup lines for more expensive leased lines. For example, if your more expensive T1 line fails, you can switch to a dial-up ISDN line (if it comes from a different provider). You should monitor your network usage with circuit-switched services because when a certain usage level is reached, leased lines become economically preferable.
See also leased line, packet-switching services
A feature of Microsoft Exchange Server whereby transaction logs can be overwritten when full. Circular logging lowers disk space usage but reduces the chances of successfully recovering from a system crash.
How It Works
Exchange Server databases, such as the directory database and information store, maintain special log files called transaction log files. These log files improve the performance and fault tolerance of the databases, and help track and maintain changes made to them. Transactions are immediately written both to the log files and to memory, and only afterward to the database files. Transaction logs are normally kept on a different drive from the database files to ensure fault tolerance in case of a disaster that causes data loss, such as a crashed disk or a power failure.
When circular logging is enabled, only a few transaction log files are maintained, and these are overwritten when they become full. This prevents log files from continually building up, which saves disk space. However, circular logging has the disadvantage of allowing you to perform only full backups, rather than incremental or differential ones, because you can restore information only up to the last full backup.
TIP
Do not use circular logging if data recoverability is of high importance to your mail system, which is almost always the case with e-mail. Circular logging is enabled by default. You should always disable it and ensure that you have enough free disk space to hold the transaction files. The only reasons you might want to enable circular logging would be if you run low on disk space or if your server is being used for noncritical data only, such as a public news server.
More precisely called “object class,” a logical grouping of objects within Active Directory in Microsoft Windows 2000. Objects are organized within Active Directory by their classes. Examples of object classes can include users, groups, computers, domains, and organizational units (OUs). Each class of objects has its own defining properties or attributes, as laid out in the Active Directory schema. Grouping objects logically into classes makes it easier to find and access these resources on the network.
TIP
Active Directory comes with predefined object classes. You can create additional classes or modify existing ones using the Active Directory Schema.
See also Active Directory, object in Active Directory
A way of displaying the desktop and its contents that was first used in Microsoft Windows 95. The classic desktop presents users with a graphical user interface (GUI) that allows icons, shortcuts, files, and folders to be placed on it. These desktop items provide a simple way for users to launch and access frequently used programs and network resources. The Start menu provides another tool for launching programs and accessing resources. The taskbar displays the programs currently running and the windows-to-network resources that are open.
The choice of GUI for users’ client computers can make a big difference in employee productivity. The following are two factors involved in determining whether network administrators should maintain the classic desktop or upgrade to the newer Active Desktop included with Microsoft Internet Explorer beginning with version 4:
The cost of introducing users to the new desktop paradigm
The necessity for tight integration among the desktop, the corporate network, and the Internet
                      
                     
Graphic C-15. Classic desktop.
A routing system used by routers and gateways on the backbone of the Internet for routing packets. Classless interdomain routing (CIDR) is a more efficient routing mechanism than the original method of segregating network IP addresses into classes named class A, class B, and class C. The reason for CIDR is that while class A networks support large numbers of network nodes, there are not enough class A network IDs to go around. Similarly, while many class C network IDs are available, many companies require more than the 254 IP addresses available on a class C network, but not nearly as many as the 65,534 IP addresses available on a class B network.
CIDR replaces the old class method of allocating 8, 16, or 24 bits to the network ID, and instead allows any number of contiguous bits in the IP address to be allocated as the network ID. For example, if a company needs a few thousand IP addresses for its network, it can allocate 11 or 12 bits of the address for the network ID instead of 8 bits for a class C (which wouldn’t work because you would need to use several class C networks) or 16 bits for class B (which is wasteful).
How It Works
CIDR assigns a numerical prefix to each IP address. For example, a typical destination IP address using CIDR might be 177.67.5.44/13. The prefix 13 indicates that the first 13 bits of the IP address identify the network, while the remaining 32 - 13 = 19 bits identify the host. The prefix helps to identify the Internet destination gateway or group of gateways to which the packet will be forwarded. Prefixes vary in size, with longer prefixes indicating more specific destinations. Routers use the longest possible prefix in their routing tables when determining how to forward each packet. CIDR enables packets to be sent to groups of networks instead of to individual networks, which considerably simplifies the complex routing tables of the Internet’s backbone routers.
NOTE
CIDR is not used extensively in private networks because most networks are hidden behind firewalls and can use any arbitrary block of IP addresses, such as the 10.x.y.z block allocated by Internet Network Information Center (InterNIC) for general, private use. Instead, CIDR comes into its own on the Internet backbone to facilitate routing. CIDR is defined in Request for Comments (RFC) 1519.
See also Border Gateway Protocol (BGP)
The process of sending data over a network in an unencrypted form. By using a packet sniffer or software such as Network Monitor, anyone who can capture clear-text packets can read the information within them. Clear-text authentication methods are sometimes the best choice in a heterogeneous network environment where users running different operating system platforms need to access resources on network servers. For example, UNIX clients that need to access an Internet Information Services (IIS) machine using a Web browser will need to be authenticated using a clear-text method called Basic Authentication.
NOTE
Basic Authentication is usually described as clear-text authentication, but in actuality, Basic Authentication weakly encrypts data using the well-known uuencoding algorithm. This algorithm is in the public domain and can easily be decrypted by knowledgeable users.
The standard AppleTalk protocol uses clear-text authentication for allowing Macintosh clients to access shared folders on Macintosh file servers using AppleShare.
A workstation or computer, usually belonging to a single user, as opposed to a server, which is shared by many users. Planning the hardware, software, configuration, deployment, and maintenance of clients is as important to the network administrator as the other server-related activities.
Choice of a client operating system depends on various considerations. For example, in determining whether to install Microsoft Windows 98 or Windows NT Workstation on client computers, users should consider the following:
Both client operating systems, in conjunction with Microsoft Internet Explorer versions 4 and later, offer the same desktop configuration options, similar utilities, and similar support for features such as user profiles, hardware profiles, and system policies.
Windows NT Workstation will provide client machines with better performance, greater reliability, and more robust security, but it has higher hardware requirements than Windows 98.
Windows 98 supports a broader range of devices and legacy software applications, and includes power-management support—making it a better solution for mobile users.
NOTE
In configuring clients to operate on a network, appropriate software must be installed on each client to allow it to access servers on the network. For example, to access Windows NT and Windows 2000 servers, client machines require Microsoft client software such as Client for Microsoft Networks. To access Novell NetWare servers, client machines require NetWare-compatible clients, such as Client for NetWare Networks.
A license that grants a client machine access to a Microsoft BackOffice product running on a network of computers. Every client computer on a network, regardless of whether it is running a Microsoft or non-Microsoft operating system, requires a client access license (CAL) if it will be accessing any of the following Microsoft Windows NT or Windows 2000 services:
File services, for accessing shared files and folders on a server
Print services, for accessing shared network printers
Remote Access Service (RAS) or Routing and Remote Access Service (RRAS)
File and Print Services for NetWare (FPNW)
File and Print Services for Macintosh (FSM)
Microsoft Transaction Server (MTS) and Microsoft Message Queue (MSMQ) Server access
Windows NT Terminal Server functionality
Client access licenses can operate in one of two modes:
Per Server licensing, which is based on concurrency of access to network resources
Per Seat licensing, which is the more commonly implemented solution and is supported by all BackOffice applications
See also licensing mode
A digital certificate obtained for a client application (such as a Web browser) that can be used by the client to digitally sign data it transmits. Client certificates can be used to enable client machine authentication for the purpose of secure communication over the Internet using the Secure Sockets Layer (SSL) protocol.
How It Works
A client obtains a certificate from a certificate authority (CA) by submitting a certificate request file. The CA responds by issuing a client certificate, which contains the client’s identification information in encrypted form, along with the client’s public key. The client certificate must then be installed on the client’s Web browser. Microsoft Internet Explorer can import client certificates into the browser’s certificate store using the Personal button on the Content tab of the Internet Options dialog box. Administrators can also use the Internet Explorer Administration Kit (IEAK) for preconfiguring client certificates prior to installation on user computers.
                      
                     
Graphic C-16. Importing a client certificate in the Internet Explorer Properties dialog box.
In SSL communication, a Web server can validate the identity of a client using the certificate installed on the client. With Internet Information Server (IIS) version 4, client certificates can be mapped to Microsoft Windows NT user accounts by way of a process called certificate mapping. (Windows 2000 supports a similar feature in its Internet Information Services.) Certificate mapping makes it easier for administrators to control access to content located on the Web server.
TIP
Use client certificates when it is important for servers to validate the identity of clients—for example, when your enterprise includes mobile users with laptops who need to remotely and securely access the company’s intranet server using Internet Explorer.
See also public key cryptography
A Microsoft Windows 95, Windows 98, and Windows 2000 networking component that makes it possible to access file and print services on Windows 95, Windows 98, Windows NT, Windows 2000, Windows for Workgroups, and LAN Manager dedicated servers and peer servers. Client for Microsoft Networks works with any combination of NetBEUI, IPX/SPX-Compatible Protocol, and TCP/IP protocols. Client for Microsoft Networks cannot be used for accessing non-Microsoft servers such as Novell NetWare servers. You must install Client for NetWare Networks to access these servers. Windows 95 and Windows 98 allow you to install more than one client at a time to access different kinds of servers on the network.
How It Works
Use the Network utility in Control Panel to install Client for Microsoft Networks on a computer running Windows 95 or Windows 98. Then use the property sheet of Client for Microsoft Networks to configure the computer to either participate in a workgroup or log on to a Windows NT or Windows 2000 domain.
NOTE
In Windows NT, the equivalent component is called the Workstation service, but in Windows 2000, the component is Client for Microsoft Networks, as in Windows 95 and Windows 98.
A Microsoft Windows 95, Windows 98, and Windows 2000 networking component that makes it possible to access file and print services on Novell NetWare servers. Client for NetWare Networks requires that the IPX/SPX-Compatible Protocol be installed. Client for NetWare Networks cannot be used for accessing Microsoft servers such as Windows NT Server and Windows 2000. You must install Client for Microsoft Networks to access these servers. Windows 95 and Windows 98 allow you to install more than one client at a time to access different kinds of servers on the network.
How It Works
Use the Network utility in Control Panel to install Client for NetWare Networks on a computer running Windows 95 or Windows 98. Then use the property sheet of Client for NetWare Networks to configure the preferred NetWare server, to select the first drive letter to use for mapping network drives from NetWare command-line utilities, and to enable processing of logon scripts on the preferred server.
NOTE
Client for NetWare Networks can connect to NetWare 3 and earlier servers, or NetWare 4 servers running in bindery emulation mode. If you want to use Client for NetWare Networks to connect to a NetWare 4 server running Novell Directory Services (NDS), you must also install Service for NetWare Directory Services on the Windows 95 or Windows 98 client. This service is available with Windows 95 OSR2 or Service Pack 1 for Windows 95, and is included with Windows 98.
TIP
Before installing Client for NetWare Networks on a computer running Windows 95 or Windows 98, make sure you remove any real-mode NetWare requestor software running on the machine, such as NETX or VLM.
A shared directory on a network file server to which users on your network can connect to install client software locally on their client computers. Creating a client installation is the first step in preparing to install software over the network.
How It Works
To create a client installation point, create a directory on a server and share the folder with full permissions for administrators and read-only permissions for ordinary users. Either copy the installation files for the software from the CD to the shared directory, or run the setup program using a special switch to copy the files so that they can be used for network installation—for example, to uncompress the cabinet files on the CD. Users can then connect to the shared directory, run the setup program, and complete the installation process.
A distributed application consisting of a server portion (back end), where most of the processing and storage is performed, and a client portion (front end) that provides a user interface.
How It Works
In the client/server model, an application is split into a front-end client component and a back-end server component. The front-end client part of the application runs on a workstation and receives data that is input by the user. The client component prepares the data for the server by preprocessing it in some fashion, and then sends the processed information to the server, usually in the form of a request for some service. The back-end server component receives the client’s request, processes it, and returns information to the client. The client receives the information returned from the server and presents it to the user by way of its user interface.
An example of a client/server application is a Web application that is designed for Internet Information Services (IIS) using a combination of server-side Active Server Pages (ASP) programming and client-side scripting. The ASP scripts run on the Web server, while the client-side scripts run on the client Web browser.
A service that can be installed on Microsoft Windows NT Workstation computers to enable them to directly connect to file and print resources on Novell NetWare servers. In other words, Client Services for NetWare (CSNW) is Microsoft’s version of the NetWare redirector for Windows NT. Microsoft Windows 2000 Professional also has a similar service with the same name.
How It Works
CSNW is a full-featured, 32-bit client for NetWare networks that can be installed on Windows NT Workstation by using the Services tab of the Network utility in Control Panel (or on Windows 2000 Professional by using the Network and Dial-up Connections utility in Control Panel). If you are connecting to a NetWare 3.12 or earlier server, you must specify a preferred NetWare server for access to its bindery. If you are connecting to NetWare 4, specify the Novell Directory Services (NDS) tree and default context. CSNW supports browsing NDS trees, but does not support administration of NDS trees.
Additional options are included for printing and login script support. CSNW requires installation of the NWLink IPX/SPX-Compatible Transport protocol, but if it is not installed already, it will be added automatically when you install CSNW on a machine.
NOTE
CSNW supports connections to servers running version 2, 3, or 4 of NetWare, including both bindery emulation and NDS on NetWare 4. CSNW includes support for
NetWare Core Protocol (NCP)
Large Internet Protocol (LIP)
Long filenames (LFNs)
                      
                     
Graphic C-17. Client Services for NetWare (CSNW).
TIP
On a machine running Windows NT Server or Windows 2000 Server, NetWare connectivity is provided by Gateway Services for NetWare (GSNW). Use CSNW to provide your Windows NT Workstation clients with dedicated access to Novell NetWare servers; use GSNW only to provide occasional access to NetWare servers from Windows NT Workstation or Windows 2000 Professional clients.
In networking, any part of the network whose data transmission paths are unpredictable and vary from session to session.
Clouds are often used in networking diagrams to represent packet-switching services. In these services, a packet sent from one node to another follows an unpredictable path, since at any given moment different routers or other devices can be used to forward the packet toward its destination. The Internet is an example of a packet-switching cloud for TCP/IP networking, since data sent between two points can travel over many possible paths. This is why the Internet is graphically represented as a cloud in drawings of wide area networks (WANs). Other examples of packet-switching services include frame relay and X.25 networks.
Circuit-switched services are often represented as clouds as well. In circuit-switched services, communication switches at various telco and carrier central offices (COs) and switching facilities are temporarily used for establishing circuits between two communicating nodes. Each time communication is terminated and reestablished, different sets of switches can be used.
                      
                     
Graphic C-18. Cloud.
A configuration of two nodes in Microsoft Cluster Server (MSCS). When network clients try to access shared resources or applications on clusters, the cluster appears to the clients as a single server. MSCS is included with Microsoft Windows NT Server, Enterprise Edition. (For a similar feature in Windows 2000, see Windows Clustering.)
How It Works
Each node in a cluster is a completely independent computer system that must be running Windows NT Server, Enterprise Edition. These nodes are connected by a shared storage bus such as an external Small Computer System Interface (SCSI) disk subsystem. Network resources such as applications and shared information can be hosted on only one node at a time, but MSCS supports failover, which allows the resource to be shifted to the other node if one of the nodes in a cluster fails. Failover is controlled by the Cluster service, which runs on both nodes.
                      
                     
Graphic C-19. Cluster.
Some of the different models for configuring a cluster on MSCS include
High availability with static load balancing, in which both nodes make their resources available to network users as virtual servers and either node can take on the work of the other should failover be initiated. This configuration is typically used for file-sharing or print-sharing purposes.
High availability with hot-spare support, in which the primary node is active and provides resources to network users, while the secondary node is inactive and is used only as a dedicated backup node. This configuration is typically used for mission-critical Web services.
A GUI-based tool used for managing any cluster on the network. A copy of Cluster Administrator is automatically installed on both nodes in the cluster when you install Microsoft Cluster Server (MSCS), but Cluster Administrator can also be installed and run from any remote computer running Microsoft Windows NT with Service Pack 3 or later. (On Windows 2000 Advanced Server, Cluster Administrator is provided as a snap-in for the Microsoft Management Console.)
Cluster Administrator can perform actions such as
Specifying which applications run on each node of the cluster
Managing services, file shares, and directory replication
Configuring policies for failover and failback
Configuring which node currently runs each application
Taking nodes off line for maintenance
TIP
You can also administer various aspects of MSCS by typing cluster.exe from the command prompt. This might be useful, for example, if you had to use a secondary dial-up modem connection to manage a cluster. Another use might be to create a batch file for automated administration of MSCS, and schedule the batch file using the Windows NT at command. Cluster.exe can be used only on a computer with MSCS installed or a Windows NT Workstation with Service Pack 3 that has Cluster Administrator installed.
In Microsoft Cluster Server (MSCS) or Windows Clustering, any client application that can run on a node of a cluster and can be managed as a cluster resource. Cluster-aware applications can be written to access the services of MSCS by using its cluster application programming interface (API). Cluster-aware applications also implement the extension dynamic-link libraries (DLLs) of Cluster Administrator, which allow them to be managed using Cluster Administrator. These features allow developers to write high-scalability applications that can perform dynamic load balancing across the different nodes in a cluster.
A cluster-aware application is one that is aware of the fact that it is running on a cluster and can make use of the scalability, load balancing, and failover aspects of clustering to provide high availability for mission-critical business environments. Cluster-aware applications include database applications such as Microsoft SQL Server, messaging applications such as Microsoft Exchange Server, and Web applications for running on Web servers such as Internet Information Services (IIS).
Any technology that enables two or more servers to appear to clients as a single system. Clustering provides failover protection for mission-critical applications running on servers. Microsoft Cluster Server (MSCS) is a two-node clustering solution included in Microsoft Windows NT Server, Enterprise Edition.
Clustering technologies are often used for high-availability Web servers such as Internet Information Services (IIS) to sustain around-the-clock uptime.
How It Works
A cluster consists of two or more nodes connected to a shared file system. Each of the nodes is a fully functional computing platform, and the shared file system consists of a hard disk system or RAID-5 array connected to each node using a fast Small Computer System Interface (SCSI) bus or fibre channel connection. The result is a cluster of computer systems that acts and functions as if it were a single system. This provides fast, uninterrupted service for high-demand environments with minimal downtime.
Clustering solutions fall into three different categories:
Active/active clustering: This type of clustering makes the most efficient use of system resources because there are no redundant nodes: all nodes run active processes. If one node of a cluster fails, other nodes take on the workload of the failed cluster. The latency for failover in this scenario is typically 15 to 150 seconds, depending on the hardware/software configuration. This is the kind of clustering supported by MSCS.
Active/standby clustering: Nodes are paired within a cluster, with one node designated to take over should another node fail. If an active node fails, a standby node assumes its workload. Latency for failover is also 15 to 150 seconds.
Fault-tolerant clustering: Nodes are paired within a cluster, and all nodes perform all tasks simultaneously. This is an expensive solution from a hardware point of view, but latency for failover is reduced to a second or less.
A Microsoft Windows NT service in Microsoft Cluster Server (MSCS) that controls cluster activity, communication between cluster servers, and failover operations. (Windows Clustering in Windows 2000 also includes a Cluster service.) The Cluster service controls all aspects of cluster operation and manages the MSCS configuration database. Each node in a cluster runs its own instance of the Cluster service.
The Cluster service handles the following functions:
Configuration and management of clustering service objects (nodes, networks, resources, groups, and so on)
Coordination between all instances of the service running on the cluster
Failover operations
Event notification
The Cluster service provides three benefits:
High availability: If one node of a cluster fails, the other node starts providing services, making mission-critical applications continually available to clients. This process is called failover.
Scalability: Using clustering technology, less powerful computer systems can be enhanced when grouped into clusters.
Manageability: Since both nodes of a cluster are managed as a single system, administrative tasks are made easier.
See also Windows Clustering
See Microsoft Connection Manager (CM)
See Connection Manager Administration Kit (CMAK)
See plenum cabling
See connected network (CN)
Stands for Canonical Name record, a Domain Name System (DNS) resource record in a DNS server’s database or zone file. A CNAME record is used to map an alias to the canonical name (true name) of a server. The CNAME record lets you use more than one name to refer to a single host on the network. If a name server is queried by a resolver to look up a host and the queried name is an alias in a CNAME record, the name server replaces the alias name with the canonical name of the host being looked up, and then looks up the address of the canonical name.
Example
Here is an address record for the host named server12 in the Microsoft.com Internet domain. This record has the IP address 172.16.8.5, followed by a CNAME record indicating that the name bobby (or the fully qualified domain name bobby.Microsoft.com) is an alias for the same host:
server12.Microsoft.com IN A 172.16.8.55 bobby IN CNAME server12
See central office (CO)
See coaxial cabling
A form of network cabling used primarily in older Ethernet networks and in electrically noisy industrial environments. The name “coax” comes from its two-conductor construction in which the conductors run concentrically with each other along the axis of the cable. Coaxial cabling has been largely replaced by twisted-pair cabling for local area network (LAN) installations within buildings, and by fiber-optic cabling for high-speed network backbones.
                      
                     
Graphic C-20. Coaxial cabling.
How It Works
Coaxial cabling generally consists of a solid copper core for carrying the signal, covered with successive layers of inner insulation, aluminum foil, a copper braided mesh, and outer protective insulation. A solid conductor provides better conductivity than a stranded one, but is less flexible and more difficult to install. The insulation is usually PVC (polyvinyl chloride) or a non-stick coating; the aluminum foil and copper mesh provide shielding for the inner copper core. The mesh also provides the point of grounding for the cable to complete the circuit.
Coaxial cabling comes in various types and grades. The most common are
Thicknet cabling, which is an older form of cabling used for legacy 10Base5 Ethernet backbone installations. This cabling is generally yellow and is referred to as RG-8 or N-series cabling. Strictly speaking, only cabling labeled as IEEE 802.3 cabling is true thicknet cabling.
Thinnet coaxial cabling, which is used in 10Base2 networks for small Ethernet installations. This grade of coaxial cabling is generally designated as RG-58A/U cabling, which has a stranded conductor and a 53-ohm impedance. This kind of cabling uses BNC connectors for connecting to other networking components, and must have terminators at free ends to prevent signal bounce.
ARCNET cabling, which uses thin coaxial cabling called RG-62 cabling with an impedance of 93 ohms.
RG-59 cabling, which is used for cable television (CATV) connections.
In addition, a number of special types of coaxial cabling are sometimes used for certain networking purposes. An example is twinax cabling, which consists of two conductors first enclosed in their own insulation and then enclosed in a single copper mesh and insulating jacket. Twinax is used in legacy IBM networks for connecting AS/400 systems to 5250 terminals. Other more exotic varieties include triax, quadrax, and ribbon types of coaxial cables.
TIP
Coaxial cabling is often used in heavy industrial environments where motors and generators produce a lot of electromagnetic interference (EMI), and where more expensive fiber-optic cabling is unnecessary because of the slow data rates needed. Coaxial cabling is also used frequently in IBM mainframe and minicomputer environments. A device called a splitter can be used to fork one coaxial cable into two—for example, when connecting two 3270 terminals to one IBM mainframe system. A splitter is used at either end of the connection so that the signals for both terminals can be sent over a single coaxial cable. Coax multiplexers can be used to connect eight or more terminals to a single controller.
Short for compressor/decompressor, an encoding algorithm used for recording digital audio or video. A codec compresses transmitted data at the sending end and decompresses it at the receiving end.
Microsoft NetShow uses different codecs to provide streaming multimedia information over a TCP/IP network such as the Internet. NetShow provides a number of different codecs for different purposes. You can select a codec to give you the audio or image quality and image size that you want for your transmission.
A digital cellular phone technology that uses spread spectrum wireless networking technologies. Code Division Multiple Access (CDMA) can be used to refer both to a type of digital cellular phone system and to the specific media access method used by this kind of cellular system. CDMA was developed by Qualcomm in 1993, and it was adopted and ratified by the Telecommunications Industry Association (TIA) as part of their Interim Standard 95.
How It Works
CDMA uses the spread spectrum wireless networking technology—first developed for military communication systems in the 1940s because it spreads its transmission over a large bandwidth, making it difficult to jam. Instead of dividing the available radio spectrum into a series of discrete channels using the older Time Division Multiple Access (TDMA) media access method, a CDMA channel occupies the entire available frequency band. The disadvantage is that CDMA is more complex to implement than TDMA digital cellular technologies.
The spread spectrum approach assigns a special digital code sequence to each user, and all users share the same broad portion of the radio frequency spectrum. Users thus share time and frequency resources on the available bandwidth, and their individual communications are channeled using these codes. The code tag then identifies the conversation to the transmission station. All users in a cell that are transmitting at the same time are thus employing the same frequency band for their transmission.
CDMA combines voice and data into a single digital transmission at 9.6 Kbps, although speeds up to 19.2 Kbps per channel are possible by using error detection and correction techniques.
NOTE
Without knowledge of a conversation’s code tag, eavesdropping on CDMA conversations is difficult, making CDMA a more secure cellular phone technology than the Advanced Mobile Phone Service (AMPS) still used widely in the United States. CDMA also has a much higher call capacity than AMPS and is comparable to the Global System for Mobile Communications (GSM) standard for cellular communication used in Europe.
On the Web
•
CDMA Development Group : http://www.cdg.org
See also cellular phone technology
A switch with a combination of input and output ports, the connections between which can be remotely reconfigured by commands entered into a computer. Code-operated switches are useful in environments where remote switching is needed for file-sharing or monitoring purposes. For example, you could use an RS-232 serial code-operated switch to remotely switch between pieces of data terminal equipment (DTE), such as servers or routers for running diagnostics from a remote console.
                      
                     
Graphic C-21. Code-operated switch.
How It Works
Internal dual inline package (DIP) switches are usually used to configure the code-operated switch so that a different arming character can be used to trigger each connected device. The code-operated switch then examines the incoming data stream for these special text-string codes in order to determine to which device it should route data. An example might be the remote switching between printers. A remote computer could send an embedded switching character to specify which printer connected to the code-operated switch should be used for printing the data.
A remote user can connect to the company network using a modem that interfaces with a code-operated switch, and then use the switch to control a variety of serial-controlled devices in an industrial environment, such as a group of laboratory instruments. Code-operated switches are available from different vendors in configurations supporting up to 64 different serial devices from one remote connection.
Besides embedding switching characters in the data stream, embedded control characters can also be used to directly control the code-operated switch.
See also switch
Restarting the computer by turning the power switch off and then on, or by shutting down the computer, turning it off, and then turning it on again. If you perform the first type of rebooting, open files will not be properly closed and data can be lost. However, this method ensures that memory is cleared and devices are properly reset. An example might be when you reconfigure the settings of a legacy modem using the modem utility in Control Panel. You might find that you must cold boot your machine in order for the new configuration settings to fully take effect.
See also boot
A Microsoft object library that provides messaging capability for applications written in Microsoft Visual Basic, Microsoft Visual C++, and Win32 Virtual Machine for Java. Collaboration Data Objects (CDO) provides distributed Web applications with a standard way to quickly and easily create, send, post, receive, read, and manipulate messages using interfaces based on standard Internet protocols such as Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP), and Multipurpose Internet Mail Extensions (MIME). CDO 2 is included with Internet Information Server (IIS) version 4 and with the Microsoft Windows 2000 operating system platforms to support the built-in SMTP and NNTP services.
CDO 2 does not support mailboxes, but it does support protocol events to enable programmers to write routines that respond to incoming messages and process outgoing messages. For security reasons, CDO cannot be accessed by scripts running on Microsoft Internet Explorer.
A networking methodology in which the backbone and switching components are combined into a single device. In a traditional network, local area networks (LANs) are multipoint connections connected using a backbone cable. For example, in a building, a fiber-optic backbone might run from floor to floor and connect with a hub in a wiring closet on each floor. In contrast, collapsed backbones make use of centralized switches, which provide virtual point-to-point connections for LAN connections; these switches are located in one place.
Therefore, instead of having a hub for each floor located in that floor’s wiring closet, a set of stackable Ethernet switches would be located in the wiring closet of a single floor, with individual cables running from this closet to stations in work areas on every floor.
The advantages of using a collapsed backbone are that they eliminate the costs of backbone cabling installation, they require fewer devices, their equipment administration is more centralized, and they offer higher available bandwidth for each station. The disadvantages are that collapsed backbones generally are not feasible for use in more than one building, they require more cabling, they use more expensive devices, and they have a more limited distance capability.
See also backbone
A Carrier Sense Multiple Access with Collision Detection (CSMA/CD) network where a collision will occur if two computers attempt to transmit signals at the same time. The larger the collision domain of an Ethernet network, the more computers present and the higher the probability of collisions occurring and negatively affecting network performance.
NOTE
If two hubs are connected directly to a third hub, the resulting local area network (LAN) is still only a single collision domain, since only hub connections are used between segments of the network. But if the two hubs are directly connected to an Ethernet switch, you have two collision domains because the switch enables the two networks to function independently. Bridges and routers can also segment Ethernet networks into smaller collision domains.
In computer networking, a condition that occurs when two or more computers on a network try to transmit signals at the same time. Handling collisions is one of the main functions of a networking access method. For example, in Ethernet networks, collisions often occur when two or more stations attempt to place frames on the wire at the same time. To handle this situation, Ethernet makes use of the access method called Carrier Sense Multiple Access with Collision Detection (CSMA/CD) so that each station takes turns accessing the wire.
How It Works
When a station begins transmitting a signal and detects a collision, the station stops transmitting and issues a jam signal to tell the other station that a collision has occurred. Both stations then stop transmitting and wait a random interval of time before retransmitting their signals. The amount of time the stations wait before retransmitting increases with the number of collisions occurring on the network.
In Microsoft Windows 2000, a condition that can occur during the replication of information in Active Directory. Because Active Directory uses a multimaster replication system, it is possible for multiple changes to be made simultaneously to the same object within Active Directory by users accessing different domain controllers.
How It Works
To minimize collisions, Active Directory records and replicates all updates to directory objects only at the property or attribute level. This allows different properties of the same object to be simultaneously modified without the worry of a collision occurring. However, if two users modify the same property of an object simultaneously, a collision occurs. Using the time stamps and property version numbers for the property that was changed, Active Directory determines which update to the property has the later time stamp and uses this information to update itself.
See Component Object Model (COM)
An extension of Microsoft’s Component Object Model (COM) that builds on COM’s integrated services and features in key areas, including
Dynamic load balancing, which distributes client requests across multiple equivalent COM components
In-memory database (IMDB), which provides quicker data access to applications by lowering overhead
Publish and subscribe services, which provide an event mechanism enabling multiple clients to subscribe to published events and send notification to subscribers when events are fired
Queued components, which let clients invoke methods on COM components using an asynchronous model for increased reliability over poor network connections and in disconnected usage scenarios
Integration of Microsoft Transaction Server (MTS) into COM, which supports attribute-based programming, improvements in transactions, security and administration services, and improved interoperability with other transaction environments through support for the Transaction Internet Protocol (TIP)
A compiled software component that is based on Microsoft’s Component Object Model (COM) technology. COM components generally refer to the physical files that contain the classes that define COM objects. COM components also include additional code, such as code to register the component in the registry and code for loading the component.
COM components can be written in many languages using tools such as Microsoft Visual Basic, Microsoft Visual J++, Microsoft Visual C++, and Microsoft Visual FoxPro. COM components can be run on an application server, a Web server, a Microsoft Transaction Server (MTS), or a client. COM components can be stand-alone applications or reusable software components, and they make the development of Web applications comparable to the development of system applications.
How It Works
COM components interact with each other and with user applications in a client/server fashion. The client therefore uses the functionality of the server component by creating instances of classes that the server component provides and calling their properties and methods.
COM components can be designed to run in three different modes:
In-process: The component executes in the calling application’s process space.
Local: The component executes in its own process space.
Remote: The component executes in a process space on another machine.
An in-process COM component has the extension .ocx or .dll, while an out-of-process COM component (one running outside the calling application process) has the extension .exe. COM components can run on another machine in a manner transparent to the calling application by using the Distributed Component Object Model (DCOM).
TIP
When developing applications based on COM components, use in-process components to optimize the speed of object access, but use out-of-process components to maximize thread safety.
NOTE
COM components that support Automation can be called by scripting languages such as Microsoft Visual Basic Scripting Edition (VBScript) or Microsoft JScript.
                      
                     
Graphic C-22. In-process, local, and remote COM components.
See also Automation, COM object, Component Object Model (COM)
A method by which actions can be performed on a computer running Microsoft Windows by typing text into a command prompt window. The commands that are available depend on which version of Windows is used.
Examples of commands common to most Windows platforms include the attrib command, cacls command, copy command, dir command, and diskcopy command. In addition to these Windows commands, some special commands are available only when certain networking services or protocols are installed. For example, if TCP/IP is installed on a computer running Windows, a number of TCP/IP commands are available, including the arp command, ping, tracert, and nbtstat.
Commands are useful for administering different aspects of a system or network using a command-line interface, such as a telnet connection or a command prompt. Commands are also often used in writing batch files that can perform a group of operations on a system or network service. You can run such a batch file directly, or you can schedule its operation for a predetermined time.
Finally, many Windows programs can be started in different ways from the command prompt using optional switches. For example, Windows Explorer can be run by typing explorer.exe from the command prompt. These programs are normally run using a graphical user interface (GUI), are started by desktop shortcuts, and are not usually referred to as commands.
A text-based interface to a computer operating system. Users type text commands into the command interpreter in order to execute various routines and manage system and networking resources. Traditional UNIX systems make heavy use of the command interpreter, and MS-DOS, the legacy Microsoft operating system, used a command interpreter to process text-based commands to control operating system processes.
On systems based on Microsoft Windows, users can still open a command prompt to issue various text-based commands for controlling different aspects of the system, but these commands represent only a subset of the full functionality of the GUI-based administration tools available on Windows platforms.
The command interpreter is sometimes referred to as the operating system shell, especially on UNIX platforms. Entering a command into the command interpreter is referred to as “working at the command line.”
See command prompt
A Microsoft Windows application that allows Windows commands to be entered and executed. The command prompt provides a command-line interface for running certain operating system tasks, configuring networking services, and even accessing resources and applications over the network. Much administration can be performed from the command prompt, although the command prompt provides a more complex and less intuitive interface than the usual desktop graphical user interface (GUI) of Windows operating systems. However, administrators who have spent significant time working in UNIX networking environments might find the command prompt a more familiar paradigm for administering a Windows-based network.
                          
                         
Graphic C-23. Command prompt.
NOTE
In Windows NT and Windows 2000, the command prompt application is cmd.exe, located in the %SystemRoot%\system32 folder. In Windows 95 and Windows 98, it is called the MS-DOS prompt, has the executable filename command.com, and is in the \Windows folder. The Windows NT version can be configured using the Console utility in Control Panel.
Internet service providers (ISPs), online service providers, telephone and cable network operators, and other companies that provide software services such as community access to mail, news, chat, and conferencing services. By utilizing these services of a CSP, customers don’t have to acquire licenses for the software the CSP provides.
A graphical user interface (GUI) developed by IBM, Sun Microsystems, and Hewlett-Packard for open systems on UNIX platforms. Common Desktop Environment (CDE) is a paradigm that is widely used in the UNIX industry. CDE is based on various industry standards including the X Window System (X11) release 5, X/OPEN, OSF/Motif 1.2, and others.
CDE is designed to provide users with a simple and consistent desktop interface that includes
Standard windows-management features
File-system browsing tools supporting multiple views
Customizable user interface–management tools for changing backdrops, mouse and keyboard settings, and screen savers
Extensive and easily accessed online help features
Multiple workspaces for increasing available desktop area
A standard mechanism for communication between Web servers and server-side gateway programs that was developed in the UNIX networking environment. These gateway programs are written either in a compiled language such as C or in an interpreted language such as Perl. Common Gateway Interface (CGI) allows Web servers to run scripts or programs on the server and send the output to the client Web browser.
How It Works
When a Web client such as Microsoft Internet Explorer submits a form or otherwise passes information to a Web server using CGI, the Web server receives the information from the client and passes it to the gateway program for processing. The gateway program then returns the result of the processing to the server, which returns it to the Web browser as an HTML page.
CGI applications are often used as form handlers for Web forms, and are executed using a <FORM> tag embedded in the form document, as in the following:
<FORM METHOD=POST ACTION= "http://www.northwind.microsoft.com/cgi-bin/results.pl">
In this example, the Perl script results.pl in the cgi-bin directory functions as the form handler for processing the information submitted using the form.
NOTE
CGI was developed for UNIX-based systems and is supported by most Web servers, including Internet Information Services (IIS). Microsoft Internet Server API (ISAPI) is a set of server extensions for IIS that functions similar to those of CGI but uses fewer resources. The main difference is that with CGI the system creates a unique process for every CGI request, while ISAPI extensions do not require separate processes. This makes ISAPI applications generally more responsive than CGI applications.
An emerging standard from the Distributed Management Task Force (DMTF), formerly named the Desktop Management Task Force, for an extensible, object-oriented schema for managing information collected from computers, networking devices, protocols, and applications.
How It Works
The Common Information Model (CIM) defines a set of schema for describing information collected for network and systems management purposes. The type of information that can be described by CIM can include
Static information, such as the capacity of a hard drive on a desktop computer or the applications installed on a server
Dynamic information, such as the current bandwidth being used on a port on a switch or router
Information that is collected can be shared between systems on a peer-to-peer basis. This information sharing allows network devices to not only be managed from a centralized management console but also to talk to one another to resolve problems as they arise.
CIM is based on an object-oriented programming model, in which inheritance causes subclasses to acquire characteristics from their parent classes. CIM is extensible and allows vendors to define the features of their products using inherited subclasses. The fact that these subclasses are inherited from standard parent classes ensures that data collected from different vendors’ systems will be compatible with the CIM standard.
CIM consists of two parts: a language definition specifying the constructs and methods that can be used to model network and system resources, and a set of schema that describes how specific types of resources will be represented.
CIM allows three kinds of schema:
Core schema, which define general areas of network and system management
Common schema, which define specific areas of management
Extension schema, which define the management of vendor-specific technologies
CIM is similar to the Simple Network Management Protocol (SNMP) and Desktop Management Interface (DMI) standards. However, unlike SNMP and DMI, CIM has the ability to manage the widest possible range of hardware and software systems. CIM also shows the relationships between the different hardware and software components of an enterprise network more completely, making it easier to troubleshoot complex distributed systems and applications.
TIP
Microsoft Systems Management Server (SMS) 2.0 is capable of collecting CIM data from managed systems and exporting this data to other enterprise management applications, such as NetView from Tivoli Systems and Unicenter from Computer Associates.
See also Web-Based Enterprise Management (WBEM)
A public version of the Server Message Block (SMB) file-sharing protocol that has been tuned for use over the Internet. Common Internet File System (CIFS) is a remote file system access protocol that enables groups of users to collaborate and share documents over the Internet or within corporate intranets.
CIFS is an open, cross-platform technology that is based on the native file-sharing protocols of Microsoft Windows platforms. It is supported by other platforms such as UNIX. CIFS is viewed as a possible replacement for both the File Transfer Protocol (FTP) and the Network File System (NFS) file system protocols. CIFS supports encrypted passwords and Unicode filenames; it can be used to mount a remote file system as a directory or drive on the local machine. CIFS also includes features not supported by NFS, including write-ahead and native support for locks.
NOTE
Microsoft’s Distributed file system (Dfs) is covered as part of the CIFS specification. CIFS has been submitted to the Internet Engineering Task Force (IETF) by Microsoft. CIFS client and server software is available for the Windows NT operating system platform.
A component architecture developed by the Object Management Group and its member companies that specifies technologies for creating, distributing, and managing component programming objects over a network. Common Object Request Broker Architecture (CORBA) is designed to provide interoperability between applications in heterogeneous distributed environments.
NOTE
CORBA is not supported by Microsoft, which instead has developed its own distributed object management architecture called Distributed Component Object Model, or DCOM.
How It Works
In a CORBA environment, programs request services through an object request broker (ORB), which allows components of distributed applications to find each other and communicate without knowing where applications are located on the network or what kind of interface they use. ORBs are the middleware that enable client and server programs to establish sessions with each other, independent of their location on the network or their programming interface.
The process of a client invoking a call to an application programming interface (API) on a server object is transparent. The client issues the call, which is intercepted by the ORB. The ORB takes the call and is responsible for locating a server object that is able to implement the request. Once it has located such an object, the ORB invokes the object’s method and passes it any parameters submitted by the client. The results are then returned to the client. ORBs communicate among themselves using the General Inter-ORB Protocol (GIOP) or the Internet Inter-ORB Protocol (IIOP) so that any ORB can fulfill any client request on the network.
On the Web
•
Object Management Group : http://www.omg.org
A group of hosts managed by Simple Network Management Protocol (SNMP) running SNMP agents. Communities provide a simple way of partitioning and securing a network for SNMP management. SNMP agents and management systems use community names as the mechanism for authenticating SNMP messages. All SNMP agents belonging to the same community share the same community name, which functions as a kind of shared password for those agents so that they can be recognized by the SNMP management program and other agents. SNMP messages sent by SNMP management systems to a specific community are accepted only by hosts configured to belong to that community. If an SNMP agent program receives an SNMP message with a community name that it is not configured to recognize, it typically drops the message and sends a trap message to the SNMP management program indicating that a message was not authenticated on that machine.
NOTE
An agent can be a member of one or more communities. By default, all agents belong to the public community. If all community names including public names are removed from an SNMP-managed host, the host will accept all SNMP messages sent to it.
An instance of a class that is based on Microsoft’s Component Object Model (COM) technology. A COM object encapsulates functionality, which is accessed through COM interfaces. Every COM object supports at least two interfaces, IUnknown and one or more interfaces that implement the functionality of the COM object.
                      
                     
Graphic C-24. A client accessing a COM object.
See also COM component, Component Object Model (COM)
A Microsoft Windows NT and Windows 2000 command used to compress or uncompress files and folders on an NTFS volume. The compact command can be used to display the compression status of a file or directory, or to change that status. If a compression action is interrupted, resulting in a partially compressed file that is unreadable, you can use the compact command with the /f switch to force the full compression of the file. The command supports multiple filenames and wildcards.
Example
compact /c /s compresses all files in the current directory and its subdirectories. For the full syntax of this command, type compact/? at the command prompt.
A Microsoft Windows command for performing a bytewise comparison of the contents of different files. The comp command is typically used for byte-by-byte comparison of text files, or for a comparison of the contents of two directories.
Example
To compare C:\file1.txt and C:\file2.txt and show the differences between them as characters, type the following:
comp C:\file1.txt C:\file2.txt /a
You can also use wildcards to specify multiple files. For the full syntax of this command, type comp/? at the command prompt.
A domain model in Microsoft Windows NT in which every domain trusts every other domain with two-way trusts. The complete trust model is rarely implemented in Windows NT–based networks unless the motivation for using Windows NT is being driven from the bottom up. For example, if a number of individual departments start implementing domains, the company might soon find itself implementing the complete trust model in order to make administration of these domains more efficient. This model also might be used in a situation in which two companies using Windows NT merge into a single company. Because of the large number of trusts in a complete trust model, there are additional security concerns about who is able to administer what. The following table outlines the pros and cons of using this domain model.
Advantages and Disadvantages of Using the Complete Trust Model
| Advantages | Disadvantages | 
| Scalable to any number of user accounts. | Complex to set up and administer. | 
| Suitable for merging companies or organizations with no central MIS department. | Multiple local groups must be created in each resource domain. | 
NOTE
When you upgrade a Windows NT network based on the complete trust model to a Windows 2000 network, you can maintain the relative independence of each domain by migrating each domain to be the root domain of a domain tree. Each domain tree would have a single domain, namely the root domain. Two-way transitive trusts can then be established between the trees to form a domain forest.
                      
                     
Graphic C-25. Shown for Windows NT.
See also multiple master domain model, single domain model, single master domain model
As defined by Microsoft, the Component Object Model (COM) is an object-based software architecture that allows applications to be built from binary software components. COM is the foundation for various Microsoft technologies including OLE, ActiveX, Distributed COM (DCOM), COM+, and Microsoft Transaction Server (MTS).
COM is not a programming language, rather it is a specification. The goal of COM is to allow applications to be built using components. These COM components can be created by different vendors, at different times, and using different programming languages. Also, the COM components can run on different machines or different operating systems.
The following concepts are fundamental to the way COM works:
COM Interfaces: A group of related functions implemented by the COM class. COM interfaces are the mechanisms by which COM objects expose their functionality to applications and other components. An interface is a table of pointers to functions that are implemented by the object. The table represents the interface, and the functions to which the table points represent the methods of that interface. COM objects can expose multiple interfaces. Each interface has its own unique interface ID (IID).
IUnknown: This is the basic COM interface on which all other interfaces are based; it provides reference counting and interface querying mechanisms. IUnknown allows navigation to all other interfaces exposed by the object.
Reference counting: This is a mechanism by which an interface determines it is no longer being used and is therefore free to remove itself. IUnknown uses the methods AddRef and Release to implement reference counting.
QueryInterface: This is the IUnknown method used to query an object for a given interface.
Aggregation: This is a technique by which one object can make use of another.
Marshaling: This mechanism lets objects be used across thread, process, and network boundaries, thus providing location independence.
On the Web
•
Microsoft COM home page : http://www.microsoft.com/com
See also ActiveX component, COM component, COM object, Distributed Component Object Model (DCOM), Microsoft Transaction Server (MTS), OLE
See Microsoft Transaction Server (MTS)
A Microsoft Windows 98 system tool for selectively compressing files using settings that you specify. Compression Agent allows you to save disk space by archiving less frequently accessed files. Using Compression Agent, you can improve the performance of access to compressed drives by modifying the level of compression used. Specifically, you can decide whether you want the selected files to be compressed and whether standard, HiPack, or UltraPack compression format should be used. UltraPack compression is available in Compression Agent but not in the DriveSpace 3 utility, and is normally used only for archiving files that are not frequently accessed. Compression Agent can either be started manually, or scheduled using Task Scheduler or the Maintenance Wizard. Compression Agent can also be run from the command prompt using the cmpagent command.
NOTE
You can use Compression Agent only on drives that have been compressed using DriveSpace 3.
See Computing Technology Industry Association (CompTIA)
An account in the Security Accounts Manager (SAM) database of a Microsoft Windows NT domain controller (or in Active Directory of Windows 2000) that signifies that a particular computer is a part of a Windows NT or Windows 2000 domain. Windows NT and Windows 2000 domain controllers can store three types of accounts: user accounts, group accounts, and computer accounts.
How It Works
Computer accounts are used by Windows NT and Windows 2000 to determine whether a particular system that a user is employing to attempt to log on to the network is part of the domain. When the NetLogon service running on a client computer connects to the NetLogon service on a domain controller in order to authenticate a user, the NetLogon services challenge each other to determine whether they both have valid computer accounts. This allows a secure communication channel to be established for logon purposes.
In order for a Windows NT server or workstation to join a domain, the machine must have a computer account created for it in the SAM database. There are two ways to create this account:
Use Server Manager in Windows NT or Active Directory Users and Computers in Windows 2000 to create a computer account for the machine, and then have the machine join the domain.
Use an administrator account to create a computer account while installing Windows NT or Windows 2000 on the server or workstation.
On Windows NT, make sure there are no open sessions with the domain’s Primary Domain Controller (PDC) before having a machine join a domain.
NOTE
Machines running Windows 95 and Windows 98 can participate in domain authentication, but they do not have computer accounts in the domain directory database. This is why the logon box for a Windows 95 or Windows 98 machine has a hard-coded domain name and can log on to only one domain. The logon box for a Windows NT machine, however, has a drop-down list that lets you select which domain you want to log on to, provided there are suitable trust relationships established between domains on the network.
TIP
If you reinstall Windows NT or Windows 2000 on a machine, you must delete the old computer account and create a new computer account, even if the machine has the same name as before.
A service in Microsoft Windows NT and Windows 2000 responsible for enabling the browsing of network resources using Network Neighborhood and Windows Explorer. A Computer Browser service simplifies the user task of locating and accessing network resources by eliminating the need for users to remember Universal Naming Convention (UNC) paths or other network syntax, and by eliminating the need for all computers on the network to maintain their own list of all available network resources.
                      
                     
Graphic C-26. Computer Browser service.
How It Works
The Computer Browser service maintains a distributed series of lists called browse lists that contain information about shared resources available on the network. Different computers on the network have different roles. These computers include the following:
Domain master browser: Collects and maintains the master browse list for the domain, and synchronizes this list with other domain master browsers in different domains. In a Windows NT network, the domain master browser must be the Primary Domain Controller (PDC).
Master browser: Collects and maintains the master browse list for the domain and distributes this list to backup browsers in the domain. This can be a computer running Windows 2000, Windows NT, Windows 95, Windows 98, or Windows for Workgroups.
Backup browser: Maintains copies of the browse list received from the master browsers and distributes this list to any network client requesting a network resource. This can be a computer running Windows 2000, Windows NT, Windows 95, Windows 98, or Windows for Workgroups.
Potential browser: Any computer on the network configured so that it can assume the role of a master browser or backup browser if required. This can be a computer running Windows 2000, Windows NT, Windows 95, Windows 98, or Windows for Workgroups.
Nonbrowser: Any computer that cannot be a browser but can share resources with the network.
When a client tries to access a shared resource on the network, such as a shared folder on a file server, it first contacts the master browser for a list of backup browsers. Then it contacts a backup browser for a copy of the browse list. Once the client has the browse list, it contacts the file server for a list of shares, and then connects to the desired share.
NOTE
The Workstation service and Server service must be started for the Computer Browser service to function.
TIP
The Computer Browser service uses broadcast packets. To browse on a TCP/IP internetwork consisting of multiple subnets separated by routers that do not forward broadcast, implement Windows Internet Name Service (WINS) on the network, with the domain master browser configured as a WINS client (not a WINS server). This configuration will ensure that the domain master browser will have a browse list with the resources on all subnets in the internetwork, including those spanned by other Windows NT domains.
You can also modify the MaintainServerList entry in the Windows NT registry to enable or disable a Windows NT machine as a backup browser or potential master browser, and the IsDomainMaster entry to force a machine to become the domain master browser. Both of these registry entries are found under HKEY_LOCAL_MACHINE\SYSTEM\ControlSetxxx \Services\Browser\Parameters.
See also browse list, browser election, browsing
A Microsoft Windows 2000 Server management console that provides a single integrated desktop tool for managing local and remote machines. Computer Management combines a number of administrative utilities from Windows NT with additional Windows 2000 tools to provide an easy way of viewing and managing properties of any computer running Windows 2000 on the network. Using Computer Management, an administrator can perform the following actions on local and remote machines:
Create and manage shares
Display a list of connected users
Manage services such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS)
Start and stop system services
Configure properties of storage devices
Monitor system events and application errors
Display device settings and add new device drivers
                              
                             
Graphic C-27. Computer Management.
TIP
To use Computer Management for modifying administrative settings, you must be a member of the Administrators group.
For computers running Microsoft Windows, a name that identifies a computer on the network. Computer names can be up to 15 characters in length. In Windows NT, Windows 95, and Windows 98, you specify a computer’s name using the Network utility in Control Panel. (In Windows 2000, use the Network Identification tab of the System utility in Control Panel.) The computer must be restarted if its name is changed. This name is used by services that perform NetBIOS name resolution on the network, such as the Windows Internet Name Service (WINS). Computer names provide a friendly way of accessing network resources without having to remember complex numerical addresses such as IP addresses.
NOTE
A hidden sixteenth character is appended to the computer name to form the NetBIOS name for NetBIOS-aware networking services on the machine. Each NetBIOS-aware service has a different NetBIOS name, some of which are based on the name of the computer and others of which are based on the name of the domain in which the computer resides.
TIP
Give friendly names, derived from some common source such as “A Midsummer Night’s Dream,” to groups of computers offering related services. For example, you could call your servers Puck, Oberon, and so on. This makes it easy to remember that these computers all belong to the same group.
A general term describing the integration of computer and telephone technologies. By joining computer systems with switched telephone services, users can access advanced functions such as automatic incoming call routing, call display, and power dialing. For example, a computer can use computer-telephony integration (CTI) to issue commands to a telephone switch to control call routing of calls.
CTI applications generally fall into one of two categories:
Call-control applications: Allow computers to dial numbers, establish conference calls, and so on. The computer essentially replaces the touch-tone telephone keypad.
Media-processing applications: Deal with more complex issues, such as voice recognition, speech synthesis, and converting fax messages to e-mail. These applications pursue the goal of completely integrated unified messaging in which voice, fax, e-mail, and video conferencing features are combined.
CTI is made possible on Microsoft Windows platforms by operating system application programming interfaces (APIs) such as Microsoft’s Telephony Application Programming Interface (TAPI). The range of products and technologies that support CTI continues to evolve. Cross-platform, vendor-neutral standards have not yet been established.
A computer industry trade association formed in 1982. The Computing Technology Industry Association (CompTIA) currently has more than 7500 members. CompTIA membership includes resellers, VARs, distributors, manufacturers, and training companies in the United States and Canada. The goals of CompTIA are to foster professional competence and business ethics among its members and throughout the computer industry. CompTIA provides its members with educational opportunities, a professional network, and a forum for the development of ethical, professional, and business standards in the computing industry. A number of committees meet to consider issues such as software licensing and electronic warranty forms.
On the Web
•
CompTIA home page : http://www.comptia.org
See COM Transaction Integrator (COMTI)
A component of Microsoft SNA Server version 4 that provides client applications with access to two popular mainframe transaction processing (TP) environments, Customer Information Control System (CICS) and Information Management System (IMS).
How It Works
COM Transaction Integrator (COMTI) works in conjunction with Microsoft Transaction Server (MTS), making CICS and IMS programs appear as MTS components that can be used with other MTS components to build distributed applications. COMTI includes both a Microsoft Windows NT Server run-time environment and a development tool called Component Builder, which can import mainframe COBOL code and automatically generate an object compatible with MTS. This lets developers program in the visual, object-oriented environments they are accustomed to, allowing them access to host transactions without needing to learn the intricacies of SNA.
A term referring to the simultaneous access to a network resource by more than one client. Concurrency is an important issue in the licensing of a server operating system or application. For example, the Per Server licensing mode for Microsoft Windows NT Server is based on concurrency. If you purchase 10 client access licenses (CALs) for your Windows NT Server, a maximum of 10 concurrent connections can legally be formed with that server for accessing network resources.
NOTE
Some products, such as Microsoft Outlook 98, do not support concurrent access. In other words, you cannot install a central copy of Outlook 98 on a server and have thin clients run this program from the centralized location. Instead, you must install one copy of Outlook 98 on each client that needs to run it.
A text file used by MS-DOS and 16-bit versions of Microsoft Windows that is used to configure computer hardware at startup. The config.sys file is used to configure a machine’s memory, keyboard, mouse, printer, and other peripherals. The config.sys file is an ASCII file that can be edited with any text editor. A typical config.sys file includes commands such as device, lastdrive, and dos. Device commands are used to load device drivers for different hardware, such as the extended memory driver himem.sys. Lastdrive specifies the highest available drive letter. Dos allows you to load MS-DOS into the high memory area and to give programs access to the upper memory area.
After the config.sys file’s commands are executed, the autoexec.bat file is executed. Windows 95 and Windows 98 also include a config.sys file, but it is present only for backward compatibility with 16-bit Windows applications running under Windows 95 or Windows 98.
NOTE
If a config.sys file exists in the boot partition on a computer running Windows NT, it will be parsed at startup.
In Microsoft Message Queue (MSMQ) Server terminology, a name for a collection of computers in which any two computers can directly communicate. Computers in the same connected network must be running the same network protocol. A connected network (CN) is essentially a label describing how MSMQ servers are related in an enterprise. CNs are logical groupings of computers that can communicate directly using MSMQ messages. When you install an MSMQ server, you specify a connected network for each network address on the server.
TIP
When you specify connected networks for your MSMQ enterprise, it’s a good idea to use meaningful labels so that administrators can easily select a connected network from a list when they need to override the default connected network settings.
A link between two computers for the purpose of exchanging information. An example would be a Microsoft Windows NT Workstation, Windows 95, or Windows 98 client computer accessing a shared folder or printer on a Windows 2000 server. The term “connection” is also used to describe the establishment of communication over a WAN link, as in using a dial-up connection over a modem.
NOTE
When a client computer tries to connect to a server, the success or failure of the attempt can depend upon whether
The server has shared the resource that the client wants to connect to
The client has been properly authenticated or has permission to access the resource
The client is properly licensed to connect to the server, and free licenses are available
TIP
When a Windows NT Workstation client receives the message “No more connections can be made at this remote computer at this time because there are already as many connections as the computer can accept,” or a Windows 95 or Windows 98 client receives the message “This request is not accepted by the network, try again later,” it means the client is being denied a connection to the Windows NT server. Possible reasons might include the following:
The User Limit setting (on the Sharing tab of the folder’s property sheet) has been exceeded.
Your network uses Per Server licensing, and all licenses are currently allocated to connected users.
See also client access license (CAL), license
Any transport layer protocol that relies on broadcast packets instead of directed packets. Connectionless protocols cannot guarantee delivery of packets. Instead, reliability of packets is handled by the application itself or some higher layer of the protocol stack.
An example of a connectionless protocol is the User Datagram Protocol (UDP), which is part of the TCP/IP protocol suite. UDP provides connectionless services for delivering small packets of information commonly called datagrams. Connectionless protocols can only offer “best-effort” delivery and cannot guarantee that packets will arrive in the correct order or even at all. In Microsoft Windows NT, connectionless protocols such as UDP are used in services such as the NetBIOS name service and the Simple Network Management Protocol (SNMP) service.
See also connection-oriented protocol
A wizard-based tool for creating custom connectivity solutions, and a component of Internet Connection Services for Microsoft Remote Access Service (RAS). The Connection Manager Administration Kit (CMAK) is used to customize the Microsoft Connection Manager (CM) client component. Internet service providers (ISPs) can use this tool to customize dial-up installation packages for their customers. Customization features include
Animated logon screen, which can include a custom logo
Desktop icons
The language the dialer displays to the customer
Support numbers and help files
Various connect actions that the dialer performs when dialing, such as shutting down applications or downloading files
Any transport layer protocol that establishes a connection in order to reliably send packets over the network. Connection-oriented protocols guarantee delivery of packets by making use of acknowledgments and retransmission of data. Connection-oriented protocols are used primarily for reliable delivery of large packets of data, as opposed to the unreliable connectionless protocols that are used to deliver small datagrams.
An example of a connection-oriented protocol is the Transmission Control Protocol (TCP), which is part of the TCP/IP protocol suite. The TCP protocol uses a TCP three-way handshake to establish a connection between two hosts on a network. During session establishment, the hosts negotiate the TCP window size, segment size, and other information needed to ensure reliable and efficient communication. A TCP connection is terminated using a similar handshake procedure.
See also connectionless protocol
A component of Internet Connection Services for Microsoft Remote Access Service (RAS) that provides users with a central location for managing and distributing network access numbers. Connection Point Services (CPS) will automatically check a subscriber’s phone book and download updates if required. CPS can also be used to merge a corporate phone book of network access numbers with phone books from an Internet service provider (ISP).
CPS has two components:
Phone Book Service: Downloads a phone book by comparing the phone book on the subscriber’s computer with those in the CPS database. This ensures that subscribers always have an up-to-date directory of network access numbers.
Phone Book Administrator: Creates new phone books or edits existing ones. You can create and maintain multiple phone books, both public and private, and post phone book information to the Phone Book Service.
A technique for optimizing Active Server Pages (ASP) applications running on Internet Information Server (IIS) version 4. Connection pooling allows more efficient implementation when connecting ASP front-end applications to a back-end database.
How It Works
Connection pooling involves the pooling of open database connectivity (ODBC) connections to reduce the frequency at which ODBC connections need to be opened and closed on heavily accessed servers. Connection pooling improves ASP performance for ODBC-enabled Web applications and provides a graceful way to manage connection timeouts.
To use ODBC connection pooling on IIS, perform the following steps:
Configure the database driver using ODBC in Control Panel.
Enable connection pooling in the Microsoft Windows NT registry.
Open individual connections in your Microsoft ActiveX Data Objects (ADO) code right before data access is needed for an ASP page, and release connections as soon as the data has been accessed.
Once connection pooling is enabled, the ODBC driver will check the connection pool for idle connections it can reuse before creating a new connection in response to an ODBC request. When connections are released, they are returned to the connection pool instead of being closed.
TIP
You can control the amount of time an idle connection remains in the pool using the CPTimeout registry setting, which by default is set to 60 seconds.
A computer running Microsoft Exchange Server that is dedicated for routing messages to other sites and foreign mail systems using Exchange connectors. Large companies often require servers that are dedicated to message routing because of the high volume of message traffic they experience. In a typical high-volume site configuration, one server might be optimized as a home server for users’ mailboxes, another server for dedicated public-folder replica hosting, and a third for providing dedicated messaging connectivity with other sites and foreign messaging systems. A connectivity server can have one or more connectors installed on it to provide connectivity with Exchange sites, Simple Mail Transfer Protocol (SMTP) hosts, X.400 messaging systems, or Microsoft Mail postoffices. The more connectors you have on a server, the greater its hardware requirements become.
TIP
Run the Performance Optimizer wizard once you have installed your connectors on the Exchange server. This will allow your server to take maximum advantage of its particular hardware configuration.
A device that terminates a segment of cabling or provides a point of entry for networking devices such as computers, hubs, and routers. Connectors can be distinguished according to their physical appearance and mating properties, such as jacks and plugs (male connectors) or sockets and ports (female connectors). They can also be distinguished by their different pinning configurations, such as DB9 and DB15 connectors, which have 9 and 15 pins, respectively. In addition, connectors are distinguished by the kind of electrical interfaces they support. Examples of different types of connectors include
Connectors for serial interfaces, such as RS-232 and V.35
Ethernet connectors, such as RJ-45 and BNC connectors
Fiber-optic cabling connectors, such as SC and ST connectors
There are literally dozens of types of connectors used in networking, and the networking professional needs to be familiar with many of them. The illustration shows some of the common connector types used in different aspects of networking and telecommunications.
                      
                     
Graphic C-28. Common networking and telecommunications connectors.
A component of Microsoft Exchange Server that enables message transfer and directory synchronization between Exchange Server and Lotus cc:Mail systems. Lotus cc:Mail uses a shared-file messaging architecture similar to that of Microsoft Mail. The Connector for Lotus cc:Mail is implemented as a Microsoft Windows NT service on Exchange Server and supports
Message transfer between Exchange Server and cc:Mail messaging systems
Synchronization of directory information between Exchange Server and cc:Mail servers
The Connector for Lotus cc:Mail can be used to provide connectivity with database versions 6 or 8 cc:Mail postoffices.
NOTE
Only one Connector for Lotus cc:Mail can be installed on a given computer running Exchange Server, and that connector can connect to only one cc:Mail postoffice. However, multiple computers running Exchange Server can each have a cc:Mail connector installed in order to connect to multiple postoffices throughout a cc:Mail messaging system. The Lotus cc:Mail programs export.exe and import.exe must be installed on the computer running Exchange Server for connectivity to be established.
A component of Microsoft Exchange Server that enables message transfers and directory synchronization between Exchange Server and Lotus Notes systems. The Connector for Lotus Notes allows either single or multiple Lotus Notes servers to be accessed from a single machine running Exchange Server. The Connector for Lotus Notes is implemented as a Microsoft Windows NT service on Exchange Server and supports
Message transfer between Exchange Server and Lotus Notes
Synchronization of directory information between Exchange Server and Lotus Notes
The Connector for Lotus Notes also converts message content to Rich Text Format (RTF) and converts OLE objects on Exchange Server to Lotus Doclinks objects.
NOTE
The Connector for Lotus Notes supports Lotus Notes 3.x and Lotus Notes/Domino 4.x.
TIP
Be sure to install the Lotus Notes client on the computer running Exchange Server prior to attempting to install the Connector for Lotus Notes on the machine. The connector needs this client to successfully log on to the Lotus Notes mail server. If you have trouble establishing connectivity, check that the connector has a valid Lotus Notes ID and that this ID has the appropriate permissions needed to access the databases on the machine running Lotus Notes.
A component of Microsoft Exchange Server used to connect Exchange sites or to connect an Exchange organization to foreign mail systems. Connectors are components of Exchange that can be used to route messages over a messaging system. Connectors are implemented on Exchange as Microsoft Windows NT services, and can be stopped and started using the Services utility in Control Panel.
Various types of connectors can be installed on Exchange, including the following:
Site Connector: Used for establishing high-speed messaging links between different sites in an Exchange organization
X.400 Connector: Used for establishing connectivity with a foreign X.400 messaging system such as those found in different parts of Europe
Dynamic RAS Connector: Used for establishing dial-up connectivity between sites in an Exchange organization
Internet Mail Service: Used for establishing connectivity with the Internet’s Simple Mail Transfer Protocol (SMTP) messaging system
Microsoft Mail Connector: Used for establishing messaging connectivity with legacy Microsoft Mail networks
Connector for Lotus cc:Mail: Used for establishing connectivity with a foreign cc:Mail system
Connector for Lotus Note: Used for establishing connectivity with a Lotus Notes network
For more information on each of these connectors, refer to their individual entries in this work.
An element in the Microsoft Exchange Server directory hierarchy that can contain other objects, including containers and leaf objects. Exchange Administrator provides a hierarchical view of the resources on a computer running Exchange Server. At the root of the Exchange Server hierarchy is the organization container, which is normally named after the company itself. Beneath this container are a number of other containers, including
Address book views, which contains various address lists optimized for client use.
Folders, which contains both public folders and system folders.
Global Address List, which is a sequential list of all recipients in the organization.
Site containers, which are containers for individual Exchange Server sites. These site containers contain a hierarchy of containers and leaf objects for specific Exchange Server sites you have created.
See also Exchange Administrator
In Microsoft Management Console (MMC), any node in a console tree to which other nodes can be added. The usual icon for a container in MMC is the folder icon. The highest-level container in a console is the console root node. Beneath this node in the hierarchy are the top-level nodes for individual snap-ins that have been installed. Administrators who are creating new MMC consoles can create additional containers (folders) for organizing their console trees as desired.
In Microsoft Windows 2000, an object in Active Directory that can contain other objects. Examples of containers include organizational units (OUs), domains, and local networks. Domains are the core containers for organizing the structure of Active Directory. The other kinds of objects in Active Directory are leaf objects, which cannot contain other objects.
Objects created in a container inherit the discretionary access control list (DACL) of the container itself. In other words, a child object obtains its permissions from its parent object by inheritance.
NOTE
Groups are not containers; they are security principals.
In Microsoft Windows NT, an NTFS file system object (such as a directory) that can contain other objects (such as files). Objects created in a container inherit the access control list (ACL) of the container itself. In other words, a child object obtains its permissions from its parent object by inheritance. For example, if a directory on an NTFS volume has read permission assigned to the Everyone group, any new file that you create or save in the directory will inherit the same permission. Using containers therefore simplifies the assignment of permissions to objects in the file system.
A feature of Microsoft Internet Explorer that allows you to control user access to Web sites based on the content ratings of the sites. The Internet provides individuals with access to a wide variety of information, but some of this information might be unsuitable for certain viewers. For example, parents are often concerned about their children being exposed to violent or sexually explicit material on the Internet.
Content Advisor lets you control the kind of Internet content that can be accessed using Internet Explorer. This is a useful feature in corporate networks that have high-speed connectivity to the Internet, since it can be used to discourage improper use of Web browsers on employee machines, thus helping to implement a company’s acceptable use policy for the Internet. With Content Advisor, you can specify ratings settings to indicate acceptable levels of content to view with regard to sex, nudity, violence, and offensive language, and you can password-protect these settings.
NOTE
Content Advisor functions properly only with Web sites that are rated.
A tool included with Microsoft Site Server and Microsoft Site Server Express that lets Web server administrators perform content analysis and link management of Web sites. Content Analyzer can visually display the structure and integrity of a site in the form of a diagram called a Web map. Web maps allow administrators to visually examine the structure of a site and quickly identify problems, such as loops and broken links. Web maps display various Web content items using different icons and can use a variety of colors to convey different kinds of information. You can also use Content Analyzer to search Web maps for various kinds of information using predefined Quick Searches. Once you find an item of interest on a Web map, you can open your Web page editing tool directly from the Web map. You can also export Web map information into a database or spreadsheet file for further analysis.
Content Analyzer can also generate predefined site reports you can use to identify broken links and analyze the structure of Web sites. These site reports can be generated in Hypertext Markup Language (HTML) format for easy reading and evaluation, and can identify changes to the content of a site, broken links, and other information.
A function of a proxy server such as Microsoft Proxy Server. Content caching allows a proxy server to cache the results of a client request. The next time a client requests the same content, it is retrieved from the cache to improve performance. Content remains in the cache for a predetermined period of time, or until the cache becomes full and old content is moved to allow new content to be cached.
Microsoft Proxy Server makes use of distributed caching, which lets content caching take place closer to users and allows caching activity to be load-balanced across several Proxy Servers for scalability and fault tolerance. For example, within corporate intranets, caching can be moved toward the branch office and workgroup levels of the organization. For Internet service providers (ISPs), caching can be moved toward regional points of presence (POPs). Distributed caching is particularly effective for solving network bandwidth problems associated with Internet push technologies.
Microsoft Proxy Server’s distributed caching can be implemented in two ways:
Array-based caching: In this approach, an array or group of proxy servers works together and is administered as a single, logical entity. A cache array provides load balancing, fault tolerance, scalability, and ease of administration. Cache arrays can provide a higher cache hit rate than an individual proxy server because of the larger size of the virtual cache.
Hierarchical caching: In this approach, you arrange proxy servers in a hierarchy by branch office or department. Requests from clients are then forwarded up the hierarchy until the requested object is found in a proxy server’s cache.
A component of Microsoft Index Server that can read a specific document format and turn it into a stream of text characters. Content filters are an essential part of the indexing process on Index Server because they determine which types of documents can be read and indexed. Index Server includes content filters for popular file formats such as
ASCII text
Hypertext Markup Language (HTML) pages
Microsoft Word documents
Microsoft Excel spreadsheets
In addition, many third-party companies have produced content filters for their own document formats, allowing these documents to be indexed by Index Server when their content filters have been installed. Content filters also handle the presence of embedded objects in documents and recognize when a language shift occurs in a multilingual document.
A condition that occurs when two or more stations on a network try to access the network media simultaneously. In other words, the stations are contending for control of the media.
There are different ways of resolving contention issues on a network. One way is to use a single station as the master or primary station that controls all communication on the network. Other devices on the network function as slave, or secondary, stations. The entire system is known as a master-slave system. The master station normally functions in transmit mode, while the slave stations operate in receive mode. The master station tells individual slave stations when they should switch to transmit mode in order to transmit information over the network. This kind of scenario is used in networks based on IBM’s Systems Network Architecture (SNA).
In Ethernet networks, the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method is used to resolve contention on the network by allowing collisions to occur, and then resolving them successfully.
A mechanism for preventing users of Microsoft Internet Explorer from viewing Web sites that contain objectionable language, violence, nudity, or sexually explicit content. These ratings are configured on the Web server on a site-by-site basis. Ratings for each category have been established at four levels of acceptable use. The Webmaster who creates the site can then include information about the levels of objectionable language, violence, nudity, or sexually explicit content present on their site. Content ratings are defined by the Recreational Software Advisory Council (RSAC). The user can configure his or her browser to a specified accessibility level for each type of content by using the Content Advisor feature of Internet Explorer.
On the Web
•
RSAC home page : http://www.rsac.org
A command sent from one Usenet host to another. Control messages are defined in the Network News Transfer Protocol (NNTP) specifications. Control messages can be issued by Usenet hosts to perform actions such as
Creating a new newsgroup on the host
Deleting a newsgroup
Canceling messages that have already been posted
TIP
Control messages are simple text commands. You can troubleshoot a Usenet host by using telnet to connect to port 119 and manually typing various control messages and examining their results.
A Microsoft Windows feature consisting of a number of utilities for configuring hardware devices and operating system services.
                      
                     
Graphic C-29. Windows 2000 Control Panel.
The following table shows some of the more common Control Panel utilities in Windows 95, Windows 98, Windows NT, and Windows 2000 and briefly describes their function. Note that some utilities are named differently in the various Windows versions, such as 32-bit ODBC for Windows NT and ODBC (32 bit) for Windows 95 or 98; these utilities are listed separately here. Note also that some Control Panel utilities are present only when additional Windows components have been installed. For example, the GSNW utility is present only when Gateway Services for NetWare has been installed. Finally, installing additional third-party software can add new utilities to Control Panel associated with that software.
Common Control Panel Utilities
| Control Panel Utility | Function | Windows 95 and 98 | Windows NT | Windows 2000 | 
| 32-bit ODBC | Database connectivity | x | x | |
| Accessibility Options | Help for visually or motor-impaired individuals | x | 
 | x | 
| Add New Hardware | Hardware installation wizard | x | ||
| Add/Remove Hardware | Hardware installation wizard | x | ||
| Add/Remove Programs | Installs new software or Windows components | x | x | x | 
| Administrative Tools | Shortcut to Administrative Tools program group | x | ||
| Console | Command prompt window | x | ||
| Date/Time | Date, time, time zone | x | x | x | 
| Desktop Themes | Configures appearance of desktop | x | ||
| Devices | Startup profiles for hardware devices | x | ||
| Dial-Up Monitor | Monitors RAS connections | x | ||
| Display | Screen and desktop settings | x | x | x | 
| Folder Options | Enables Active Desktop and determines how folders are displayed | x | ||
| Fonts | Installs new fonts | x | x | x | 
| Game Controllers | Configures joysticks | x | x | |
| GSNW | Gateway Services for NetWare | x | x | |
| Internet | Internet Explorer options | x | x | |
| Internet Options | Internet Explorer options | x | ||
| Keyboard | Style and response rate | x | x | x | 
| Licensing | Changes licensing mode and configures replication | x | x | |
| MacFile | Services for Macintosh | x | ||
|  | Messaging profiles | x | x | x | 
| Message Queuing | Configuration options for Microsoft Message Queue Server | x | ||
| Modems | Modem settings | x | x | |
| Mouse | Mouse settings | x | x | x | 
| Multimedia | Audio/video settings | x | x | |
| Network | Networking clients, services, protocols, and adapters | x | x | |
| Network and Dial-up Connections | Creates and configures network connections | x | ||
| ODBC (32-bit) | Database connectivity | x | ||
| Passwords | Configures passwords, enables remote administration, and enables user profiles | x | ||
| PC Card | Settings for PCMCIA cards | x | x | x | 
| Phone and Modem | Modem and TAPI location settings | x | ||
| Ports | COM port settings | x | ||
| Power Management | Advanced power management settings | x | x | |
| Power Options | Advanced power management settings | x | ||
| Printers | Adds printer wizard and manages printers | x | x | x | 
| Regional Options | Currency and other settings for countries | x | ||
| Regional Settings | Currency and other settings for countries | x | x | |
| Scanners and Cameras | Configures these devices | x | ||
| Scheduled Tasks | Schedule system management tasks | x | ||
| SCSI Adapters | SCSI device settings | x | ||
| Server | Server role | x | ||
| Services | Starting and stopping services | x | ||
| Sounds | System sounds | x | x | |
| Sounds and Multimedia | Audio/visual hardware/software and system sounds | x | ||
| System | Boot, file system, profiles, devices, environment, network identification, and so on (depending on the version of Windows) | x | x | x | 
| Tape Devices | Tape drive settings | x | ||
| Telephony | TAPI location settings | x | x | |
| UPS | Uninterruptible Power Supply settings | x | ||
| Users | User profiles | x | 
Refers to a set of registry keys in Microsoft Windows NT and Windows 2000 that contains configuration information used for system startup. Control sets define certain aspects of the Windows NT boot process to allow Windows NT to boot up successfully. Up to four control set subkeys are located under the HKEY_LOCAL_MACHINE\SYSTEM registry key, including the following:
ControlSet001, ControlSet002, and so on, which represent backup copies of control sets that successfully started the system.
CurrentControlSet, which refers to the control set that was used to successfully boot the system under its current configuration. The key here is a pointer to one of the ControlSet00x registry keys.
NOTE
The Select registry key under HKEY_LOCAL_MACHINES\SYSTEM identifies which of the control set keys corresponds to the current, default, failed, and Last Known Good configurations. If the current control set can’t start the system, you can press the Spacebar when indicated during the boot process to select the last known good configuration, which is the last control set that worked for sure.
A Microsoft Windows NT and Windows 2000 command that can be used to convert a file allocation table (FAT) volume to an NTFS file system without loss of data on the volume. This conversion is one-way—you cannot convert an NTFS volume to a FAT volume using this command. The convert command cannot be used to convert the current drive. If you attempt to convert the system partition, convert is unable to lock the drive and instead schedules conversion to occur at the next reboot.
Example
convert d: /fs:ntfs converts D drive to NTFS.
For the full syntax of this command, type convert/? at the command prompt.
TIP
Always back up a FAT volume prior to converting it to NTFS.
In Internet technologies, a cookie is a text file that a Web server saves on a client machine during a Hypertext Transfer Protocol (HTTP) session. Cookies are used to record information about the client’s usage patterns, including the date and time the client visited the site, which pages were accessed, Web browser preferences, and so on. Cookies use the storage system of the client for saving this information instead of storing it on the server. Since the vast number of clients might visit the site only once, it would be inefficient to dedicate a large portion of server storage to tracking anonymous clients that might never return. Furthermore, client preferences (such as IP address) might change between sessions, especially for dial-up clients, so servers would have no way of recognizing clients if cookie information were saved on the server. Cookies therefore provide a way for the server to recognize that the client previously visited the site and record what the client did during previous visits, allowing the server to customize the HTTP session to meet the needs of the client (or the needs of the advertisers of the site!).
Cookies are harmless text files and cannot be used to transmit a virus to the client. Cookies are simply passive holders of information; they cannot be used to “get” any information off your computer (such as your e-mail address). Nevertheless, most Web browsers, such as Microsoft Internet Explorer, have an optional setting that allows users to reject cookies. However, rejecting cookies can result in poorer browsing experiences on sites that are cookie-dependent. You can also delete any cookies on a computer running Microsoft Windows by deleting the contents of the cookies subdirectory within the user profile directory on your hard drive. (Don’t delete the directory itself, however.)
One of the two basic types of physical cabling media (the other being glass, or fiber-optic cabling). Copper cabling is cheap and flexible, but it is susceptible to electromagnetic interference (EMI), has limited range because of attenuation, and generates electromagnetic radiation that can be intercepted by nearby equipment.
The types of copper cabling commonly used in networking include
Twisted-pair cabling, such as unshielded twisted-pair (UTP) cabling and shielded twisted-pair (STP) cabling
Coaxial cabling, such as thinnet and thicknet
For more information on these types of copper cabling, refer to their individual entries in this work.
TIP
UTP cabling of category 5 grade is the most commonly used copper cabling in networking environments today. Category 5 cabling (CAT5 cabling) comes in either solid core or stranded cabling. Solid core cabling is stiffer, but it has better conductivity and less attenuation, and it is simpler to terminate than stranded cabling. Stranded cabling is more flexible and easier to work with than solid cabling, and it is more resistant to breaking or fracturing. Use solid core UTP cabling for fixed horizontal cable runs, cross-connects, and backbone cabling; use stranded UTP cabling for locations where equipment is frequently moved, for short cable runs between computers and wall plates, or as patch cables in the wiring closet.
Essentially, the use of Fiber Distributed Data Interface (FDDI) over copper cabling as an alternative to using fiber-optic cabling. Copper Distributed Data Interface (CDDI) can send data over unshielded twisted-pair (UTP) cabling at 100 Mbps, but cable lengths are limited to about 100 meters. The architecture and operation are similar to FDDI, but CDDI is not as commonly implemented as FDDI.
TIP
If cost is an issue, CDDI offers an alternative to FDDI. CDDI still provides a 100-Mbps network with redundancy, but at reduced cost because copper cabling is cheaper than fiber-optic cabling. Note that CDDI does not provide the security that FDDI does: copper cabling can be tapped, while fiber-optic cabling cannot.
See also Fiber Distributed Data Interface (FDDI)
A backup type in which all the selected files and folders are backed up, but the archive attribute is not marked for each file and folder. Copies do not interrupt the normal backup schedule because they do not change the state of the archive bit on files being backed up. Copy backups are typically used to produce additional copies of backup tapes. Copy backups might be used for
Archiving information in a different location
Generating tapes of month-end financials, which can then be given to the accounting department
Providing branch offices with copies of information on file servers
See also backup, backup type
A Microsoft Windows command you can use to copy a file or group of files to a new location. The copy command can be used to copy files between volumes or within a volume to different directories. This provides a quick way of backing up files from the command prompt. The copy command can also be used to combine and move files.
Example
copy /v /y C:\myfile.txt D:\stuff\myfile2.txt
This command copies the file myfile.txt on the root of C to the folder \stuff on D and gives it the name myfile2.txt. The /v switch verifies that the copy was successful, and the /y switch suppresses the user prompt for confirmation of the action before performing it. For the full syntax of this command, type copy/? at the command prompt.
Making a replica of a file. On Microsoft Windows platforms, files can be copied using a graphical user interface (GUI) tool such as Windows Explorer or from the command prompt using the copy command.
NOTE
Some inheritance issues are associated with copying files on Windows NT and Windows 2000 platforms that use the NTFS file system. Specifically, copying a file within or between different NTFS volumes causes the file to inherit the permissions of the folder into which it is copied. For example, if a file on the NTFS drive C has read permission for everyone and it is copied to a directory on the NTFS drive D, which has change permission for everyone, the copy of the file inherits the change permission from the directory it is moved to.
See also moving files
See Common Object Request Broker Architecture (CORBA)
An aspect of an object in Performance Monitor for which usage statistics can be collected. Performance Monitor, a Microsoft Windows NT administrative tool for monitoring system resources, can be used to collect status information about various objects. (In Windows 2000, System Monitor in the Performance console is used to perform the monitoring task.) For example, if the object Processor is being studied, the Performance Monitor collects information on all counters that belong to this object. This includes counters such as
% User Time: The percentage of the time the processor is in user mode executing a nonidle thread
% Privileged Time: The percentage of the time the processor is in kernel mode executing a nonidle thread
Interrupts/sec: The number of device interrupts a processor receives per second
If the machine is a multiprocessor system, each instance of each counter can be monitored. Performance Monitor counters are usually one of two types:
Instantaneous counters, which display the most recent value of a measurement—for example, Processor: % Processor Time
Average counters, which display the average of the last two measured values—for example, LogicalDisk: Avg. Disk Bytes/Read
A two-letter code identifying top-level domains for countries in the Domain Name System (DNS). Country codes are a way of geographically identifying a domain name as belonging to a particular country. They are an alternative to the more commonly used organizational codes such as .com, .org, .net, and so on. This table lists the various country codes for the DNS system.
Country Codes
| Code | Country | Code | Country | 
| AD | Andorra | BS | Bahamas | 
| AE | United Arab Emirates | BT | Bhutan | 
| AF | Afghanistan | BV | Bouvet Island | 
| AG | Antigua and Barbuda | BW | Botswana | 
| AI | Anguilla | BY | Belarus | 
| AL | Albania | BZ | Belize | 
| AM | Armenia | CA | Canada | 
| AN | Netherlands Antilles | CC | Cocos (Keeling Islands) | 
| AO | Angola | CF | Central African Republic | 
| AQ | Antarctica | CG | Congo | 
| AR | Argentina | CH | Switzerland | 
| AS | American Samoa | CI | Cote D’Ivoire (Ivory Coast) | 
| AT | Austria | CK | Cook Islands | 
| AU | Australia | CL | Chile | 
| AW | Aruba | CM | Cameroon | 
| AZ | Azerbaijan | CN | China | 
| BA | Bosnia and Herzegovina | CO | Colombia | 
| BB | Barbados | CR | Costa Rica | 
| BD | Bangladesh | CU | Cuba | 
| BE | Belgium | CV | Cape Verde | 
| BF | Burkina Faso | CX | Christmas Island | 
| BG | Bulgaria | CY | Cyprus | 
| BH | Bahrain | CZ | Czech Republic | 
| BI | Burundi | DE | Germany | 
| BJ | Benin | DJ | Djibouti | 
| BM | Bermuda | DK | Denmark | 
| BN | Brunei Darussalam | DM | Dominica | 
| BO | Bolivia | DO | Dominican Republic | 
| BR | Brazil | DZ | Algeria | 
| EC | Ecuador | GY | Guyana | 
| EE | Estonia | HK | Hong Kong | 
| EG | Egypt | HM | Heard and McDonald Islands | 
| EH | Western Sahara | HN | Honduras | 
| ER | Eritrea | HR | Croatia (Hrvatska) | 
| ES | Spain | HT | Haiti | 
| ET | Ethiopia | HU | Hungary | 
| FI | Finland | ID | Indonesia | 
| FJ | Fiji | IE | Ireland | 
| FK | Falkland Islands (Malvinas) | IL | Israel | 
| FM | Micronesia | IN | India | 
| FO | Faroe Islands | IO | British Indian Ocean Territory | 
| FR | France | IQ | Iraq | 
| FX | France (Metropolitan) | IR | Iran | 
| GA | Gabon | IS | Iceland | 
| GD | Grenada | IT | Italy | 
| GE | Georgia | JM | Jamaica | 
| GF | French Guiana | JO | Jordan | 
| GH | Ghana | JP | Japan | 
| GI | Gibraltar | KE | Kenya | 
| GL | Greenland | KG | Kyrgyzstan | 
| GM | Gambia | KH | Cambodia | 
| GN | Guinea | KI | Kiribati | 
| GP | Guadeloupe | KM | Comoros | 
| GQ | Equatorial Guinea | KN | Saint Kitts and Nevis | 
| GR | Greece | KP | Korea (North) | 
| GS | South Georgia and South Sandwich Islands | KR | Korea (South) | 
| GT | Guatemala | KW | Kuwait | 
| GU | Guam | KY | Cayman Islands | 
| GW | Guinea-Bissau | KZ | Kazakhstan | 
| LA | Laos | MZ | Mozambique | 
| LB | Lebanon | NA | Namibia | 
| LC | Saint Lucia | NC | New Caledonia | 
| LI | Liechtenstein | NE | Niger | 
| LK | Sri Lanka | NF | Norfolk Island | 
| LR | Liberia | NG | Nigeria | 
| LS | Lesotho | NI | Nicaragua | 
| LT | Lithuania | NL | Netherlands | 
| LU | Luxembourg | NO | Norway | 
| LV | Latvia | NP | Nepal | 
| LY | Libya | NR | Nauru | 
| MA | Morocco | NU | Niue | 
| MC | Monaco | NZ | New Zealand | 
| MD | Moldova | OM | Oman | 
| MG | Madagascar | PA | Panama | 
| MH | Marshall Islands | PE | Peru | 
| MK | Macedonia | PF | French Polynesia | 
| ML | Mali | PG | Papua New Guinea | 
| MM | Myanmar | PH | Philippines | 
| MN | Mongolia | PK | Pakistan | 
| MO | Macau | PL | Poland | 
| MP | Northern Mariana Islands | PM | St. Pierre and Miquelon | 
| MQ | Martinique | PN | Pitcairn | 
| MR | Mauritania | PR | Puerto Rico | 
| MS | Montserrat | PT | Portugal | 
| MT | Malta | PW | Palau | 
| MU | Mauritius | PY | Paraguay | 
| MV | Maldives | QA | Qatar | 
| MW | Malawi | RE | Reunion | 
| MX | Mexico | RO | Romania | 
| MY | Malaysia | RU | Russian Federation | 
| RW | Rwanda | TP | East Timor | 
| SA | Saudi Arabia | TR | Turkey | 
| SB | Solomon Islands | TT | Trinidad and Tobago | 
| SC | Seychelles | TV | Tuvalu | 
| SD | Sudan | TW | Taiwan | 
| SE | Sweden | TZ | Tanzania | 
| SG | Singapore | UA | Ukraine | 
| SH | St. Helena | UG | Uganda | 
| SI | Slovenia | UK | United Kingdom | 
| SJ | Svalbard and Jan Mayen Islands | UM | US Minor Outlying Islands | 
| SK | Slovak Republic | US | United States | 
| SL | Sierra Leone | UY | Uruguay | 
| SM | San Marino | UZ | Uzbekistan | 
| SN | Senegal | VA | Vatican City State | 
| SO | Somalia | VC | Saint Vincent and The Grenadines | 
| SR | Suriname | VE | Venezuela | 
| ST | Sao Tome and Principe | VG | Virgin Islands (British) | 
| SV | El Salvador | VI | Virgin Islands (US) | 
| SY | Syria | VN | Viet Nam | 
| SZ | Swaziland | VU | Vanuatu | 
| TC | Turks and Caicos Islands | WF | Wallis and Futuna Islands | 
| TD | Chad | WS | Samoa | 
| TF | French Southern Territories | YE | Yemen | 
| TG | Togo | YT | Mayotte | 
| TH | Thailand | YU | Yugoslavia | 
| TJ | Tajikistan | ZA | South Africa | 
| TK | Tokelau | ZM | Zambia | 
| TM | Turkmenistan | ZR | Zaire | 
| TN | Tunisia | ZW | Zimbabwe | 
| TO | Tonga | 
A small device for connecting two cables to make a longer cable, sometimes called an inline coupler. Inline couplers do not provide any amplification or signal boost, and can cause attenuation and signal degradation unless they are of high quality. One example would be a small box that accepts two category 5 (CAT5) cables with RJ-45 connectors and links them to form a longer cable. Another example would be the BNC barrel connector for joining two lengths of thinnet cabling. A third example would be a coupler with two RJ-11 connectors for joining two phone lines.
The term “coupler” is also used to refer to modular connectors that can snap into customizable patch panels to allow different kinds of cabling to be mixed in one patch panel.
                      
                     
Graphic C-30. A category 5 UTP (unshielded twisted-pair) coupler.
See customer premises equipment (CPE)
See Connection Point Services (CPS)
See cyclical redundancy check (CRC)
A Microsoft Windows NT and Windows 2000 system group existing on all Windows NT and Windows 2000 servers and workstations that is used as a security context for running services and operating system functions. The membership of the Creator Owner system group cannot be modified directly. The Creator Owner system group includes only the user who created or took ownership of a network resource, and is functionally equivalent to that user’s primary group. The Creator Owner system group has full permissions on the resource, but the rights of the Creator Owner system group cannot be modified. Whoever creates a file system object or print job becomes the Creator Owner of that object or job.
See also built-in group, special identity
Required for users who want to log on to a network and access its resources. Credentials, which are formed by combining a user’s username and password, identify users so that they can be authenticated by the network security provider. Credentials for access to one network do not guarantee access to another network.
In networks based on Microsoft Windows NT and Windows 2000, computers called domain controllers are responsible for authentication of user’s credentials. In addition, trust relationships can be established between Windows NT domains to allow user’s credentials to be authenticated from anywhere in the enterprise. Windows NT and Windows 2000 support single-user logon, which allows a user to use a single set of credentials for accessing resources anywhere on a network.
A cabling installation tool used for attaching connectors to cabling. Crimpers are used to terminate cables by applying appropriate pressure to contacts within a connector so that it remains physically attached to the cable without soldering. A crimper is an essential component of a network administrator’s toolkit. Crimpers can include built-in strippers for removing the outer insulation from a cable. They can include a set of dies for crimping different kinds of connectors, or they can be specialized for a single type of termination. Crimpers are most often used for terminating category 5 unshielded twisted-pair (UTP) cabling with RJ-45 connectors. A good crimper should be made of heavy-duty metal and be able to cut, strip, and terminate a cable easily.
                      
                     
Graphic C-31. A crimper with connector set.
See certificate revocation list (CRL)
Twisted-pair cabling with the send and receive pairs of wires crossed. Crossover cables are primarily used for connecting hubs to each other. In addition, a small, two-station local area network (LAN) can be established by connecting two computers together with 10BaseT network interface cards (NICs) and a crossover cable. This configuration is often utilized when one computer is used to test the networking functions of another, since it allows the computer being tested to be isolated from the network. The illustration shows the pinning configuration of a crossover cable.
                      
                     
Graphic C-32. Crossover cable.
A form of interference in which signals in one cable induce electromagnetic interference (EMI) in an adjacent cable. The twisting in twisted-pair cabling reduces the amount of crosstalk that occurs, and crosstalk can be further reduced by shielding cables or physically separating them. Crosstalk is a feature of copper cables only—fiber-optic cables do not experience crosstalk.
The ability of a cable to reject crosstalk in Ethernet networks is usually measured using a scale called near-end crosstalk (NEXT). NEXT is expressed in decibels (dB), and the higher the NEXT rating of a cable, the greater its ability to reject crosstalk. A more complex scale called Power Sum NEXT (PS NEXT) is used to quantify crosstalk in high-speed Asynchronous Transfer Mode (ATM) and Gigabit Ethernet networks.
TIP
Crosstalk can be a problem for unshielded twisted-pair (UTP) cabling. To minimize crosstalk, make sure that
You don’t untwist or sharply bend the UTP cabling
The cable ends connected to a patch panel or wall plate are untwisted no more than half an inch
A core component of the latest versions of Microsoft Windows that provides application programming interfaces (APIs) for cryptographic security services that provide secure channels and code signing for communication between applications. CryptoAPI provides a set of standard Win32 libraries for managing cryptographic functions using a single consistent interface independent of the underlying cryptographic algorithms and ciphers. CryptoAPI interfaces with modules called cryptographic service providers (CSPs), such as the Microsoft RSA Base Cryptographic Provider, to provide cryptography functions such as hashing, data encryption and decryption, key generation and exchange, digital signature issuance and verification, and so forth.
CryptoAPI is natively supported by the latest versions of Windows NT, Windows 98, and Windows 2000. Microsoft Internet Explorer version 4 provides CryptoAPI support for Windows 95. The current version of CryptoAPI is version 2.
A standard that defines the general syntax for data that includes cryptographic features such as digital signatures, encryption, and certificate chains. Cryptographic Message Syntax Standard (PKCS-7) specifies the format in which the data is signed and encrypted, and the types of encryption algorithms used.
Data encrypted according to the PKCS-7 standard can have multiple digital certificates attached, including certificate revocation lists (CRLs). Certificates include information concerning the issuer and serial number of the public key of the signer so that the recipient can decrypt the message.
See CryptoAPI
In networking and telecommunications, the process of securely transmitting data over a network in such a way that if the data is intercepted, it cannot be read by unauthorized users.
How It Works
Cryptography involves two complementary processes:
Encryption is the process of taking data and modifying it so that it cannot be read by untrusted users.
Decryption is the process of taking encrypted data and rendering it readable for trusted users.
Encryption and decryption are performed using algorithms and keys. An algorithm, a series of mathematical steps that scrambles data, is the underlying mathematical process behind encryption. There are a variety of cryptographic algorithms that have been developed based on different mathematical processes.
Some algorithms result in stronger encryption than others—the stronger the algorithm, the more difficult the encrypted data is to crack. For example, Network and Dial-up Connections in Microsoft Windows 2000 supports standard 40-bit RAS RC4 encryption, but if you are located in the United States or Canada, you can get a stronger 128-bit version. Similar versions are offered for Windows NT.
Encryption algorithms involve mathematical values called keys. Earlier cryptography systems were secret key encryption systems in which only the hosts involved in transmitting and receiving the encrypted transmission knew the key. This key had to somehow be transported securely to anyone needing to decrypt a message. This was the main disadvantage with secret key cryptosystems.
Most cryptography today involves a process called public key encryption, which uses two different keys:
A public key that is distributed to any user (or to any client program) requesting it
A private key that is known only to the owner (or the owner’s client program)
To send an encrypted message, the sender uses his or her private key to encrypt the data, and the recipient uses the sender’s public key to decrypt it. Similarly, the recipient can return a response to the original sender by using the sender’s public key to encrypt the response, and the original sender uses his or her private key to decrypt it.
See also digital certificate, public key cryptography
A third-party reporting tool created by Seagate Software and included with some Microsoft products, such as Microsoft Systems Management Server (SMS). Crystal Reports is a useful tool for network administrators that can be used for creating reports from various kinds of databases. Crystal Reports uses open database connectivity (ODBC) to extract data from an ODBC-compliant database such as Microsoft SQL Server. Crystal Reports includes a number of predefined report templates for quickly generating reports. A designer tool can be used for creating custom reports, and reports can be displayed in a variety of formats to facilitate communication and analysis of information.
See Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
See Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
See Client Services for NetWare (CSNW)
See caching service provider (CSP), commercial service provider (CSP), CryptoAPI
See cascading style sheets (CSS)
See Channel Service Unit (CSU)
See Channel Service Unit/Data Service Unit (CSU/DSU)
A text file having the extension .csv, which contains fields of data separated by commas and a carriage return/linefeed at the end of each record. The extension .csv stands for comma-separated values.
These files are often used as a standard format for importing and exporting information between applications. For example, in Microsoft Exchange Server you can modify the properties of a group of mailboxes by exporting the properties of the mailboxes to a .csv file, opening this file as a spreadsheet in Microsoft Excel, modifying the properties using string functions and search/replace, exporting the information back into another .csv file, and then importing the modified file back into Exchange. Many applications can export log files or other information as .csv files. These files can then be imported into a spreadsheet or database program where they can be subjected to further inspection and analysis. Graphics and charts can also be generated from the imported information.
See Certified Technical Education Center (CTEC)
See computer-telephony integration (CTI)
Holding down the Control, Alt, and Delete keys simultaneously. This action produces the following results (depending upon the operating system being used):
MS-DOS: Restarts the computer.
16-bit Microsoft Windows, Windows 95, and Windows 98: Shows running tasks and allows you to terminate a task. A second Ctrl+Alt+Delete will restart the computer.
Windows NT: Brings up the Windows NT Security dialog box.
Windows 2000: Brings up the Windows Security dialog box.
See also secure attention sequence (SAS)
Any user-created method for authentication of clients on a network. Internet Information Services (IIS) lets you create custom authentication schemes to control access to Web content. These can be implemented using several different technologies, including Active Server Pages (ASP), Internet Server API (ISAPI) authentication filters, or Common Gateway Interface (CGI) applications. For example, using any of these technologies, you can create an authentication scheme to
Perform a search of a client’s credentials in a custom user database
Examine a client’s digital certificate to determine whether to allow access
Use cookies or some other mechanism to establish whether the client should be authenticated
A general term referring to your local company’s networking environment. This term is typically used by various types of service providers who provide leased or contractual services to help you implement and support your network. For example, a cabling company would install cabling at your customer premises and call this installation premise wiring. A telecommunications company might send a representative to a customer premises in order to install a CSU/DSU (Channel Service Unit/Data Service Unit) or other device in the wiring closet to enable wide area network (WAN) communication. Typically, your company is responsible for the physical security of such installed equipment, but the actual configuration and monitoring of the equipment takes place at the telco’s central office (CO).
In telecommunications terminology, any telecommunications equipment sold or leased by the carrier to the customer that is installed at the customer’s location. Customer premises equipment (CPE) is typically installed to originate, route, or terminate telecommunications between the customer premises and the central office (CO) of the carrier or telco from which the service is leased. Some examples of customer premises equipment include telephones, modems, CSU/DSUs (Channel Service Unit/Data Service Units), Private Branch Exchanges (PBXs), and so on. Generally the telecommunications service provider is responsible for the configuration and monitoring of the CPE. For example, when installing a CSU/DSU as a termination for a T1 line, the configuration of the CSU/DSU is likely to have been done previously by the service provider. Simple Network Management Protocol (SNMP) monitoring features and loopback monitoring techniques enable the service provider to determine, from its central office, whether the remotely installed equipment is functioning correctly.
A recipient in Microsoft Exchange Server that doesn’t reside in the Exchange organization. When creating a custom recipient, you specify the e-mail address of the remote user first, and then configure the properties of the recipient. An example of a custom recipient is the Simple Mail Transfer Protocol (SMTP) address of a user on the Internet.
Custom recipients are often created on Exchange servers to place frequently used foreign addresses in the global address book so that users don’t have to specify the recipient’s e-mail address manually or maintain their own personal address books. Custom recipients can be used for various other purposes in Exchange, such as to enable a user’s Internet mail to be forwarded to his or her Exchange mailbox.
A number mathematically calculated for a packet by its source computer, and then recalculated by the destination computer. If the original and recalculated versions at the destination computer differ, the packet is corrupt and needs to be resent or ignored.
The mathematical procedure for performing a CRC is specified by the International Telecommunication Union (ITU) and involves applying a 16-bit polynomial to the data being transmitted by the packet for packets of 4 KB of data or less, or a 32-bit polynomial for packets larger than 4 KB. The results of this calculation are appended to the packet as a trailer. The receiving station applies the same polynomial to the data and compares the results to the trailer appended to the packet. Implementations of Ethernet use 32-bit polynomials to calculate their CRC.
