In clustering technology, the action of moving resources back to a node (a computer in a cluster) that has failed. This is sometimes known as “rebalancing the workload.”
How It Works
Suppose you have a cluster that has two nodes, each containing different resources. If Node A experiences failure, failover occurs and the workload of Node A (its set of resources) is transferred to Node B. When Node A reboots, it checks with Node B to see which resources are running on Node B and discovers that some of these cluster groups would “prefer” to reside on Node A. At this point failback occurs, and the preferred groups are moved from Node B back to Node A. Failback might be configured to occur immediately or at a scheduled time if access to resources is low.
In Microsoft Windows NT 4 Enterprise Edition, Microsoft Cluster Server (MSCS) sets up and controls clustering. In Windows 2000 Advanced Server, the Cluster service makes these functions available.
See also
Any technology that allows one device to take over for a similar device that has failed. An example of a system that takes advantage of failover technology is clustering. Failover is also often used to ensure that a break in a communication line doesn’t cause a break in communication between networked systems.
How It Works
Suppose you have a cluster that has two nodes, each containing different resources. If Node B experiences failure, failover occurs and the workload of Node B (its set of resources) is transferred to Node A. In Microsoft’s clustering services (Microsoft Cluster Server for Microsoft Windows NT 4 Enterprise Edition and the Cluster service for Windows 2000 Advanced Server), the cluster resources (network applications, data files, and other tools installed on the nodes of the cluster) provide services to clients on the network. A resource can be hosted on only one node at any given time, but by using the Cluster Administrator program you can configure the resource to fail over to the second node if the first node fails. This causes the resource and its operation to move from one node to the other if a failure of one node occurs.
Failover is initiated automatically by the Cluster service when a failure is detected on one of the nodes. This process can take up to 10 seconds to initiate. Failover is transparent to the users if they are accessing cluster resources using stateless protocols such as Hypertext Transfer Protocol (HTTP), and does not require any special client software to be installed on users’ machines. If a client is connected using a tool such as Windows Explorer, it will be notified that the connection is unavailable. The user should abort, retry, or cancel the connection attempt. (To connect to the resource on the failover node, retry the connection attempt.) For other Cluster service applications, users might have to log on again to the resource.
Graphic F-1. Failover.
NOTE
Microsoft’s clustering services support failover at the level of virtual servers, which means items such as Web sites, print queues, file shares, and applications can be protected from system failure.
A class of switches used to provide failover support for critical network communication lines. Fallback switches are an essential component of a fault tolerant network system with resources that must have a high availability.
How It Works
For network resources that require high availability, resources can be connected to your network using two circuits:
A primary line that normally provides access to the resource
A secondary line to which the fallback switch reroutes the moment the primary line fails
An example of a resource requiring high availability is a high-speed T1 line that is used by remote clients for accessing a corporate intranet. If the primary T1 line goes down, there must be a backup line that provides instant, transparent failover support for clients. The solution is to use two T1 lines connected to a fallback switch by a serial interface such as RS-232 or V.35. The fallback switch detects a failure the moment the primary line goes down and can perform a remedial action such as
Automatically switching over to the backup line
Sounding an audible alarm to notify administrators
Generating an alert to a Simple Network Management Protocol (SNMP) management console
TIP
Fallback switches can also be used to provide fault tolerance for a high-speed backbone for Fast Ethernet, Fiber Distributed Data Interface (FDDI), or Asynchronous Transfer Mode (ATM) networking. For example, you can use fallback switches to run two multimode fiber-optic cables between a pair of Ethernet switches, instead of having only one cable connecting them. If one fiber-optic cable goes dark, the fallback switch immediately detects the problem and switches over to the backup cable.
Fallback switches that can be managed using SNMP management consoles are very useful. For example, you could use a remote SNMP terminal to cause a fallback switch to change from a primary to a secondary line if you need to take the primary line down for maintenance. Ganged fallback switches can be used to control multiple serial or local area network (LAN) devices simultaneously. For example, you could schedule a ganged switch to switch over from a set of primary Web servers to a backup Web server every night during a period of low traffic while maintenance or backups are performed on the primary servers. Be sure to use a fallback switch with some form of password protection on its SNMP management functions.
Graphic F-2. Fallback switch.
See frequently asked questions (FAQ)
An Ethernet standard for 100-Mbps data transmission. Defined by the IEEE 802.3u specification, Fast Ethernet is used for departmental backbones, connections to high-speed servers, and connections to workstations running bandwidth-intensive software such as CAD or multimedia applications.
How It Works
Fast Ethernet uses the same Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access control mechanism as traditional 10-Mbps Ethernet networks. Fast Ethernet implementations are collectively known as 100BaseT technologies. They are generally wired in a star topology using special Fast Ethernet hubs and switches. Fast Ethernet can be implemented in three different transmission schemes or cabling options:
100BaseTX: The most popular Fast Ethernet implementation. 100BaseTX uses two pairs of wires in category 5 cabling; that is, the same cabling as the popular but lower-speed 10BaseT variety of Ethernet.
100BaseFX: A duplex multimode fiber-optic cable with ST connectors used mainly for backbone wiring.
100BaseT4: Uses four pairs of wires and enables Fast Ethernet to be used over category 3 cabling or higher.
Graphic F-3. Fast Ethernet island connected to legacy 10BaseT network.
The Fast Ethernet specification includes mechanisms for auto-negotiation of frame speed for the media, enabling vendors to supply dual 10/100-Mbps networking devices for smoothly incorporating Fast Ethernet into legacy 10BaseT networks.
Upgrading to Fast Ethernet is probably the easiest and cheapest way of upgrading your network to meet increasing bandwidth needs. Advantages of upgrading 10-Mbps Ethernet networks to Fast Ethernet include the following:
Fast Ethernet integrates easily into existing 10-Mbps Ethernet networks without requiring reinvestment in new network-management and troubleshooting software.
Fast Ethernet can carry voice, data, and video at 100 Mbps, which is 10 times faster than traditional 10-Mbps Ethernet.
Fast Ethernet can operate over the same installed media used for a traditional 10-Mbps Ethernet network.
The network can be migrated slowly to Fast Ethernet by using autosensing 10/100 hubs and network interface cards (NICs).
NOTE
Repeaters (hubs) for Fast Ethernet networks come in two varieties:
Class I repeaters: Perform internal signal translation that introduces slight propagation delays but allows different types of Fast Ethernet media, such as 100BaseTX and 100BaseFX, to be connected together. You can use only one Class I repeater per Fast Ethernet segment.
Class II repeaters: Take incoming signals and repeat them immediately (without translation) to all outgoing ports, thus minimizing port latency. Class II repeaters require that all ports connect to the same media, such as 100BaseTX. You can use up to two Class II repeaters per Fast Ethernet segment.
An alternative to Fast Ethernet is 100BaseVG (also called 100VG-AnyLan). This IEEE 802.12 specification defines 100-Mbps transmission using a demand-priority media access control technology that Hewlett-Packard originally developed for transporting both Ethernet and Token Ring frames.
TIP
End-to-end node distances on Fast Ethernet segments should be no more than 205 meters depending on the class of repeaters and cabling being used. Also, nodes cannot be more than 100 meters from a hub or repeater with 100BaseTX, or 412 meters with 100BaseFX.
100-Mbps Ethernet switches can be used for segmenting your network to reduce bottlenecks caused by users trying to access key servers on the network. Simply connect each local area network (LAN) 10/100 hub to the Ethernet switch, and connect the servers directly to the switch.
See also Ethernet, Gigabit Ethernet
See file allocation table (FAT)
An enhanced version of file allocation table (FAT), supported by Microsoft Windows 95 OSR2, Windows 98, and Windows 2000. FAT32 theoretically supports drives of up to 2 terabytes (2048 GB) in size, although for Windows 2000 the actual size limit is 32 GB. If the installation partition is smaller than 2 GB, it will automatically be formatted using FAT. If the installation partition size is equal to or greater than 2 GB, it will automatically be formatted as FAT32.
FAT32 uses a smaller cluster size than FAT so is more efficient at utilizing disk space on large volumes (those greater than 512 MB in size) than FAT. The savings in disk space using FAT32 instead of FAT for large volumes is typically 20 to 30 percent. The following two tables show the difference in cluster sizes between the original FAT and FAT32.
FAT Cluster Sizes
| Drive Size | FAT Cluster Size |
| 0 MB–32 MB | 512 bytes |
| 33 MB–64 MB | 1 KB |
| 65 MB–128 MB | 2 KB |
| 129 MB–256 MB | 4 KB |
| 257 MB–512 MB | 8 KB |
| 513 MB–1024 MB | 16 KB |
| 1025 MB–2048 MB | 32 KB |
FAT32 Cluster Sizes
| Drive Size | FAT32 Cluster Size |
| 260 MB–8 GB | 4 KB |
| 9 GB–16 GB | 8 KB |
| 17 GB–32 GB | 16 KB |
| More than 32 GB | 32 KB |
NOTE
Using FAT32 (or FAT) with the Windows 2000 operating system platform is not recommended because it does not offer the security features that are provided by the NTFS file system. FAT32 also does not support disk compression. The only time you would use FAT32 with Windows 2000 is in a dual-boot situation, which Microsoft does not recommend. Note that in a dual-boot system, FAT32 volumes cannot be accessed by any operating systems other than Windows 95 OSR2, Windows 98, or Windows 2000. For dual-boot with Windows 95, Windows 98, or Windows NT, drive C must be a FAT partition.
TIP
Remember, a client that connects over the network to a shared folder in Windows 2000 can access files in that folder regardless of whether the folder is stored on an NTFS, FAT, or FAT32 volume—provided the client has the appropriate permissions to do so.
A utility included with Microsoft Windows 98 that allows users to convert existing file allocation table (FAT) volumes to FAT32 volumes without reformatting. FAT32 conversion utility can increase the performance of the disk storage system when larger partitions and drives (those larger than 512 MB) are used.
This utility can be run by choosing Programs, Accessories, System Tools, and Drive Converter (FAT32) from the Start menu. The utility provides a graphical user interface (GUI) for converting FAT16 volumes to FAT32. Running the conversion utility prompts you to select a drive letter to convert, after which the system restarts in MS-DOS mode. The system is then checked using scandisk, and the drive is converted.
TIP
At the completion of the conversion, Disk Defragmenter is configured to run upon the next reboot of the system. Do not interrupt the defragmentation process, because performance of the converted volume will likely be poor if the volume is not completely defragmented.
A partition on a physical disk formatted using the file allocation table (FAT) file system. FAT volumes can be used to share folders for users to access over the network, but they lack the advanced security control and auditing features of NTFS volumes. The maximum file partition size is 4 GB in Microsoft Windows NT and 2 GB in MS-DOS, Windows 3.x, Windows 95, and Windows 98.
TIP
Be sure to regularly defragment heavily used FAT volumes because the FAT file system can easily become fragmented when files are deleted and created. Use FAT volumes instead of NTFS volumes when you want to dual-boot Windows NT or Windows 2000 systems with earlier MS-DOS, Windows 3.x, Windows 95, or Windows 98 systems.
See also NTFS file system
Any mechanism or technology that allows a computer or operating system to recover from a failure. In fault tolerant systems, the data remains available when one component of the system fails. Here are some examples of fault tolerant systems:
Transactional log files that protect the Microsoft Windows registry and allow recovery of hives
RAID 5 disk systems that protect against data loss
Uninterruptible power supply (UPS) to protect the system against primary power failure
TIP
Just because your system is fault tolerant doesn’t mean you are fully prepared for disaster. You still need to perform regular backups of important data. For example, a RAID 5 disk system will protect against data loss if one disk drive fails, but not if two or more drives fail simultaneously.
A boot disk for a Microsoft Windows NT server whose system partition or boot partition is mirrored. The fault tolerant boot disk can be used to boot the system in the event that one member of the mirror set fails. If you plan to use disk mirroring in your system, you need to create a fault tolerant boot disk. Disk mirroring is the only form of fault tolerance that Windows NT and Windows 2000 support for the critical system and boot partitions.
How It Works
A fault tolerant boot disk should be formatted using a computer running Windows NT. This disk consists of a floppy disk containing the following files in its root directory:
Ntldr
Ntdetect.com
Ntbootdd.sys (for SCSI disks with BIOS disabled)
Bootsect.dos (on dual-boot systems only)
Boot.ini
In addition, the boot.ini file must be modified so that its ARC paths point to the mirrored copy of the system partition.
TIP
Test your fault tolerant boot disk by using it to boot your system from the shadow drive and making sure you can log on. Be sure to disable the primary drive of the mirror pair to perform the test. Also, if you change the system’s disk configuration using Disk Administrator, be sure to update the boot.ini file on the floppy.
Make sure that the primary and shadow drives of your mirrored pair are identical in make, model, and firmware revisions so that you can recover from a broken mirror set. However, this is not necessary if you have a valid fault tolerant boot disk.
A service in Microsoft Windows 2000 that lets you administer fax devices on both a local machine and over the network. Besides allowing users to send and receive faxes both locally and over the network, Fax Service includes extensive document archiving and logging options for billing and troubleshooting purposes.
How It Works
Fax Service is integrated as a snap-in within the Microsoft Management Console (MMC). Prior to configuring a fax device, choose Programs, Administrative Tools, and Computer Management from the Start menu. In Computer Management, open the Services And Applications folder and click on Services. Then right-click on Fax Service in the right pane of Computer Management and choose Start from the context menu to start the Fax Service. To configure a fax device, access its property sheet. Then configure its Transmitting Station Identifier (TSID), which identifies the location that transmits the fax, and the Receiving Station Identifier (CSID), which identifies the line that receives the fax. The TSID and CSID are usually the telephone number of the fax line. TSID and CSID are required on all faxes in some locales.
See Federal Communications Commission (FCC)
See Fiber Distributed Data Interface (FDDI)
The token-passing access method for Fiber Distributed Data Interface (FDDI) networking. FDDI uses a ring topology and uses token passing for placing frames on the ring.
How It Works
The token-passing method used by FDDI is generally similar to the token-passing definition outlined in the IEEE 802.5 specification for token ring networks. However, in an FDDI ring, each host holds the token for a predetermined amount of time and can transmit as many frames as it can produce during this time. When the time interval expires, the host must release the token for the next host on the ring to use. This differs from the IEEE 802.5 specification in that many frames from each host can exist on the ring at the same time, instead of only one frame per host, as is the case in token ring networks. This allows FDDI networks to support higher data traffic rates than token ring networks and makes FDDI more suitable for network backbones.
See also Fiber Distributed Data Interface (FDDI), Token Ring
See frequency-division multiplexing (FDM)
See Frequency Division Multiple Access (FDMA)
A government agency overseeing all aspects of telecommunications. Among other responsibilities, the Federal Communications Commission (FCC) licenses portions of the electromagnetic spectrum for communication technologies such as cellular phones and wireless networking. For example, in 1994 the FCC auctioned off portions of the 1900-MHz radio wave section of the electromagnetic spectrum to enable companies to deploy Personal Communications Services (PCS) technologies for cellular communication. FCC auctions are intended to increase the number of cellular phone providers in the United States, foster growth and competition in the telecommunications industry, and raise money for the U.S. government treasury.
One role of the FCC is to implement communication legislation passed by Congress. The Telecommunications Act of 1996 represents the first major overhaul of the laws regarding telecommunications in more than 60 years. The FCC is tasked with enforcing this legislation, which is designed to open up competition in the telecommunications arena to foster innovation and economic progress.
On the Web
•
FCC home page : http://www.fcc.gov
A high-speed network technology, conforming to the Open Systems Interconnection (OSI) reference model for networking and the American National Standards Institute (ANSI) standard X3T9, which runs at 100 Mbps over fiber-optic cabling; often used for network backbones in a local area network (LAN) or metropolitan area network (MAN).
How It Works
Fiber Distributed Data Interface (FDDI) is usually implemented as a dual token-passing ring within a ring topology (for campus networks) or star topology (within a building). The dual ring consists of a primary and secondary ring. The primary ring carries data. The counter-rotating secondary ring can carry data in the opposite direction, but is more commonly reserved as a backup in case the primary ring goes down. This provides FDDI with the degree of fault tolerance necessary for network backbones. In the event of a failure on the primary ring, FDDI automatically reconfigures itself to use the secondary ring as shown in the illustration. Faults can be located and repaired using a fault isolation technique called beaconing. However, the secondary ring can also be configured for carrying data, extending the maximum potential bandwidth to 200 Mbps.
Stations connect to one (or both) rings using a media interface connector (MIC). Its two fiber ports can be either male or female, depending on the implementation. There are two different FDDI implementations, depending on whether stations are attached to one or both rings:
Single-attached stations (Class B stations): Connect to either the primary or secondary ring using M ports. Single-attached FDDI uses only the primary ring and is not as commonly deployed for network backbones as dual-attached FDDI. Single-attached stations are used primarily to connect Ethernet LANs or individual servers to FDDI backbones.
Dual-attached stations (Class A stations): Connect to both rings. The A port is the point at which the primary ring enters and the secondary ring leaves; the B port is the reverse. M ports provide attachment points for single-attached stations. Dual-attached FDDI uses both rings, with the secondary ring serving as a backup for the primary. Dual-attached FDDI is used primarily for network backbones that require fault tolerance. Single-attached stations can be connected to dual-attached FDDI backbones using a dual-attached device called a concentrator or multiplexer.
Graphic F-4. Fiber Distributed Data Interface (FDDI).
FDDI uses a timed token-passing technology similar to that of token ring networks as defined in the IEEE 802.5 standard. FDDI stations generate a token that controls the sequence in which other stations will gain access to the wire. The token passes around the ring, moving from one node to the next. When a station wants to transmit information, it captures the token, transmits as many frames of information as it wants (within the specified access period), and then releases the token. This feature of transmitting multiple data frames per token capture is known as a capacity allocation scheme, in contrast to the priority mechanism used in the IEEE 802.5 token ring standard. Every node on the ring checks the frames. The recipient station then reads the information from the frames, and when the frames return to the originating station, they are stripped from the ring.
There can be up to 500 stations on a dual-ring FDDI network. The maximum circumference for an FDDI ring is 100 kilometers (or 200 kilometers for both rings combined), and there must be a repeater every 2 kilometers or less. Bridges or routers are used to connect the FDDI backbone network to Ethernet or token ring departmental LANs. For these reasons, FDDI is not often used as a wide area network (WAN) solution, but is more often implemented in campus-wide networks as a network backbone.
NOTE
FDDI frames encapsulate LAN traffic for transmission of LAN packets over FDDI backbones. The maximum frame size for an FDDI frame is 4500 bytes. FDDI implementations use one of three possible framing formats:
FDDI-raw: Supported by Cisco routers running Internetwork Operating System (IOS) versions 11.1 .x and later, and by some third-party vendors
FDDI with LLC: Supported by IOS versions 10.0 and earlier
FDDI with LLC and SNAP: Default format for encapsulating Internetwork Packet Exchange (IPX) packets on FDDI
FDDI implemented over copper cabling instead of fiber-optic cabling is called Copper Distributed Data Interface (CDDI).
TIP
FDDI makes a great network backbone for an Ethernet or Token Ring network. Put your servers directly on the FDDI ring to increase server performance. When bridging between Ethernet LANs and FDDI backbones, be aware that there are two different types of bridges:
Encapsulating bridges: Encapsulate Ethernet frames into FDDI frames
Translating bridges: Translate source and distention MAC addresses into FDDI addresses
These two FDDI bridging technologies can cause incompatibilities. For example, while Cisco FDDI bridges can generally interoperate with translating bridges from other vendors, their encapsulation method is proprietary and usually won’t work with encapsulating bridges from other vendors. Both types of bridging methods are commonly used in FDDI networks.
The following table shows some troubleshooting tips for FDDI networks.
FDDI Troubleshooting
| Problem | Suggestions |
| FDDI ring is not functioning. | Check the status of the router’s FDDI interface, making sure the interface and line protocol are up. Try pinging a remote router. Check the physical connections of the cable; use an optical time domain reflectometer to test for problems. |
| Signal is degraded. | Check whether the upstream FDDI neighbor has failed and the bypass switch has been activated. |
See also fiber-optic cabling
A term referring to the potential saturation of the fiber-optic backbone of the Internet due to the exponentially increasing demand for Internet services. As high-speed residential Internet access using cable modems and Asymmetric Digital Subscriber Line (ADSL) technology becomes available, more and more of the Internet bandwidth will be used up. Another factor contributing to fiber exhaust is the move toward high-bandwidth services such as IP telephony and video multicasting technologies on the Internet. Strategies telecommunications carriers use to avoid fiber exhaust include the following:
Creating additional high-speed, fiber-optic backbone lines for the Internet by laying down more fiber
Using dense wavelength division multiplexing (DWDM) technologies to enable existing fiber backbones to carry additional traffic
Upgrading existing time-division multiplexing (TDM) fiber backbones to higher bit rates
A glass cabling media that sends network signals using light. Fiber-optic cabling has higher bandwidth capacity than copper cabling, and is used mainly for high-speed network Asynchronous Transfer Mode (ATM) or Fiber Distributed Data Interface (FDDI) backbones, long cable runs, and connections to high-performance workstations.
How It Works
Fiber-optic cabling consists of a signal-carrying glass core of 5 to 100 microns in diameter (a sheet of paper is about 25 microns thick and a human hair about 75 microns thick), surrounded by a layer of pure silica called cladding, which prevents light from escaping. Surrounding the cladding are protective layers of acrylic plastic coating, Kevlar fibers for additional strength, and a PVC (polyvinyl chloride) jacket (usually colored a distinctive orange). Network components use LED or laser diodes to convert electrical signals into light pulses for transmission on fiber-optic cables. An optical detector is used to convert the light pulses back into electrical signals.
Graphic F-5. Fiber-optic cabling.
There are two types of fiber-optic cabling:
Single-mode fiber-optic cabling: Has a narrow core (5 or 10 microns in diameter) and allows only one signal to be sent or received at a time over very long distances (up to 50 times farther than multimode fiber-optic cabling). Single-mode fiber-optic cabling uses laser-emitting diodes to introduce signals into the fiber and can transmit only one signal (light beam) at a time. Signal transmission is clear for approximately 30 miles (50 kilometers) before dispersion will distort signals, which means that single-mode fiber is ideal for long cable runs.
Multimode fiber-optic cabling: Has a thicker core (50, 62.5, or 100 microns in diameter) and has sufficient bandwidth to allow multiple signals to be simultaneously transmitted or received; each signal follows a different path or mode through the fiber. Light-emitting diodes are used instead of laser-emitting diodes to introduce signals into multimode fiber. Signal transmission is clear for approximately 3000 feet, but longer cable runs can distort signals through modal dispersion. There are two types of multimode fiber:
Step-index multimode fiber: The less costly variety of multimode fiber, it uses a wide core with a uniform index of refraction, causing the light beams to reflect in mirror fashion off the inside surface of the core by the process of total internal reflection. Because light can take many different paths down the cable and each path takes a different amount of time, signal distortion can result when step-index fiber is used for long cable runs. Use this type only for short cable runs.
Graded-index multimode fiber: The more expensive type of multimode fiber, it uses a core made of multiple concentric layers of glass, each having a lower index of refraction than the layer it contains. In graded-index fiber, light beams follow curved paths and all rays reach the end of the fiber simultaneously, reducing the signal distortion that occurs in step-index fiber when long cable runs are used.
Connectors for fiber-optic cabling come in several varieties, including SC, ST, and SMA connectors. ST connectors have a wider installed base, but SC connectors are more versatile and are becoming more popular. SMA connectors do not conform to EIA/TIA wiring standards.
Fiber-optic cabling has several advantages over copper cabling, including the following:
Data transmission rates of up to 100 Gbps and higher.
Low attenuation, allowing signals to be sent over distances measured in kilometers.
Less than 10 percent the weight of copper cabling.
Immunity to crosstalk and noise caused by electromagnetic interference (EMI).
Prevention of ground loops by electronically isolating transmitting and receiving stations.
Greater signal security because signals cannot be picked up by electromagnetic induction as they can from copper cabling. The fiber would have to be tapped (physically opened) in order to eavesdrop on the transmission.
Graphic F-6. Connecting two LANs using fiber-optic cabling.
Fiber-optic cabling is often used for campus-wide backbones, long cabling runs between buildings, and local area network (LAN) connections to heavily used servers or high-speed workstations. Fiber is used also in heavy industrial environments where machinery can cause high levels of EMI. Fiber is not used extensively at the LAN level yet because it is more expensive and more difficult to install than copper cabling. Long-distance telecommunications carriers such as Sprint and MCI use fiber-optic cabling exclusively for their country-wide telecommunications lines.
Different styles of fiber-optic cabling exist, depending on the intended use. Examples include the following:
Duplex multimode cable: With 62.5-micron core and 125-micron cladding, this is the most common general purpose cable type for most networking environments that require fiber-optic cabling. You can separate the two cables for termination purposes just as you can with an appliance power cord.
Breakout style cable: This style of cabling contains multiple individual simplex fibers that are stranded around a central strengthening member. It is used for work-area connections and does not require patch panels.
Distribution style cable: This style of cabling contains multiple individual simplex color-coded fibers that are stranded around a central strengthening member. It is often used in backbone applications that require multiple fiber connections.
Steel-reinforced cable: This type of cabling uses a corrugated steel inner tube for protecting cable that needs to be buried or run outdoors.
NOTE
Line drivers for fiber-optic cabling are available for synchronous or asynchronous transmission as well as for single-mode or multimode fiber, allowing you to extend or interconnect LANs in either point-to-point or multipoint configurations.
TIP
Remember that the bandwidth of a fiber-optic cable depends on the distance as well as the frequency. Bandwidth is usually expressed in frequency distance form, for example in MHz-km. In other words, a 500-MHz-km fiber-optic cable can transmit a signal a distance of 5 kilometers at a frequency of 100 MHz (5 x 100 = 500), or a distance of 50 kilometers at a frequency of 10 MHz (50 x 10 = 500). In other words, there is an inverse relationship between frequency and distance for transmission over fiber-optic cables.
Be careful not to unduly stress fiber-optic cabling during installation. The maximum acceptable bend radius is usually 20 times the diameter of the cable. Use an optical time domain reflectometer (OTDR) to test for faults after installation. Loss of signal, or attenuation, in fiber-optic cables can be caused by absorption (no medium is completely transparent to light), cable microbending (especially in single-mode fiber if it is not installed correctly), connector loss because of poor splicing or poorly installed or misaligned connectors, or coupling loss at the transmitter or receiver.
For safety, never look down a fiber-optic cable connected to your network because the invisible laser light can injure the retina of your eye. When splicing connectors onto fiber, be careful to avoid getting shards of glass in your eyes or on your hands—use double-sided tape to clean the connection and remove loose shards. Wear protective eyewear.
Fiber-optic cabling is available for purchase in bulk for those who want the challenge of terminating it themselves, but most customers buy standard or custom preterminated cables from suppliers. These cables can be simplex or duplex; they can be single-mode or multimode (multimode is most common); and they can be terminated with ST-ST, ST-SC, SC-SC, or SMA connectors.
See also SC and ST connectors, time domain reflectometry (TDR)
A high-speed fiber-optic cabling technology for connecting computer devices. Although Fibre Channel is viewed as the future replacement for the Small Computer System Interface (SCSI) standard for connecting servers to external data storage units such as external hardware RAID arrays, it can also be used as a transport for high-speed data and video transmission over networks.
An enterprise-level data storage environment can benefit from Fibre Channel because the traditional SCSI interface has become a bottleneck in high-speed server operations. Fibre Channel eliminates the limitations of bandwidth, distance, and scalability that are related to the SCSI standard and is becoming the industry standard for enterprise-level storage solutions involving RAID arrays and storage area networks.
How It Works
Fibre Channel, defined in the American National Standards Institute (ANSI) standard X3.230-1994, can handle data transmission rates from 266 Mbps to more than 4 Gbps over distances as great as 10 kilometers, with typical speeds of 1.06 Gbps in common configurations. You can implement Fibre Channel over both fiber-optic and copper media.
Fibre Channel systems typically connect hosts using host bus adapters to special hubs, adapters, switches, and storage units. Fibre Channel connections can be simple, point-to-point connections with intelligent communication between devices.
Fibre Channel uses a control protocol that is isolated from the data transmissions and uses point-to-point connections, switched topologies, and arbitrated loops to provide high performance and scalability.
A typical Fibre Channel implementation might use a stackable hub or switch to connect a server or mainframe host to an external Fibre Channel RAID storage system having 100-Mbps redundant loops and hot-swappable disks. Servers can also use SCSI over Fibre Channel for connecting to legacy storage systems. Fibre Channel can also carry TCP/IP and video traffic for server-to-server connections and high speed workstation connections in CAD/CAE or multimedia environments.
Graphic F-7. An example of its usage.
Fibre Channel competes with other high-speed networking technologies, such as Gigabit Ethernet and Asynchronous Transfer Mode (ATM). Fibre Channel’s strengths include its protocol-independent transport service (in contrast to Gigabit Ethernet’s frame format, which extends from the desktop to the network backbone) and its guaranteed delivery service (included in Class 4 Fibre Channel, which makes it competitive with ATM’s Quality of Service features). Also, Gigabit Ethernet is limited to general networking transport solutions and ATM is limited to networking and video transport, while Fibre Channel can carry network and video traffic, connect to storage devices, and be used in clustering technology.
On the Web
•
Fibre Channel Industry Association : http://www.fibrechannel.com
Information assigned a name and stored on a disk or some other media. Files are the primary unit of information stored on disk systems. Examples of files include
Executable files (programs)
Data files (documents, databases)
Web pages (HTML files)
Files are generally stored in a file system, which provides a hierarchical way of saving, locating, and accessing information.
Specifically, a table maintained on a hard disk by MS-DOS and Microsoft Windows operating systems that acts as a table of contents, showing where directories and files are stored on the disk. By extension, the acronym FAT is also used to refer to the file system itself for MS-DOS and Windows platforms. In other words, when we refer to the FAT file system, we simply call it the FAT. The FAT is widely supported by all Windows platforms and can be installed on partitions of up to 2 GB in size on Windows 95 and Windows 98, and on partitions of up to 4 GB on Windows NT and Windows 2000. The FAT is often used in dual-boot scenarios, or when the security and reliability of the NTFS file system is not required.
How It Works
The FAT file system is based on the FAT, a structure that maps the locations of the clusters in which files and folders are stored on the disk. The FAT records the location of each cluster that makes up a given file and the sequence in which it is stored. This is necessary because files are usually not stored in a contiguous location on a hard disk because of the presence of disk fragmentation caused by the creation and deletion of files on the disk. For each file on a FAT volume, the FAT contains the entry point for the allocation unit in which the first segment of the file is stored, followed by a series of links called the allocation chain. The allocation chain indicates where succeeding segments of the file are located and is then terminated by an end-of-file (EOF) marker.
Two copies of the FAT are kept in fixed locations on the disk to provide redundancy. A disk formatted with the FAT file system is said to be a FAT volume. The sizes of the individual clusters in which file information is stored on a FAT volume depend on the size of the partition or logical drive formatted using FAT, as shown in the following table. For compatibility reasons, these cluster sizes are the same whether the FAT volume is on an MS-DOS or Windows platform. In the table, you’ll see that on small FAT partitions (under 15 MB in size) a special 12-bit FAT file system is used instead of the usual 16-bit FAT.
FAT Information for Different Volume Sizes
| Drive Size | FAT Type | Sectors/Cluster | Cluster Size |
| 0 MB–15 MB | 12-bit | 8 | 4 K |
| 16 MB–127 MB | 16-bit | 4 | 2 K |
| 128 MB–255 MB | 16-bit | 8 | 4 K |
| 256 MB–511 MB | 16-bit | 16 | 8 K |
| 512 MB–1023 MB | 16-bit | 32 | 16 K |
| 1024 MB–2047 MB | 16-bit | 64 | 32 K |
| 2048 MB–4095 MB | 16-bit | 128 | 64 K |
Different versions of Windows support different file systems. The original release of Windows 95 supports only FAT, while Windows 95 OSR2 and Windows 98 support FAT and FAT32. FAT32 is a newer 32-bit version of FAT that was first included with the OSR2 release of Windows 95. The original version of FAT is 16-bit and is sometimes referred to as FAT16. Windows NT supports both FAT and NTFS, but not FAT32. Windows 2000 supports FAT, FAT32, and NTFS. Possible advantages of using FAT volumes with Windows NT and Windows 2000 include the following:
Multiboot capability: If you need to dual boot between Windows 95 or Windows 98 and Windows NT, use FAT instead of NTFS because Windows 95 and Windows 98 cannot read or recognize NTFS volumes.
Efficiency on small partitions: FAT requires less overhead than NTFS and is more efficient on smaller volumes (those under 400 MB in size).
NOTE
The root directory on a FAT volume has a fixed size and can contain only a limited number of entries.
See also FAT32, file system, NTFS file system
A Microsoft Windows 95 and Windows 98 networking component that allows computers running Windows 95 and Windows 98 to share folders and printers so that other clients can access them. File and Printer Sharing for Microsoft Networks uses the Server Message Block (SMB) file sharing protocol, and is compatible with clients such as
Computers running Windows 95 and Windows 98 that have Client for Microsoft Networks installed
Windows NT
Windows for Workgroups
LAN Manager
Use the Network utility in Control Panel to install Client for Microsoft Networks on a computer running Windows 95 or Windows 98.
NOTE
You cannot install File and Printer Sharing for Microsoft Networks if File and Printer Sharing for NetWare Networks is already installed.
A Microsoft Windows 95 and Windows 98 networking component that allows computers running Windows 95 and Windows 98 to share folders and printers so that they can be accessed by Novell NetWare clients and by computers running Windows 95 or Windows 98 with Client for NetWare Networks.
Use the Network utility in Control Panel to install File and Printer Sharing for NetWare Networks on a computer running Windows 95 or Windows 98.
NOTE
Installing File and Printer Sharing for NetWare Networks automatically installs the NWLink IPX/SPX-Compatible Transport protocol and Client for NetWare Networks, if these have not already been installed. A bindery-based NetWare server must also be available as a network security provider because File and Printer Sharing for NetWare Networks does not support NetWare servers running Novell Directory Services (NDS).
You cannot install File and Printer Sharing for NetWare Networks if File and Printer Sharing for Microsoft Networks is already installed.
The Microsoft Windows 2000 counterpart to Services for Macintosh on machines running Windows NT. File and Print Services for Macintosh (FSM) lets PC and Apple Macintosh clients share files and printers. With FSM on a server running Windows 2000, Macintosh client machines need nothing more than the Macintosh operating system software installed to access resources on the server.
How It Works
FSM integrates the following three services:
File Services for Macintosh: Also called MacFile, this service lets Macintosh clients access files stored on the server running Windows 2000. Use MacFile to specify a directory on an NTFS volume as a Macintosh-accessible volume.
Print Services for Macintosh: This service lets Macintosh clients print to printers connected to the server running Windows 2000 and spools print jobs for AppleTalk printers such as the LaserWriter.
AppleTalk protocol: This service can be installed on the server running Windows 2000 to enable it to function as an AppleTalk router.
Once FSM is installed on your server, you can make directories available as Macintosh volumes by using the Shared Folders node in the System Tools folder of the Computer Management tool.
NOTE
You can install an optional authentication module for Macintosh clients so that they can securely log on to Windows 2000–based servers running FSM.
A Microsoft Windows NT and Windows 2000 add-on utility that enables a server running Windows NT or Windows 2000 to
Allow NetWare client machines to access resources on a server running Microsoft Windows NT
Share directories and printers on a server running Windows NT so that NetWare clients can access them
Manage NetWare printers from a server running Windows NT, making these printers also available to Microsoft clients
How It Works
File and Print Services for NetWare (FPNW) accomplishes these functions by mimicking the functionality of a NetWare 3.12 file and print server, and providing file and print services directly to NetWare and compatible client computers. A server running Windows NT or Windows 2000 using FPNW appears to NetWare client machines as if it were really a NetWare server, and clients can access volumes, files, and printers just as they would on a NetWare server. Accounts for NetWare client users are stored in the Security Accounts Manager (SAM) database, instead of requiring maintenance in a separate NetWare server. The FPNW server supports both the Server Message Block (SMB) protocol for Windows client connections and the NetWare Core Protocol (NCP) for NetWare client connections. FPNW requires that the NWLink IPX/SPX-Compatible Transport protocol be installed on the server.
Graphic F-8. File and Print Services for NetWare (FPNW).
FPNW supports NetWare functions such as user-account creation, remote administration, secure logins, and print queue management. However, it does not support NetWare functions such as user disk volume restrictions or inherited rights masks.
NOTE
FPNW is not included with Windows NT or Windows 2000, but you can obtain it as a separate utility from your Microsoft value-added reseller (VAR). FPNW can be installed only on server machines, not on workstations. The directory that will be used as a NetWare SYS volume should be on an NTFS partition.
A string appended to a filename, consisting of a period followed by three alphanumeric characters. File extensions usually identify the application that can open or run them. For example, text files end with the extension .txt and are opened with Microsoft Notepad. Other common file extensions include the following:
.doc for Microsoft Word documents
.exe for executable files
.htm for Web pages created in Hypertext Markup Language (HTML)
.gif for GIF 87/89 format images, commonly used on the Internet
TIP
Associations between different file extensions and the programs used to open them are stored in the registry. Sometimes you might need to modify or remove a registered file extension. For example, if two different applications save files using the same file extension, you can easily modify file extensions in Microsoft Windows 95, Windows 98, or Windows NT by using Windows Explorer. Just select Options from the View menu to open the Options dialog box, and select the File Types dialog box. Create, remove, or edit file extensions as desired. Be aware that using this tool might negatively affect the ability of applications on your system to function, so modify extensions with care. In Windows 2000, you can do the same by selecting Folder Options from the Tools menu.
Graphic F-9. File extension.
See also 8.3 filename, long filename (LFN)
A key Microsoft Windows 3.1 utility that provides a graphical way of managing files and directories. You can use File Manager to copy files, start programs, print documents, and maintain disks. Since File Manager is a network-aware utility, you can also use it both to share folders and to map network drives to shared folders on other systems on the network. This capability is useful, for example, in a Windows for Workgroups network in which one machine is used as a server for the other machines.
Graphic F-10. File Manager.
NOTE
File Manager is also included with Windows 95 and Windows 98 for users who prefer it to the newer Windows Explorer utility. To run File Manager in Windows 95 or Windows 98, click Start, click Run, and type winfile.
File permissions for NTFS volumes on computers running Microsoft Windows 2000. For information on file permissions on Windows NT versions 4 and earlier, refer to the entry on NTFS standard file permissions in this work.
How It Works
File permissions govern access to files on an NTFS volume, while folder permissions govern access to folders on an NTFS volume. There are five standard file permissions on NTFS volumes for computers running Windows 2000: full control, modify, read & execute, read, and write. For any given file on an NTFS volume, each of these file permissions can be allowed or denied for a specific user or group by using the Security tab of the file’s property sheet in Windows Explorer (see the illustration).
Each of these five standard file permissions is made up of a subset of the individual or special file permissions that are available on NTFS volumes on machines running Windows 2000. The following table lists the various special file permissions and how they are combined to form the five different standard file permissions.
NOTE
If a group is granted full control folder permission on a folder, any member of the group can delete any files in that folder regardless of the file permissions.
Graphic F-11. File permissions (Windows 2000).
Special File Permissions
| Special Permissions | Full Control | Modify | Read & Execute | Read | Write |
| Execute file | x | x | x | ||
| Read data | x | x | x | x | |
| Read attributes | x | x | x | x | |
| Read extended attributes | x | x | x | x | |
| Create files/write data | x | x | x | ||
| Append data | x | x | x | ||
| Write attributes | x | x | x | ||
| Write extended attributes | x | x | x | ||
| Delete subfolders and files | x | ||||
| Delete | x | x | |||
| Read permissions | x | x | x | x | x |
| Change permissions | x | ||||
| Take ownership | x | ||||
| Synchronize | x | x | x | x | x |
See also folder permissions (Windows 2000)
Any technology for organizing, storing, and locating data on a system or network. The file system for a computing platform defines the method by which the operating system stores, locates, and accesses files on its hard disk subsystem.
How It Works
File systems usually have a hierarchical structure consisting of a series of nested directories for storing files. Each directory can contain files, other subdirectories, or both. The top of the file system is called the root, and the various directories are its branches. The file system thus forms a tree.
Graphic F-12. A hierarchical file system.
File systems include conventions for the type and the maximum number of characters that can be used to name a file. A file can be located in the file system by specifying its absolute path—that is, its path starting from the root and traversing through the directory structure until the file is reached. Using graphical user interface (GUI) or command-line tools, files can be located, copied, moved, and deleted. Microsoft Windows Explorer is an example of a GUI tool that shows the hierarchical structure of the file system on a Windows-based machine. File systems can incorporate technologies for marking files with attributes such as hidden and read-only. Some file systems allow you to compress files, and some allow you to specify file system quotas for users.
File systems can generally be classified into two types, depending on where the stored resources are located:
Local file systems: These systems are part of the operating system and manage locally attached storage devices such as disk drives and removable drives. Portions of local file systems can be shared to allow users on the network to access specific files, but users generally need to know the name or location of the share in order to access it.
Distributed file systems: These systems are used to combine shared portions of local file systems on many different machines into a single network-wide hierarchical file system. Distributed file systems allow shared network resources located all over the network to appear as though they are located on a single “superserver,” and simplify the process of users locating and accessing shared network resources.
Examples of common file systems include the following:
The file allocation table (FAT) file system for MS-DOS-based and Windows-based computers
The NTFS file system for Windows NT and Windows 2000
The Distributed file system (Dfs) for Windows NT and Windows 2000
The standard hierarchical UNIX file system
Sun’s distributed Network File System (NFS) for UNIX platforms
The Open Systems Interconnection (OSI) reference model counterpart of the Internet standard File Transfer Protocol (FTP). The File-Transfer Access and Management (FTAM) protocol is an OSI application layer (layer 7) protocol that specifies a standard mechanism for access and management of a distributed network file system. FTAM enables users to
Access file stores both locally and remotely, making FTAM a distributed file access protocol more similar to Gopher in this regard than to FTP
Integrate management of both local and remote file stores, including the ability to manipulate both files and their attributes
Access file stores on different kinds of machines that have different types of file systems
Transfer files both synchronously and asynchronously
The FTAM model defines the architecture of a hierarchical virtual file store in terms of file structure, file attributes, and the kinds of operations that can be performed on files and their attributes. The FTAM standard does not specify the actual user interface for file access and management, simply the underlying architecture of the system. Vendors are left free to create their own user interfaces to FTAM file systems or use existing interfaces for their vendor-specific file systems. Some third-party vendors have developed FTAM-based products for Microsoft Windows NT and other operating systems, but like many aspects of the OSI model, FTAM has not caught on the way Internet protocols such as FTP have, mainly because of its complexity.
An Internet standard application-level TCP/IP protocol that can be used for transferring files between hosts on a TCP/IP internetwork.
How It Works
File Transfer Protocol (FTP) is one of the earliest Internet protocols, and is still used for uploading and downloading files between clients and servers. An FTP client is an application that can issue FTP commands to an FTP server, while an FTP server is a service or daemon running on a server that responds to FTP commands from a client. FTP commands can be used to change directories, change transfer modes between binary and ASCII, upload files, and download files.
Graphic F-13. File Transfer Protocol (FTP).
FTP uses Transmission Control Protocol (TCP) for reliable network communication by establishing a session before initiating data transfer. TCP port number 21 on the FTP server listens for connection attempts from an FTP client and is used as a control port for establishing a connection between the client and server, for allowing the client to send an FTP command to the server, and for returning the server’s response to the command. Once a control connection has been established, the server opens port number 20 to form a new connection with the client for transferring the actual data during uploads and downloads.
NOTE
Internet Information Services (IIS) supports virtual servers and virtual directories using FTP.
TIP
You can view the status of open ports on IIS using the netstat command. If an FTP client has trouble accessing information on IIS, try changing the directory listing style for the FTP service on IIS. FTP supports only Basic Authentication or anonymous access for authentication schemes and does not support the more secure Microsoft Windows NT Challenge/Response Authentication method.
See also Internet Information Services (IIS)
A dialog box in Microsoft Windows 2000 that lets you locate objects in Active Directory. The Find dialog box allows you to query the global catalog server for objects such as users, groups, computers, shared folders, printers, and other objects in Active Directory.
How It Works
To use the Find dialog box, open a console with the snap-in for Active Directory Users and Computers installed, right-click on a container or organizational unit, and select Find from the shortcut menu. Then specify what kinds of objects you want to search for within Active Directory, such as
Users, contacts, and groups
Computers
Printers
Shared folders
Directory folders
Routers
Custom search
Next specify whether you want to search the entire Active Directory, a particular domain, or a particular organizational unit. Finally, specify the query parameters associated with the type of object you are looking for. For example, if you are looking for users, contacts, or groups, you can specify the name of the object, its description, or specific attributes of the object such as home phone or e-mail address.
NOTE
If you are performing a search based on an attribute of an object, you must specify a value for this attribute.
Graphic F-14. Find.
A TCP/IP utility for viewing information about a user on a system running the finger service. If you “finger” a user’s e-mail address, the result returned to you includes the user’s username, full name, whether and how long the user has been logged on, and other information depending on the configuration of the finger service you are querying.
NOTE
Microsoft’s implementation of TCP/IP on Windows NT has finger client software but no finger service. In other words, you can run the finger client on a machine running Windows NT that is connected to the Internet in order to obtain results from a UNIX server at an Internet service provider (ISP) running the finger daemon. In this situation, if the ISP makes its finger daemon publicly available on the Internet, it is commonly referred to as a finger gateway.
Example
Typing the command finger jsmith@s12.microsoft.com displays information about user Jeff Smith on a server called s12.microsoft.com.
See National Institute of Standards and Technology (NIST)
Any system or device that allows safe network traffic to pass while restricting or denying unsafe traffic. Firewalls are usually dedicated machines running at the gateway point between your local network and the outside world, and are used to control who has access to your private corporate network from the outside—for example, over the Internet. More generally, a firewall is any system that controls communication between two networks. In today’s networking environment in which corporate networks are connected to the Internet—inviting hackers to attempt unauthorized access to valuable business information—a corporate firewall is essential.
How It Works
In its simplest form, a firewall is essentially a kind of router or computer with two network interface cards that filters incoming network packets. This device is often called a packet-filtering router. By comparing the source addresses of these packets with an access list specifying the firewall’s security policy, the router determines whether to forward the packets to their intended destinations or stop them. The firewall can simply examine the IP address or domain name from which the packet was sent and determine whether to allow or deny the traffic. However, packet-filtering routers cannot be used to grant or deny access to networks on the basis of a user’s credentials.
Graphic F-15. Firewall.
Packet-filtering routers can also be configured to block certain kinds of traffic while permitting others. Usually this is done by disabling or enabling different TCP/IP ports on the firewall system. For example, port 25 is usually left open to permit Simple Mail Transfer Protocol (SMTP) mail to travel between the private corporate network and the Internet, while other ports (such as port 23 for Telnet) might be disabled to prevent Internet users from accessing other services on corporate network servers. The difficulty with this approach is that the size of the access list for the firewall can become huge if a large number of domains or ports are blocked and a large number of exceptions are configured. Some ports are randomly assigned to certain services (such as remote procedure call services) on startup; it is more difficult to configure firewalls to control access to these ports.
The simple firewall just described is sometimes called a network-level firewall because it operates at the lower levels of the Open Systems Interconnection (OSI) reference model for networking. Network-level firewalls are transparent to users and use routing technology to determine which packets are allowed to pass and which will be denied access to the private network. Network-level firewalls implemented solely on stand-alone routers are called packet-filtering routers or screening routers.
Another type of firewall is a circuit-level gateway, which is usually a component of a proxy server. Circuit-level gateways essentially operate at a higher level of the OSI model protocol stack than network-level firewalls do. With a circuit-level firewall, connections with the private network are hidden from the remote user. The remote user connects with the firewall, and the firewall forms a separate connection with the network resource being accessed after changing the IP address of the packets being transmitted in either direction through the firewall. The result is a sort of virtual circuit between the remote user and the network resource. This is a safer configuration than a packet-filtering router because the external user never sees the IP address of the internal network in the packets he or she receives, only the IP address of the firewall. A popular protocol for circuit-level gateways is the SOCKS v5 protocol.
Another more advanced type of firewall is the application-level firewall (or application gateway), which is also usually a component of a proxy server. Application gateways do not allow any packets to pass directly between the two networks they connect. Instead, proxy applications running on the firewall computer forward requests to services on the private network, and then forward responses to the originators on the unsecured public network. Application gateways generally authenticate the credentials of a user before allowing access to the network, and they use auditing and logging mechanisms as part of their security policy. Application gateways generally require some configuration on the part of users to enable their client machines to function properly, but they are more atomic in their configurability than network-level firewalls. For example, if a File Transfer Protocol (FTP) proxy is configured on an application gateway, it can be configured to allow some FTP commands but deny others. You could also configure an SMTP proxy on an application gateway that would accept mail from the outside (without revealing internal e-mail addresses), and then forward the mail to the internal mail server. However, because of the additional processing overhead, application gateways have greater hardware requirements and are generally slower than network-level firewalls.
NOTE
Microsoft Proxy Server includes the functions of network-level firewalls, circuit-level firewalls, and application gateways, enabling businesses to protect their sensitive corporate networks from attack over the Internet.
TIP
The best way to begin configuring a packet-filtering firewall is to block all packets at first and then start allowing access to the internal network on a case-by-case basis. Make sure that internal network addresses do not cross the firewall to the outside world and do not store sensitive data on the machine running the firewall software itself. Treat your firewall machine as expendable—the worst possibility should be a hacker’s damage to the firewall; this would simply leave your private network securely disconnected from the outside world. You can disable all unnecessary network services on your firewall machine to protect the firewall itself from attack.
If you are concerned only about controlling outgoing access from your network, and in addition your users do not need to be able to remotely access your network over the Internet, a packet-filtering router or circuit-level gateway type of firewall is probably sufficient. For users who frequently need to remotely access your network, however, an application gateway is generally best.
Also known as the IEEE 1394 High Performance Serial Bus, a serial transmission specification proposed by Apple for connecting high-speed peripherals to computers at speeds of up to 393 Mbps. FireWire supports hot-swapping of peripherals with up to 63 peripherals connected to a single IEEE 1394 bus. In addition, up to 1023 IEEE 1394 buses can be interconnected to form a vast array of peripherals using FireWire. FireWire features simple plug-in connectors using thin serial cables that can be hot-plugged without interfering with your system’s operation. FireWire connectors are based on the Nintendo Game Boy connector.
How It Works
FireWire as defined in IEEE 1394 uses 64-bit device addresses. FireWire cables use two twisted-pair wires for data transmission and two wires for power. FireWire includes two different serial interfaces:
A backplane interface: Runs at speeds between 12.5 and 50 Mbps for bus connections within a computer system
A point-to-point interface: Runs at speeds of 98.304 Mbps (S100 specification), 196.608 Mbps (S200), and 393.216 Mbps (S400) for connecting devices to computers using serial cables
The topology of a typical FireWire implementation can be complex, but it is typically a hierarchical or tree topology consisting of various IEEE 1394 components. More complex topologies, including several computers sharing portions of the peripheral network, are also possible. The illustration shows how you can use FireWire. The four types of components you can use in a FireWire implementation are
Devices: Typically have 3 ports but can have up to 27 ports and can be daisy-chained up to 16 devices
Splitters: Provide extra IEEE 1394 ports if needed to accommodate the number and arrangement of devices used
Repeaters: Overcome distance limitations in IEEE 1394 cables
Bridges: Isolate traffic within a specific portion of an IEEE 1394 bus
FireWire connections have a maximum distance of 4.5 meters, but up to 16 components can be daisy-chained to a maximum distance of 72 meters without using repeaters.
Graphic F-16. FireWire.
FireWire is supported by the Microsoft Windows 98 and Windows 2000 operating systems, along with the universal serial bus (USB) specification.
NOTE
Windows 98 resets the FireWire bus and assigns new physical addresses to IEEE 1394 devices when
Devices are added or removed from the bus
The system is rebooted
On the Web
•
1394 Trade Association : http://www.1394ta.org
A problem condition that can occur with dynamic routers on large internetworks. When a router is flapping (called a “flapping router”), it broadcasts routing table updates that alternate between two different routes to a host. For example, the flapping router might indicate during the first broadcast that route A is the best route to a given host, indicate during the second broadcast that route B is the best route, indicate during the following broadcast that route A is best, and so on. Flapping routers thus generate unnecessary routing traffic over the network. This generally happens when a router is unnecessarily configured to load-balance between paths with equal hop counts. To determine whether a router is flapping, use a network packet sniffer.
The mechanism by which a modem controls the rate at which it receives data from another modem. You can also use flow control to describe data rate control mechanisms between other devices, such as computers and attached printers, or between CSU/DSUs (Channel Service Unit/Data Service Units) and routers. Flow control is sometimes equated with handshaking, but the term “handshaking” specifically refers to flow control negotiations that take place at the beginning of a communication session, while the term “flow control” also can apply to data transmission management during an active communication session. In general modem technologies, two basic types of flow control exist:
Hardware flow control: Also known as RTS/CTS (Request To Send/Clear To Send) control, this method uses special dedicated pinning on cables to leave flow control to the modem itself. In other words, a separate hard-wired signal link (wire) that does not carry data is used to enable one modem to send stop and start messages to the other modem by raising or lowering voltage levels on this wire. Hardware flow control is used with high-speed modems that can compress data and is usually the default setting for Microsoft Windows-based software, such as HyperTerminal, that uses modems.
Software flow control: Also known as XON/XOFF control, this method uses special data characters (usually Ctrl+S to stop transmission, and Ctrl+Q to resume) sent within the data stream itself to enable a local modem to signal a remote modem to stop transmitting data so that the local modem can catch up.
Software flow control is slower and less reliable than hardware flow control because a user, program, or line noise might inadvertently generate a stop signal for the remote modem. In addition, software flow control is used only for transmitting ASCII text information, not for binary data files, because the binary data might contain the Ctrl+S stop character and cause the remote modem to stop transmitting data.
Graphic F-17. Flow control.
File permissions for NTFS volumes on computers running Microsoft Windows 2000. For information on folder permissions on machines running Windows NT versions 4 and earlier, refer to the entry on NTFS standard folder permissions in this work.
How It Works
Folder permissions govern access to folders on an NTFS volume, while file permissions govern access to files on an NTFS volume. NTFS volumes for computers running Windows 2000 have six standard folder permissions: full control, modify, read & execute, list folder contents, read, and write.
For any given folder on an NTFS volume, each of these folder permissions can be allowed or denied for a specific user or group by using the Security tab of the folder’s property sheet in Windows Explorer (see the illustration).
Each of these six standard folder permissions is made up of a subset of the individual or special permissions that are available on NTFS volumes on machines running Windows 2000. The following table lists the various special permissions and how they are combined to form the six different folder permissions.
Graphic F-18. Folder permissions (Windows 2000).
Special Folder Permissions
| Special Permissions | Full Control | Modify | Read & Execute | List Folder Contents | Read | Write |
| Traverse folder | x | x | x | x | ||
| List folder | x | x | x | x | x | |
| Read attributes | x | x | x | x | x | |
| Read extended attributes | x | x | x | x | x | |
| Create files | x | x | x | |||
| Create folders | x | x | x | |||
| Write attributes | x | x | x | |||
| Write extended attributes | x | x | x | |||
| Delete subfolders and files | x | |||||
| Delete | x | x | ||||
| Read permissions | x | x | x | x | x | |
| Change permissions | x | |||||
| Take ownership | x |
NOTE
The list folder contents and the read & execute folder permissions have the same special permissions. However, read & execute permission is inherited by both files and folders, while list folder contents permission is inherited only by folders.
See also file permissions (Windows 2000)
In a Microsoft TCP/IP implementation, any host that uses a non-Microsoft operating system. Examples of foreign hosts are OS/2 workstations, Solaris servers, and VMS mainframes.
Connectivity with foreign hosts for the purpose of transferring files with the host requires
A common networking protocol, such as TCP/IP or Internetwork Packet Exchange (IPX)
A common file-sharing protocol, such as Server Message Block (SMB) or Network File System (NFS)
A mail system that belongs to a different company than your own and that might also be of a different type. An example could be a public X.400 messaging system in Europe or the Internet’s Simple Mail Transfer Protocol (SMTP) mail system. The term “foreign mail system” usually refers to a mail system other than Microsoft Exchange Server. You can establish connectivity between an Exchange organization and a foreign mail system by installing and configuring an appropriate connector on an Exchange server in your organization. Examples include
Using the Internet Mail Service to connect an Exchange organization to the SMTP mail system on the Internet
Using the X.400 Connector to connect an Exchange organization to a public X.400 messaging network such as those common in Europe
See domain forest
In Microsoft Exchange Server messaging systems, a graphical interface for users to enter or display messages. Forms can be created for uniformly posting information to public folders using Microsoft Outlook. For example, an order form could be created for posting orders to a public folder for processing. The Exchange Scripting Agent can then be used to create triggers that process the form when certain input conditions exist.
In Hypertext Markup Language (HTML), a form is a portion of a Web page that presents a series of fields for the Web browser user to complete, along with a Submit button to send the data to the Web server for processing. Forms are often used in Web sites for guest books, registration, and similar purposes. If you create an HTML form you must create a corresponding form handler—an application that accepts the data from the form and processes it accordingly. Form handlers are typically written in Perl and implemented as Common Gateway Interface (CGI) scripts on UNIX Web server platforms such as Apache. On Internet Information Services (IIS), form handlers can be Internet Server API (ISAPI) applications written in C or Active Server Pages (ASP) scripts written in Microsoft Visual Basic, Scripting Edition (VBScript).
A command common to all Microsoft operating systems that can be used to install a file system on a partition. After a drive has been partitioned as desired, each partition must be formatted before files can be stored on the partition. Note that formatting a partition causes all data previously stored on it to be lost.
Example
In Microsoft Windows 95 and Windows 98, format /d: /u performs an unconditional (irreversible) format of drive D.
NOTE
You can use the graphical user interface (GUI) tool Disk Administrator in Windows NT and the Disk Management utility in Windows 2000 to format a disk volume. Disk Management is found in the Storage folder of the Computer Management tool in Windows 2000.
A name server configured to perform iterative queries with other name servers on the Internet. Forwarders are useful for reducing name resolution traffic and speeding Domain Name System (DNS) name queries for large private TCP/IP internetworks that are connected to the Internet. They are also used to resolve name queries when a firewall between your network and the Internet prevents clients in your network from directly querying name servers located at your Internet service provider (ISP) or elsewhere on the Internet. In this case, a typical location for the forwarder is on the bastion host. (The “bastion host” is the host running the proxy server or application layer gateway application.)
How It Works
If one of your name servers is configured as a forwarder, all off-site queries for resolving DNS names are first sent to the forwarder. The forwarder then performs an iterative query with an off-site name server located at your ISP to resolve the query. The results of the query are cached by the forwarder. This caching of name query results by the forwarder speeds later name query requests and reduces traffic between your network and the ISP.
Graphic F-19. Forwarder.
See also DNS query, Domain Name System (DNS)
See File and Print Services for NetWare (FPNW)
See fully qualified domain name (FQDN)
A type of Internet connection. A fractional T1 line is a T1 line, leased by a T-carrier service provider to a customer, that carries only a fraction of the regular T1 bandwidth of 1.544 Mbps. Regular T1 lines consist of 24 DS0 channels multiplexed together, while fractional T1 lines consists of fewer than 24 channels. Fractional T1 lines typically consist of a combination of nailed-up channels and switched channels. The technology of fractional T-carrier services is the same as that of regular T-carrier services; the extra channels are simply unused. Customers might want to lease fractional T1 services when they don’t require the entire bandwidth (or cost) of a regular T1 line.
See frame relay access device (FRAD)
A segment of data on a network or telecommunications link, generally consisting of a header with preamble (start of frame flag), destination and source addresses, data payload, and usually some form of error-checking information. Frames are assembled and generated by the data-link layer and physical layer of the Open Systems Interconnection (OSI) reference model. This assembly process is called “framing.” In other words, packets from the network layer are encapsulated by the data-link layer into frames. Data segments generated by higher layers of the OSI model are generally referred to as packets, but the term “packet” is also sometimes used to include frames.
The format in which data frames are constructed depends on the particular data-link layer protocol being used. Thus, we can speak of Ethernet frames, Integrated Services Digital Network (ISDN) frames, X.25 frames, frame relay frames, and so on. Each particular local area network (LAN) or wide area network (WAN) data-link protocol has its own method of framing data for transmission over the network or telecommunications line. Frames can be fixed-length or variable-length, and have addressing information for multipoint connections or no addressing information for point-to-point connections. They can also have error correction, as in X.25, or no error correction, as in frame relay.
A packet-switching technology offered as a telecommunications service by telcos and long-distance carriers, used primarily for WAN links. Frame relay can be used to encapsulate local area network (LAN) traffic such as Ethernet frames for transmission over digital data transmission lines for wide area networks (WANs), and can connect multiple LANs to form a multipoint WAN. Frame relay technology was originally an offshoot of Integrated Services Digital Network (ISDN) digital communication technology.
How It Works
Frame relay technology is a packet-switching service that is similar in operation to, and considered the replacement for, the older X.25 packet-switching technology—but it provides higher performance and has a greater efficiency because it is a more streamlined protocol. For example, while X.25 includes error-correction functions, frame relay leaves error correction up to the station endpoints in order to speed up WAN communications. When errors do occur, frame relay drops the offending frame and retransmits the data. Frame relay also does not support the hop-by-hop flow control functions that X.25 supports, which further streamlines frame relay operation.
As in other packet-switching networks, frame relay operates by breaking network data into “packets” and tagging each packet with a destination address. Each packet is then relayed through the switching nodes that make up the packet-switching network. The packets are reassembled into the correct order at their destination. Frame relay is a protocol-independent service that uses special frame relay devices for encapsulating network data into variable-length packets called frames using the data-link layer protocol called High-level Data Link Control (HDLC). Frame relay links can have unpredictable latency for forming connections because frame relay networks have no prioritization scheme.
Instead of relaying each packet individually through the frame relay network, frame relay uses virtual circuits that act as temporary paths through the network. These virtual circuits can be either switched virtual circuits (SVCs) that are set up and torn down on a call-by-call basis, or permanent virtual circuits (PVCs) that are established in advance. PVCs are preferred because they provide a more reliable grade of service for the customer. PVCs provide dedicated point-to-point connections between local and remote customer premises through a frame relay cloud. By establishing multiple PVCs, you can run multiple logical WAN links over a single physical frame relay connection. PVCs are managed using the Local Management Interface (LMI) protocol, which provides features for verifying link integrity and managing the status of PVCs.
PVCs function in a way similar to private leased lines and provide the customer with a level of service that is agreed upon, called the Committed Information Rate (CIR). The CIR, a negotiated level of service you purchase from the carrier, specifies your maximum transmission speed over the frame relay network. Speeds typically range from 56 Kbps to T3 speeds and higher, depending on your requirements. CIR acts as a kind of bandwidth throttling mechanism that facilitates the use of shared frame relay circuits by different users. Some service providers allow temporary bursts of traffic to exceed the CIR, but any traffic above the Committed Information Burst Rate (CIBR) is dropped and requires retransmission.
Frame relay runs over T1 and fractional T1 carriers with transmission speeds ranging from 56 Kbps to 1.544 Mbps or higher. Since frame relay is independent of network protocols such as TCP/IP and IPX/SPX-Compatible Protocol, it has more flexibility than X.25.
Frame relay implementations usually follow one of two networking topologies:
Fully meshed topology: In this implementation, each frame relay device is connected to every other device using PVCs to form a multipoint WAN. When an update is transmitted to one device, it is seen by every other device as well. The advantage of this configuration is that the entire frame relay network can be treated as a single data-link connection.
Partially meshed topology: This implementation uses a star or hub-and-spoke topology in which frame relay devices are not connected to every other device in the frame relay cloud. Network designers should be careful when adopting this configuration to prevent split-horizon problems.
To connect a network to a telco Frame Relay Bearer Service (FRBS), use a special bridge, router, or CSU/DSU (Channel Service Unit/Data Service Unit) device called a frame relay access device (FRAD). The FRAD connects your customer premises to an Edge Switch (ES) on your provider’s frame relay cloud (the collection of all frame relay circuits belonging to your provider). See the illustration for an example.
Frame relay technology is more popular in North America than slower packet-switching technologies such as X.25, while in Europe, X.25 has traditionally been a more popular solution. Frame relay services were first offered in 1992 by AT&T, Sprint, and other carriers, which have installed frame relay points of presence (POPs) for connections to the central office (CO) of local telcos in major metropolitan locations around the United States.
NOTE
An important consideration in frame relay communication is a set of extensions to the frame relay encapsulating protocols called the LMI, developed by Cisco, DEC, and others. Frame relay routers from Cisco use a “Cisco LMI” while many other vendors use the “ANSI LMI,” which can create incompatibilities.
TIP
Bursts of traffic above the CIR are typically short (less than two seconds in duration) and are generally possible only during off-peak utilization times. When access to the service provider’s frame relay network is heavy, your maximum bandwidth will be your CIR.
Graphic F-20. A frame relay WAN link.
Some possible strategies for troubleshooting frame relay links in different kinds of situations appear in the following table.
Troubleshooting Frame Relay Links
| Problem | Suggestions |
| Frame relay link is down (connections fail) | Check cabling and connections, make sure you are using a data terminal equipment (DTE) cable, try connecting the cable to a different port, or try a different cable. Make sure you are using IETF encapsulating if mixing frame relay devices from different vendors. |
| Cannot ping remote router | Check the status of PVC; contact carrier if this is down. Check the router’s access list, disable access list, and retry. Make sure you are using IETF encapsulating if mixing frame relay devices from different vendors. Check the configuration of the frame relay address map. |
| Cannot ping device on remote network | Try pinging local router’s frame relay address; check that a default gateway is specified. Check for split horizon conditions in a hub-and-spoke frame relay implementation. |
On the Web
•
Frame Relay Forum : http://www.frforum.com
Sometimes called a frame relay assembler/disassembler, a telecommunications device that enables a customer site to be connected to a frame relay service.
How It Works
The frame relay access device (FRAD) is a device that receives network packets from the customer’s network and encapsulates them into a format acceptable for transmission over frame relay circuits. A local FRAD accepts packets from a bridge, router, or other device; buffers them; frames them; and transmits them over a frame relay link to a remote FRAD that performs the process in reverse. Special bridges and routers can include built-in FRAD circuitry for directly connecting customer networks to a frame relay service.
The FRAD also includes technology for statistically multiplexing large numbers of virtual circuits (logical data streams) over a single physical communication link. This enables the FRAD to provide the customer with greater flexibility in bandwidth use, in contrast to time-division multiplexing (TDM) techniques, which ensure a full level of service for each data stream, even when they carry no data. For example, if two data streams are multiplexed using TDM, frames from the two streams will alternate to form the single serial data link. If one of these streams has no data, empty frames will still be sent, resulting in a poor utilization of bandwidth. In statistical multiplexing, the multiplexed data stream contains only frames from data streams that are carrying data, and the higher the data transmission rate of a stream, the greater the number of frames that are multiplexed into the serial data link.
TIP
Some bridges and routers, such as many of those from Cisco, have built-in FRAD technology and need to be connected only to a CSU/DSU (Channel Service Unit/Data Service Unit) through a V.35 or other serial transmission cable to provide customers with an all-in-one frame relay access solution for wide area networking. Use a bridge if you want an easy way to connect a branch office using frame relay. Use a router if you want to control traffic flow or reroute failed connections.
See also frame relay
The totality of frame relay circuits within a telecommunication carrier’s frame relay network. This frame relay network is commonly known as a Frame Relay Bearer Service (FRBS). Typically, a frame relay cloud is a collection of packet-switching devices owned by the carrier and used as a shared public network for backboning wide area network (WAN) traffic for private customers. Frame relay clouds can also consist of frame relay circuits owned by private networking consortiums. The frame relay network is described as a “cloud” because of the large number of interconnections between the various edge switches, usually forming a fully connected mesh topology. In frame relay services, each frame of information contains the routing information needed to enable the frame to be routed to its destination through the cloud.
See also frame relay
Specifies the data format for frames when using the NWLink protocol on machines running Microsoft Windows NT or Windows 2000. Two machines on a network using NWLink or IPX/SPX-Compatible Protocol must be using the same frame type to communicate. NWLink on Windows NT and Windows 2000 can listen to IPX/SPX traffic on the network and automatically configure itself to use the network frame type, which is usually
802.3 for NetWare 2.2 through 3.11
802.2 for NetWare 3.12 and later
The following table shows the frame types supported by NWLink.
Frame Types Supported by NWLink
| Network Topology | Frame Types Supported | ||||
| Ethernet II | 802.2 | 802.3 | SNAP | 802.5 | |
| Ethernet | x | x | x | x | |
| Token Ring | x | x | |||
| FDDI | x | x |
NOTE
The NWLink property sheet on Windows NT and Windows 2000 Server allows you to configure NWLink to use multiple frame types if needed. NWLink on Windows NT and Windows 2000 Server is configured by default to be automatically detected when NWLink is first loaded. But if multiple frame types are detected, including 802.2, the 802.2 frame type will be selected by default. NWLink on Windows NT Workstation and Windows 2000 Professional can be configured for multiple frame types only by editing the registry.
See also NWLink IPX/SPX-Compatible Transport
The signal multiplexing technology used in the Advanced Mobile Phone Service (AMPS) analog version of cellular phone technology. Frequency Division Multiple Access (FDMA) is one of three methods used for allocating channels to users over the shared wireless communications medium in cellular phone communication; the others are Time Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA).
How It Works
FDMA is implemented at the media access control (MAC) layer of the data-link layer in the Open Systems Interconnection (OSI) reference model for networking protocol stacks. FDMA is based on the frequency-division multiplexing (FDM) technique used in wireless networking. In FDMA, the user is assigned a specific frequency band in the electromagnetic spectrum, and during a call that user is the only one who has the right to access the specific band. In the AMPS cellular phone system, these frequency bands are allocated from the electromagnetic spectrum as follows:
Transmission by mobile station: 824 MHz to 849 MHz
Transmission by base station: 869 MHz to 894 MHz
Two different frequency bands are used to allow full-duplex communication between base and mobile stations. Both of these bands are then divided into discrete channels that are 30 kHz wide in bandwidth.
Graphic F-21. Frequency Division Multiple Access (FDMA).
NOTE
One way to understand FDMA is to imagine different people in the same room communicating in voices with different pitches, some high and some low; they would all be able to talk simultaneously and (more or less) understand one another. This is similar to the way FDMA works. FDMA is used by traditional AM and FM radio bands to allow broadcast by individual stations.
See also Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA)
A signal transmission technology in which multiple signals can simultaneously be transmitted over the same line or channel. Frequency-division multiplexing (FDM) can be used in both wired and wireless networking for transmitting large amounts of data at high speeds. FDM is the simplest and oldest form of multiplexing in wireless networking technology.
How It Works
Frequency division multiplexing involves simultaneously transmitting multiple signals on different frequencies. These different frequencies, called channels, share non-overlapping portions of the total frequency band being used. Signals from different data sources are fed into a multiplexer that modulates each signal and transmits them at different frequencies. These signals are then transmitted over the wire or through wireless communication and are separated at the destination into individual data signals using a demultiplexer.
See also dense wavelength division multiplexing (DWDM), multiplexing, time-division multiplexing (TDM)
A spread-spectrum transmission technology for wireless networking. Spread-spectrum wireless technologies trade throughput for increased reliability, and were originally developed by the U.S. military to provide communication that could not easily be jammed.
How It Works
Frequency hopping transmitters take the incoming data stream and segment it into multibit packets. These packets are then transmitted sequentially in a pseudo-random manner over the various frequency channels within the spread-spectrum band being used. In other words, the frequency of the carrier signal keeps hopping around. Synchronization between the master transmitter and slave devices is achieved by modulating the center or carrier frequency of the communication band according to a preset algorithm. Both the mobile and the base station know the modulation algorithm, which enables them to keep in communication with each other. For increased security, the modulation algorithm can be dynamically modified.
Graphic F-22. Frequency hopping.
A list of commonly asked questions and their answers, developed for beginners in a given subject to reduce the amount of customer technical support required. Frequently asked questions (FAQs) are often available for computer products and services on company and organization Web sites on the Internet. They are also available for many different Usenet newsgroups. Some Microsoft software documentation also includes FAQs to provide quick answers to commonly asked questions about the software. To ease your customer support requirements, create a simple and highly usable FAQ for your clients.
See File and Print Services for Macintosh (FSM)
See File-Transfer Access and Management (FTAM)
See File Transfer Protocol (FTP)
A Microsoft Windows NT service on servers running Microsoft Internet Information Server, or a Windows 2000 service on servers running Internet Information Services (IIS). The FTP service supports the Internet standard File Transfer Protocol (FTP), and allows users to upload and download files between FTP clients and FTP servers such as IIS.
FTP supports only user-level authentication. In other words, FTP servers such as IIS that are running the FTP service support only anonymous authentication or Basic Authentication. When an FTP client attempts to connect to an FTP server configured to use Basic Authentication, the user’s name and password are transmitted as clear text over the network, which is insecure. The best way to secure FTP services is to enable anonymous authentication on all FTP servers, which requires users to log on with the username “anonymous.” (They can enter anything for the password, but the FTP server’s welcome message usually requests that they politely use their e-mail address as their password for logging purposes.) You should configure the FTP service on IIS to allow only anonymous logons to prevent users from passing their credentials over the network. Then simply avoid storing critical information on your FTP servers, and use them for access to public information only.
You will probably also want to configure your FTP servers to allow only downloads and prohibit all uploads. If your corporate users must upload files remotely using FTP, you can create an FTP drop box for them. An FTP drop box is a folder on an NTFS volume, configured as a virtual directory that has write permission on it but no read permission. In other words, users can upload files to the directory but cannot read what has already been uploaded.
A TCP/IP utility for copying files to and from remote hosts on machines running Microsoft Windows 95, Windows 98, Windows NT, and Windows 2000. The remote host must be running the FTP service and authenticate the client before the client can transfer files. The FTP utility provides a command-line interface only for uploading and downloading files to FTP servers. Various shareware GUI-based FTP clients are available on the Internet.
How It Works
The FTP command starts an interactive session in which a series of FTP-specific commands can be used to list directories, upload and download files, change between binary and ASCII mode, and so on.
The FTP command is a command-line FTP client and must interact with the FTP service running on the remote host. Microsoft’s implementation of the FTP service is part of Internet Information Services (IIS).
See normal backup
A mode of communication in which data is simultaneously transmitted and received between stations. Full-duplex communication is twice as fast as half-duplex communication, and typically uses two separate pairs of wires (or two channels for wireless networking) for supporting simultaneous transmission and reception by a host. An alternative arrangement is to use some multiplexing technique, such as time-division multiplexing (TDM), to interleave transmission and reception on a single channel. This does not produce true full-duplex communication, but to an ordinary user it might appear to do so if the interleaving process is fast enough.
Graphic F-23. Full-duplex.
Examples of full-duplex communication include cellular telephone technologies and full-duplex Ethernet. Examples of half-duplex communication are walkie-talkies, CB radios, and standard Ethernet networks. Examples of simplex communication technology include satellite broadcasting and cable TV broadcasting.
An emerging type of Ethernet that supports full-duplex communication between stations on the network. Full-duplex Ethernet lets stations send and receive data simultaneously, thus giving it twice the maximum throughput of traditional forms of Ethernet.
How It Works
Full-duplex Ethernet uses two lines for sending and receiving data simultaneously. It is used in point-to-point connections between stations and requires that lines be concentrated using Ethernet switches instead of hubs or repeaters. Using switches and point-to-point connections means that full-duplex Ethernet avoids the collisions that can degrade the performance of standard half-duplex Ethernet. A full-duplex connection on a 100BaseT network would thus have a theoretical maximum speed of 200 Mbps, but in reality full-duplex Ethernet tends to achieve only a 20 to 60 percent higher throughput than standard Ethernet.
NOTE
Full-duplex Ethernet does not use the traditional Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access control method of traditional Ethernet since collisions cannot occur on a full-duplex, point-to-point link between two stations. Because of this, the distance limitations between two stations in full-duplex Ethernet depend only on the strength of the transceivers with respect to the medium used. Thus station-to-station distances for full-duplex Ethernet connections can be much greater than for traditional Ethernet networks. For 100-Mbps full-duplex links, this is generally around 2 kilometers over fiber-optic cabling.
TIP
Use 20-Mbps full-duplex Ethernet to connect two 10BaseT Ethernet networks over duplex single-mode fiber-optic cabling at distances of up to 15 kilometers. To do this, use a pair of half-to-full duplex converters at either end of the fiber-optic line. These converters should always be used in pairs, and they typically have an attachment unit interface (AUI) port that accepts the fiber-optic transceiver.
Graphic F-24. Full-duplex Ethernet.
In the Domain Name System (DNS), a dotted name that fully identifies a TCP/IP host on the Internet. A fully qualified domain name (FQDN) of a host consists of its host name dotted together with its domain name and any names of subdomains in which the host resides. FQDNs are used in Uniform Resource Locators (URLs) for accessing Web pages on the Internet and provide an absolute path through the DNS namespace to the target host on which the Web page resides. They are also sometimes called absolute domain names.
Example
For the FQDN server7.microsoft.com, the TCP/IP host name is server7 and its domain is microsoft.com.
An annual business symposium for the business experts and managers in the Microsoft Certified Solution Provider (MCSP) worldwide community. The general purpose of Microsoft Fusion is to enable solution providers to
Share information on the latest Microsoft products, technologies, and sales strategies from experts in the field
Share their experiences and tips with other industry experts and peers
Discover new methods for growing a business by capitalizing on Microsoft technologies and resources
On the Web
•
Microsoft Fusion home page : http://events.microsoft.com/events/fusion
