An encoding standard developed by the International Telecommunication Union (ITU) for interfacing data communications equipment (DCE) with digital high-speed synchronous communication services. G.703 is not used in North America but is widely used in Europe, and it covers specifications for digital transmission from rates of 64 Kbps to 2.048 Mbps. Private Branch Exchange (PBX) systems often use 64-Kbps leased lines utilizing the G.703 standard, as do E-carrier services such as E1 communication links. Some U.S. vendors sell converters for connecting synchronous V.35, RS-449, or X.21 interfaces to G.703 in order to sell their switching equipment in Europe.
Graphic G-1.G.703.
NOTE
G.703 has been updated to include support for U.S. standard T-carrier service speeds, such as T1 transmission at 1.544 Mbps.
GAL
See Global Address List (GAL)
gateway
A term for a broad category of network components that allow communication between different networking architectures and different protocols. Gateways generally operate at the higher levels of the Open Systems Interconnection (OSI) reference model for networking. They are commonly used to provide connectivity between two different protocol stacks that might be running on different systems. Examples include the following:
E-mail gateways—for example, a gateway that receives Simple Mail Transfer Protocol (SMTP) e-mail, translates it into a standard X.400 format, and forwards it to its destination
Gateway Service for NetWare (GSNW), which enables a machine running Microsoft Windows NT Server or Windows 2000 Server to be a gateway for Windows clients so that they can access file and print resources on a NetWare server
Gateways between a Systems Network Architecture (SNA) host and computers on a TCP/IP network, such as the one provided by Microsoft SNA Server
A packet assembler/disassembler (PAD) that provides connectivity between a local area network (LAN) and an X.25 packet-switching network
A gateway is usually a dedicated device or a set of services running on a dedicated computer. Gateways are essentially devices that direct network traffic in some fashion and translate that information.
Gateway Service for NetWare (GSNW)
A service for servers running Microsoft Windows 2000 and Windows NT (called Gateway Services for NetWare in Windows NT) that can be installed on these servers to enable them to directly access file and print resources on Novell NetWare servers. Gateway Service for NetWare (GSNW) can also enable a Windows-based server to act as a gateway for other Microsoft clients, such as Windows for Workgroups, Windows 95, Windows 98, Windows NT Workstation, or Windows 2000 Professional, allowing them to access the resources on the NetWare server.
GSNW can connect to NetWare 2.x , 3.x , or 4 .x servers. The 4.x servers can run either bindery emulation or Novell Directory Services (NDS). Using GSNW, Microsoft clients can access the resources on the NetWare server by connecting to a share on the server running Windows NT or Windows 2000. The process is totally transparent to users—to the client, the resource appears to be located on the Windows-based server.
How It Works
A server that has GSNW installed also must have the NWLink protocol loaded. This protocol, which is an IPX/SPX-Compatible Transport, makes it possible for the Windows server to communicate with the NetWare server. If it is not already installed, NWLink will install automatically on the server when you install GSNW.
To prepare the NetWare server for the gateway, you must create a group and a user account as follows:
Create a group called Ntgateway on the NetWare server, and give it the necessary rights for accessing the resources you want to make available on the server.
Create a user account on the NetWare server, and give it the necessary rights for accessing the resources you want to make available on the server. Make this user account a member of the Ntgateway group.
GSNW will use this user account for creating a connection to the NetWare server. The connection will appear on the server running Windows NT or Windows 2000 as a redirected drive that can be shared, as if it were a resource located on the Windows-based server. Windows clients can then connect to the shared resource by browsing Network Neighborhood, by mapping a drive using Windows Explorer, or by using the net use command.
From the perspective of the Windows clients on the network, the shared resources they access appear to reside on the Windows-based server. In actuality, the GSNW service on the server is performing protocol conversion between the Server Message Block (SMB) protocol, which the Windows clients understand, and the NetWare Core Protocol (NCP), which the NetWare file server uses.
Graphic G-2.Gateway Service for NetWare (GSNW).
After GSNW is installed, the first time you log on to the server for connectivity to a NetWare 4.x server using NDS, you are prompted to specify a default tree and context for connecting to the NetWare server. If the NetWare server is running in bindery-emulation mode or is an earlier 2.x or 3.x server, you must specify a preferred server when you log on. You can also configure these settings using the GSNW utility in Control Panel.
TIP
Because GSNW must process all requests directed through the gateway and perform protocol conversion between SMB and NCP, access is slower than if the clients actually had NetWare client software installed and could directly access the NetWare server. You should use GSNW only for occasional or temporary access to NetWare servers by Windows clients. Install Client Services for NetWare (CSNW) on machines running Windows 95 or Windows 98 for better performance.
See also Client Services for NetWare (CSNW), File and Print Services for NetWare (FPNW), NetWare protocols
gender changer
A type of adapter with two connectors of the same type and gender, making it possible to change the gender of the connector to which it is joined from male (with pins) to female (with sockets) or vice versa.
This allows two male or two female cable ends to be joined. Gender changers come in a wide variety of types and are specified by connector type and gender. An example is a V.35 to V.35 male/male gender changer, which can be used to connect two V.35 serial cables (or one cable and a CSU/DSU) that terminate with female connectors
Graphic G-3.Examples of V.35 gender changers.
TIP
Some gender changers can also act as adapters for different data interfaces. For example, a V.35 to RS-232 male/male gender changer can be used to connect a V.35 connection on a CSU/DSU (Channel Service Unit/Data Service Unit) to a router, using an RS-232 serial cable. Be sure that the pinning for such a gender changer is suitable for the type of equipment you want to connect because different pinnings might exist when different serial interfaces are connected.
General Packet Radio Service (GPRS)
An upgrade to the Time Division Multiple Access (TDMA) cellular phone system. General Packet Radio Service (GPRS) uses packet switching instead of the existing circuit-switching technologies of TDMA systems to provide more efficient use of available bandwidth. GPRS provides subscribers with up to eight separate 14.4-Kbps communication channels. In theory, GPRS has a maximum data transmission rate of 171.2 Kbps, but in practice the maximum rate is only about 44 Kbps downstream and 22 Kbps upstream because of the overhead of combining channels and the power limitations on the subscriber end. Implementation of GPRS requires that existing TDMA hardware be upgraded accordingly.
Some limited trials of GPRS began in 1999, with widespread trials set to begin in the summer of 2000. A number of European and Asian countries are piloting GPRS systems and have an edge over the United States in the arena of wireless communication systems running at more than 20 Kbps.
With its higher data rates, GPRS makes possible the kinds of wireless applications and services that have simply not been feasible on the existing Global System for Mobile Communications (GSM) circuit-switched data services, which are limited to 9.6 Kbps, or by using the existing Short Message Service (SMS), which is limited to a maximum of 160 characters of transmitted information. Possible uses for GPRS include services such as wireless mobile Web browsing, discussion groups, chat services, mobile commerce, and home automation through wireless remote control.
NOTE
It is probable that GPRS upgrades will be easiest for carriers whose networks operate in the 1800-MHz or 1900-MHz frequency bands, because they usually have sufficient unused capacity to implement channel aggregation without having to upgrade their bearer equipment. Upgrading to GPRS is more expensive for carriers operating in the 800-MHz or 900-MHz bands because of the near-full capacity of those bands.
Another cost involved in the GPRS upgrade process is that of replacing the circuit-switched core network connecting existing base stations with an IP-based backbone network for interfacing between the wireless system and the Internet. You create an interface between a GPRS network and an Internet Protocol (IP) network by using a gateway GPRS support node (GGSN). You can also use GGSNs to connect GPRS networks with legacy X.25 packet-switching networks.
GPRS might have a short implementation lifetime if the International Mobile Telecommunications-2000 (IMT-2000) initiative from the International Telecommunication Union (ITU) gathers steam, because IMT-2000 upgrades will support data throughput speeds of up to 2 Mbps—much greater than what GPRS can provide.
See also Time Division Multiple Access (TDMA)
Gigabit Ethernet
A type of Ethernet that allows the transmission of data at 1 Gbps (or 1000 Mbps) over both fiber-optic cabling and copper twisted-pair cabling. Gigabit Ethernet competes with Fiber Distributed Data Interface (FDDI) and Asynchronous Transfer Mode (ATM) technologies as an alternative for high-speed network backbones. Gigabit Ethernet is defined in the IEEE 802.3z and 802.3ab specifications.
Graphic G-4.Gigabit Ethernet.
How It Works
Gigabit Ethernet supports a modified Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access method similar to those supported by previous versions of 10-Mbps Ethernet and 100-Mbps Fast Ethernet. Modifications to CSMA/CD for Gigabit Ethernet include extending the length of the carrier and slot times to pack out all frames to a minimum carrier length of 512 bytes. From the point of view of the MAC (media access control) interface, the minimum packet size still appears as 64 bytes. These modifications are performed to maintain a 200-meter-diameter topology for Gigabit Ethernet networks when a shared-media topology is used in half-duplex communications. The modifications can affect the performance of traffic involving smaller packets, but this is accommodated for by building a packet-bursting feature into Gigabit Ethernet that allows a station to take temporary control of the wire to send out a number of small packets. Note that these changes to CSMA/CD occur only during half-duplex communication. When using switched full-duplex connections, these changes do not apply.
Because CSMA/CD is used, Gigabit Ethernet can be viewed as a relatively easy upgrade path for network administrators familiar with 10BaseT and Fast Ethernet technologies. Gigabit Ethernet uses the same standard 802.3 framing structure of standard Ethernet, with frames between 64 and 1514 bytes in length. In standard half-duplex mode, Gigabit Ethernet supports speeds of 1 Gbps using CSMA/CD, but full-duplex versions support speeds of 2 Gbps for high-speed network backbones.
Gigabit Ethernet can be implemented in four different cabling or physical layer (PHY) options:
1000BaseCX: Uses 150-ohm balanced twinax cabling or shielded twisted-pair (STP) cabling over a maximum distance of 25 meters. This version is used primarily for connecting switches and routers in wiring closets. It uses Fibre Channel–based 8B/10B coding at a serial line rate of 1.25 Gbps.
1000BaseLX: Uses long wavelength transmissions over single-mode fiber-optic cabling. This version is used mainly for long cable runs of up to 5 kilometers.
1000BaseSX: Uses short wavelength transmissions over multimode fiber-optic cabling. This version is used mainly for short cable runs of up to 300 meters (over 50-micron fiber) and up to 550 meters (over 62.5-micron fiber).
1000BaseT: Uses twisted-pair category 5 cabling (four pairs of wires) over a maximum distance of 100 meters (maximum network diameter of 200 meters) and is intended mainly for connecting high-speed workstations to concentrators in nearby wiring closets.
Gigabit Ethernet networks can function as shared-media half-duplex networks using 1000-Mbps hubs, but they are usually implemented as switched full-duplex networks using 1000-Mbps Ethernet switches. Engineers currently envision two main uses for Gigabit Ethernet in corporate networking environments:
High-speed switch-switch connections for network backbones. Typically you might connect several 100/1000-Mbps switches to provide Fast Ethernet islands joined by Gigabit Ethernet backbones. An alternative would be to connect several 10/100 switches to one 100/1000 switch.
High-speed server-switch connections for server farms connected to server backbones. This configuration can provide users with 1-Gbps access to application or file servers.
Gigabit Ethernet might eventually be used for direct connections to high-speed user workstations, but at present this is a costly scenario to implement, and most applications can achieve sufficient bandwidth using only Fast Ethernet.
NOTE
Gigabit Ethernet is defined by the IEEE 802.3z specification. The Gigabit Ethernet Alliance is an open forum for promoting cooperation and standards in industry implementations of Gigabit Ethernet. Gigabit Ethernet standards were developed only recently and are now beginning to be widely implemented in high-speed networks.
TIP
Upgrading a Fast Ethernet backbone switch to a Gigabit Ethernet 100/1000-Mbps switch is straightforward and will enable you to connect high-speed server farms using Gigabit Ethernet network interface cards (NICs). Benefits include increased throughput and performance, more network segments, more bandwidth per segment, and a greater number of nodes per segment.
A variation of Asymmetric Digital Subscriber Line (ADSL) that is targeted for home Internet access. G.Lite typically has a downstream rate of up to 1.5 Mbps and an upstream rate of up to 384 Kbps, depending on the implementation. G.Lite is also called DSL Lite or Universal ADSL. The International Telecommunication Union (ITU) has endorsed the term “G.Lite” as a standard.
How It Works
G.Lite is sometimes referred to as “splitterless ADSL” because a voice-data splitter is not required at the customer premises to split the voice and data signals being carried over the line. This is different from normal ADSL, which uses a Plain Old Telephone Service (POTS) splitter at both the customer premises and the telco’s central office (CO) to separate the voice and DSL bands for transmission over the phone line to prevent them from causing interference with each other. Instead, the customer’s computer simply connects to a G.Lite ADSL modem and from the modem to the phone line. No rewiring of the customer premises is required, because G.Lite uses the installed local loop connection to the customer premises. Customers can make phone calls or send faxes while connected to the Internet over their G.Lite connection. G.Lite connections are “always on”; in other words, once you turn your computer on, the connection is active and you can send or receive e-mail without having to dial up a connection. Because of the elimination of the need to install splitters, G.Lite services should be less expensive for customers than ordinary ADSL services and should become widespread in the near future.
NOTE
The quality of an ADSL connection to your home can suffer if you have a large number of RJ-11 phone jacks installed. This is because each phone jack acts as a bridged tap that is run off the main phone line as a parallel connection. Signals traveling along your phone line can reflect off these jacks and affect the overall reliability of your ADSL connection.
Also, the farther your home is from the telco CO, the less bandwidth might be available for your ADSL connection.
Global Address List (GAL)
A list of all recipients in a Microsoft Exchange Server organization. The Exchange directory service maintains the Global Address List (GAL) in the Exchange directory database. The GAL typically contains
Mailboxes
Custom recipients
Distribution lists
The GAL can be accessed by
The Exchange Administrator program
Microsoft-based messaging clients using Messaging Application Programming Interface (MAPI), such as Microsoft Outlook
Lightweight Directory Access Protocol (LDAP) clients using TCP/IP, such as Microsoft Outlook Express
Hypertext Transfer Protocol (HTTP) clients such as Web browsers using Outlook Web Access
NOTE
Public folders are the only form of Exchange recipient not contained within the GAL.
global.asa
A file used in Active Server Pages (ASP) applications running on Microsoft Internet Information Server or Internet Information Services that contains information global to all pages in the application. Global.asa does not generate content visible to the client Web browser—any Hypertext Markup Language (HTML) in the global.asa file is ignored by the server. The global.asa file can contain object declarations using <OBJECT> tags, type library declarations for COM components that your application uses, and application and session events. You can have only one global.asa file per ASP application.
TIP
If your global.asa file generates an error, you should ensure that any object declarations within the file have application-level or session-level scope, that any script in the file is enclosed within <SCRIPT> tags, and that any <OBJECT> tags are placed outside of <SCRIPT> tags.
global catalog
A Microsoft Windows 2000 service and store that contains a partial replica of Active Directory information from all domains in your enterprise forest. The global catalog enables users to easily locate objects in any domain with maximum speed and minimum network traffic. In effect, the global catalog acts as a kind of index for looking up objects stored in Active Directory anywhere on your network. You can search the global catalog for Active Directory objects by using the Find dialog box in Active Directory Users and Computers.
How It Works
The global catalog resides on a selected group of the domain controllers in your Windows 2000 enterprise called global catalog servers. The administrative tool Active Directory Sites and Services is used to specify which domain controllers will host the global catalog—that is, which will be configured as global catalog servers. The global catalog is automatically created the first time you run the Active Directory Installation Wizard, and it is installed on the first domain controller in your root domain by default. The directory replication process controlled by Active Directory creates and maintains the contents of each global catalog server.
Every directory object in the entire enterprise is represented in the global catalog, but only a subset of the properties of each object is stored in the catalog. The properties represented are those most likely to be used as search attributes, such as the user’s first or last name. However, administrators can specify storing additional object attributes in the catalog if desired. Having the global catalog store only a subset of an object’s attributes in Active Directory improves the response time for performing search queries on Active Directory.
NOTE
You can modify which attributes are represented for objects in the global catalog by editing the schema of Active Directory, but you must do so with care. The global catalog also includes the access permissions for directory objects, so if you search for an object and it doesn’t show up, you probably do not have permission to access the object.
TIP
In a geographically distributed enterprise, each physical site should have at least one domain controller to speed network traffic. Most Active Directory–related traffic is the result of queries on Active Directory, so the domain controller for small sites should also be configured as a global catalog server. This will reduce traffic over WAN links to other sites by allowing the global catalog server to locally resolve queries for information on directory objects from other domains.
See also global catalog server
global catalog server
A Microsoft Windows 2000 domain controller that stores a copy of the global catalog. Administrators and users can utilize global catalog servers on a Windows 2000–based network to locate objects that are stored in Active Directory. Information stored on global catalog servers is updated each time Active Directory undergoes directory replication.
TIP
You must locate your global catalog servers appropriately so that queries on Active Directory perform effectively. Ideally, you should have at least one global catalog server at each site within the enterprise. However, in a multidomain environment, the replication traffic generated by maintaining these servers can be a burden on overall network traffic, especially if slow WAN links are involved. Consider placing your global catalog servers as follows:
Place several global catalog servers in each major site where large numbers of users and resources can be found.
Place a global catalog server at each small site where there are significant numbers of users and resources or where the wide area network (WAN) connection to major sites is slow.
See also global catalog
global group
A group that exists only in the Security Accounts Manager (SAM) database on a Microsoft Windows NT–based network. Global groups are created on domain controllers and are used within an enterprise-level Windows NT network to organize users by function (for example, Accountants global group), location (for example, Third-Floor global group), or some other criteria, to simplify account administration. Global groups contrast local groups, whose primary function is to provide users with permissions for accessing network resources and rights for performing system tasks. Note that global groups can contain only global user accounts from their own domain. They cannot contain global user accounts from other domains, and they cannot contain other groups.
NOTE
Global groups are a little different in Windows 2000. Global groups can contain only members from the domain in which they are created, and they can be granted permissions on resources in any domain in the current forest. Users from one forest cannot be members of groups from another forest, and groups from one forest cannot be granted permissions on resources in another forest.
If the Windows 2000 domain is in native mode, global groups can contain both user accounts and global groups from the same domain; however, in mixed mode, global groups can contain only user accounts.
See also AGLP, built-in global group, built-in group, group, local group
global load balancer
A hardware-based or software-based solution that can direct requests for Web content to multiple geographical locations where the content is stored. For example, if an electronic business has several data centers around the world, it can use global load balancers to direct Web customers’ traffic to centers that can provide the fastest response time for each customer’s location. If a data center goes down as a result of a power outage or some other condition, traffic to that site can be transparently redirected to other sites. The overall effect of implementing global load balancers in an e-business enterprise is an increase in reliability and performance from the customer’s point of view.
How It Works
Global load balancers essentially act as intelligent Domain Name System (DNS) name servers, performing name lookups for Uniform Resource Locators (URLs) and directing requests to the most appropriate IP addresses. The following five criteria are typically used to determine which address to forward a request to. (Not all global load balancers support all five criteria.)
Proximity of the site to the client, usually measured in router hops and established by using the Border Gateway Protocol (BGP), Internet Control Message Protocol (ICMP), or User Datagram Protocol (UDP)
Latency (the overall response time of the site), which is usually determined by pinging the site and calculating the delay
Server load (how busy the site is and how much capacity the server has for responding to clients)
Server health (whether the site is up and what its CPU and connection load are)
Packet loss (the average quality of the Transmission Control Protocol connection to the site), which is established by using ping
Of course, the DNS standard itself has built-in load balancing in the form of round-robin DNS. If multiple IP addresses are mapped to the same domain name, clients requesting the domain are directed to each IP address in a round-robin fashion. However, this rudimentary load-balancing scheme does not take into account such factors as which IP address belongs to the nearest host, the relative capability of the hosts to respond to requests, the availability of hosts, and so on. This is where global load balancers come in—they take over the role of authoritative name server for a company’s domain.
Global load balancers come in three varieties:
Layer 4 switches or routers with built-in support for global load balancing. Many Layer 4 switches and routers support some form of local load balancing, and software upgrades might be available that add such support. These switches tend to perform faster than appliances or software because they use hardware for packet forwarding and use software for routing purposes only. However, they also tend to be the most expensive solution.
Network appliances, which are essentially self-contained, stripped-down servers running global load-balancing software on top of operating systems optimized for this particular function.
Software that can run on standard servers running Microsoft Windows 2000, Windows NT, or UNIX that enables the servers to function as global load balancers. If you use this solution, be sure that your server is dedicated to running this software and does not run any other applications.
Global load balancers talk only to the local DNS server configured for the client, not to the client itself. This works well, except when mobile users travel to other cities and use their laptops to try to access the site. In this situation, if the client is still using a preconfigured DNS server at the home location, the global load balancer thinks that the client is still there as well. Also, once a DNS-based global load balancer has directed a client to the appropriate site or server, it is no longer involved in the client’s session and cannot tell whether the server goes down or whether some problem occurs with the connection.
For this reason, some global load balancers also use Hypertext Transfer Protocol (HTTP) redirects to masquerade as the target site and redirect HTTP requests to different servers. The client actually talks to the load balancer itself, and performance is faster than using DNS because fewer Transmission Control Protocol (TCP) connections are required. If the client’s connection to the server is interrupted, the global load balancer can redirect the client to a different server with minimal interruption. The downside of using HTTP redirects is that they work only with HTTP and not with other Internet protocols, such as File Transfer Protocol (FTP) or Network News Transfer Protocol (NNTP), or with streaming multimedia. This can be a limitation if your e-business delivers this type of content to the customer.
Other mechanisms can be used to perform global load balancing, including cookie-based and proprietary schemes. Windows NT 4, Enterprise Edition, provides a load-balancing service called Windows NT Load Balancing Service (WLBS). This IP load-balancing service employs a fully distributed clustering design that is ideal for creating highly available and scalable IP-based services such as Web, virtual private networking (VPN), streaming media, and proxy services.
globally unique identifier (GUID)
A 128-bit value based on time and space that can be used to uniquely identify an item. Globally unique identifiers (GUIDs) are used in the Component Object Model (COM) to uniquely identify classes and interfaces so that naming conflicts will not occur. A GUID is virtually guaranteed to be unique across all systems at any time. You can generate GUIDs using the console-based uuidgen utility or using the Microsoft Windows–based guidgen utility in Microsoft Visual C++.
In Windows 2000, each object, object class, or object attribute in Active Directory is assigned a unique GUID when it is created. The GUID of an entity in Active Directory never changes, even if the entity itself is renamed or moved to another location. The GUID acts as a kind of permanent name for the entity within the directory to ensure that it can be positively identified when needed.
TIP
Microsoft BackOffice products such as Microsoft Exchange Server and Microsoft SQL Server also use GUIDs to uniquely tag objects. For example, the information store in Exchange Server has a base GUID that is used to generate individual GUIDs for all messages, attachments, and folder contents kept in the store. If you restore the information store from a backup, you need to run the command isinteg -patch before restarting the information store to change the base GUID. Running this patch ensures that new objects created in the information store do not accidentally end up with GUIDs that are identical to those of objects already existing in the information store. This could cause inconsistencies in the information store database.
Global System for Mobile Communications (GSM)
A digital cellular phone technology popular in Europe, Asia, and other parts of the world. Global System for Mobile Communications (GSM) supports voice, data, Group 3 fax, and paging services for both vehicle-mounted and handheld mobile use. In addition, its speech quality equals that of the analog Advanced Mobile Phone Service (AMPS) and can interface with packet-switched networks.
How It Works
The GSM Phase 1 implementation uses a combination of Frequency Division Multiple Access (FDMA) and Time Division Multiple Access (TDMA) media access control methods to provide full-duplex communication over two frequency bands within the 862-to-960-MHz World Association of Radio Communications (WARC) portion of the electromagnetic spectrum. These two frequency bands are
The 890-to-915-MHz band for mobile-to-base (uplink) communication
The 935-to-960-MHz band for base-to-mobile (downlink) communication
Carrier signals are spaced 200 kHz apart within these bands to provide 124 pairs of superchannels based on frequency-division multiplexing (FDM), each of which is then subdivided into eight traffic channels using time-division multiplexing (TDM). Each channel carries voice communication at 13 Kbps (or 9.6 Kbps for data transmission). GSM thus provides 992 full-duplex channels for voice communication. Power classes for GSM mobile units range from 0.8 through 2.0 watts transmission power for handsets to 8 through 20 watts for vehicle-mounted units. Approximately half of a GSM transmission consists of overhead for signaling, such as synchronization and error handling. Such high overhead is typical in cellular phone systems, and is necessary—not so much because of external interference of buildings and other structures, but because of internal interference due to crosstalk between channels and across cell boundaries.
GSM is a secure system that uses key-based encryption for authentication and, optionally, for data transfer. The diagram shows the process that occurs when a mobile user wants to place a call. When the user dials a number, the mobile unit connects with the base station requesting authorization. The base station generates a random number and transmits it to the mobile unit, which then combines the random number with the owner’s secret key stored in the phone’s standard Subscriber Identity Module (SIM) card by using a ciphering algorithm called A3. The result of this process is transmitted to the base station. Meanwhile, the base station, which has the private keys for all its subscribers stored in a database, follows the same steps, using the A3 algorithm to combine the generated random number with the caller’s private key. The result is compared with the result transmitted by the user. If the two results agree, the user is logged on to the system.
Graphic G-5.The authentication process for GSM.
GSM Phase 1 supports call forwarding, global roaming, call barring, and other features. GSM Phase 2 adds additional features such as the following:
Short message service for sending and receiving short text messages using phones
Call holding, call waiting, and caller ID
Multiparty calling supporting up to five parties per call
Mobile fax and data services
GSM Phase 2+ (just being implemented at the time of this writing) includes support for data transmission at 64 Kbps and higher, packet radio, virtual private networks, enhancements to the SIM card, higher spectral efficiency, integration with satellite links, and even GSM services in the local loop.
NOTE
GSM has a counterpart service called Digital Communication Service (DCS) that works in essentially the same way as GSM, except at a higher 1.8-GHz frequency band. DCS provides a total of 2992 channels for voice communication. One advantage DCS has over GSM is that it uses much lower power levels for mobile units, ranging from 0.25 to 1.0 watts transmission power.
The SIM card is a small device about the size of a stamp that is issued when a user subscribes to the GSM service. It contains the user’s phone number, private key, billing information, and other information. When users visit a locale at which the GSM system is different, they can simply remove the SIM card from their phone and install it in a rented phone that can function in that locale.
Encryption of messages is similar to the encrypted authentication process, except that each transmitted frame is encrypted using a different random number. This makes encrypted GSM messages extremely difficult to crack, so much so that some countries prohibit GSM providers from encrypting user messages!
See also Advanced Mobile Phone Service (AMPS), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA)
global user account
A type of user account in Microsoft Windows NT that has a domain-wide scope. (These accounts are called domain user accounts in Windows 2000.) In Windows NT, global user accounts are created using User Manager for Domains and are stored in the directory database on Windows NT domain controllers. In Windows 2000, domain user accounts are managed through the Active Directory Users and Computers snap-in. Global accounts allow users to take full advantage of the Windows NT Directory Services (NTDS). Users who have global accounts can access resources anywhere in the domain, provided they have appropriate permissions for those resources.
NOTE
User Manager for Domains creates global accounts by default. The other type of user account in Windows, the local user account, exists only within the directory database of the machine on which it is created. Use only global accounts for users when implementing Windows NT domains as your security model.
See also local user account
Gopher
An Internet protocol used for distributed storage of documents.
How It Works
Gopher is similar to another Internet protocol, File Transfer Protocol (FTP), because it remotely accesses files over a TCP/IP internetwork such as the Internet. But while an FTP site exists on only one server and there can be many different FTP sites, there is really only one distributed Gopher file system. The Gopher file system is a single collection of all Gopher servers in the world (although private Gopher subnetworks also exist).
Graphic G-6.Gopher.
Each Gopher server can act as the root of the hierarchical distributed file system. To access a file or document, a person using a Gopher client (a standard Web browser such as Microsoft Internet Explorer will do) types the Uniform Resource Locator (URL) of an accessible Gopher server. For example, gopher://gopher.tc.umn.edu takes the user to a Gopher server for the University of Minnesota (where Gopher originated). The Gopher file system is presented as a series of folders, each of which can contain
More folders
Individual documents
Links to other Gopher servers (displayed as folders)
Users then work their way down the “gopher hole” (to use the metaphor) until they locate the document they want, and then they display or download it. They can also use a search tool developed at the University of Nevada called Veronica (Very Easy Rodent-Oriented Netwide Index to Computerized Archives) to perform keyword searches to locate documents on the worldwide Gopher network.
NOTE
Gopher was popular in the late 1980s as a mechanism for storing and disseminating information, especially for libraries and universities, but it has fallen out of favor because of the rising popularity of the World Wide Web (WWW). Not many Gopher servers still work, and most of them are not regularly updated with new information.
GPRS
See General Packet Radio Service (GPRS)
grep
Stands for global regular expression print, a command in the UNIX operating system. Grep lets you search a file or multiple files for a specific pattern or string of characters and, if desired, replace it with a different string. The output of grep is a display of each line of the file that contains the desired character string. You can use wildcards and other meta-characters to perform complex search and replace operations with grep. Grep is useful for searching for specific entries in text files such as log files, UNIX system error logs, or C program code files.
Example
Typing grep 'a[b-f]' log.txt searches the text file called log.txt for any lines that contain the character a immediately followed by b , c , d , e , or f.
NOTE
Shareware versions of the grep utility are available from third-party vendors for Microsoft Windows platforms. Grep can also be combined with other UNIX commands in scripts that can perform more complex search functions. For example, you can pipe the output of a verbose command into grep to display a more selective form of output.
ground loop
A condition created when two or more parts of a network are grounded at separate points, causing a voltage difference between connected networking components. These voltage differences typically occur because of nonuniformities in the electrical characteristics of the grounding at different locations.
How It Works
For example, consider two computers that are located some distance apart and are connected by coaxial cabling. Each device is also connected to the earth by the ground wire of its AC power cable, but the two devices are plugged into different power outlets. These power outlets are connected to different parts of your building’s electrical distribution system, and these different parts are under different loads (have different currents being drawn from them by different configurations of devices). Thus they provide slightly different voltages. You might also find slight differences in the ground potential at the two locations. These voltage differences can cause currents to be induced through the shielding of the network cabling, and these currents can be large because of the cable’s low resistance. Large pulses of current can occur when other devices on the power circuits are switched on or off abruptly. This situation can be potentially damaging to sensitive networking components and might cause them to reset or lock up.
Ground loops can be prevented by
Using nonconducting fiber-optic cabling instead of copper cabling, especially for longer cable runs
Utilizing opto isolators or isolation transformers to break electrical connections between networking components
TIP
Ground loops are especially problematic with serial connections such as RS-232 because cables using this interface have a second signal ground path between the devices. Ground loops can also be a problem with shielded cabling such as shielded twisted-pair (STP) cabling or coaxial cabling. These loops will occur if the cable’s shielding is grounded by a direct connection to the chassis of the devices, because this provides a second ground path between the devices in addition to that produced by the ground portion of the AC power connection. The resulting current loops can build up until they are potentially damaging to the connected equipment. To prevent such damage, the shielding in a shielded cable should be grounded only at one end of its connection. Finally, when grounding a metal rack or cabinet that houses networking equipment, you should ground it using the same AC power cable ground connection that you used for the equipment itself. Note that ground loops are not a significant problem with unshielded twisted-pair (UTP) cabling because the wiring is transformer-isolated in the hub and network interface card (NIC) connections.
group
A collection of user accounts. Groups simplify the task of network administration by allowing administrators to group similar user accounts together in order to grant them the same rights and permissions.
The scope of a group is the portion of the network where the group can be granted rights and permissions. For example, a group whose scope is global can be granted permissions to resources in its own domain and to resources in trusting domains. On the other hand, a group whose scope is local can be granted permissions to resources only on the machine where it was created.
On Microsoft Windows NT–based networks, groups are created using User Manager for Domains. Windows NT groups have two levels of scope:
Global groups: A global group can be granted permissions to resources in its own domain and to resources in trusting domains. A global group can contain user accounts only from its own domain. Global groups are created on Windows NT domain controllers and exist in the domain directory database.
Local groups: A local group created with Windows NT Workstation can be granted permissions only to resources on the machine where it was created. A local group created with Windows NT Server (on a domain controller) can be granted permissions only to resources on the domain controllers of its own domain. A local group can contain user accounts and global groups both from its own domain and from trusted domains. Network administrators of enterprise-level Windows NT networks can use a resource-access strategy called AGLP (Accounts are organized by placing them in Global groups, which are then placed in Local groups that have appropriate Permissions and rights assigned to them) to plan and implement local groups in their network.
The situation in Windows 2000 is a little different. First, you create Windows 2000 groups using Active Directory Users and Computers. Groups are stored as group objects within Active Directory. Also, there are two types of groups in Windows 2000–based networks:
Security groups: Can contain members and can be granted permissions in order to control user access to network resources. Windows 2000 security groups are similar in function to the Windows NT groups just described. However, in Windows 2000, these groups have three different levels of scope, rather than two. Also, security groups in Windows 2000 can contain users, other groups, and even computers.
Distribution groups: Used for nonsecurity functions such as grouping users together to send e-mail. Unlike security groups, these groups cannot be used to control user access to network resources.
These two types of groups are stored in Active Directory. There are three levels of scope for security groups in Windows 2000–based networks:
Universal groups: Can contain members from any domain and can be granted permissions to resources in any domain in the current domain forest. Universal groups can contain user accounts, global groups, and universal groups from any domain in the current forest. Note that you can create universal groups only when the domain is in native mode, and not in mixed mode.
Global groups: Can contain members only from their own domain, but can be granted permissions to resources in any trusting domain. When the domain is in native mode, global groups can contain user accounts and global groups from the same domain. When the domain is in mixed mode, these groups can contain only user accounts.
Domain local groups: Can contain members from any domain, but can be granted permissions only to resources in their own domain. However, unlike the local groups of Windows NT, a domain local group can be granted permissions to resources on all servers (both the domain controllers and member servers) in its domain. When the domain is in mixed mode, domain local groups can contain user accounts and global groups from any domain in the forest. When the domain is in native mode, they can also contain domain local groups from their own domain and universal groups from any domain in the forest.
NOTE
Users can belong to multiple groups at the same time. A group does not actually contain its member user accounts; it is merely a list of user accounts. Nesting of groups (adding groups to other groups) is allowed, with certain restrictions. For example, in Windows NT a local group can contain global groups (but not other local groups) as members, while a global group can contain only users as members, not other global or local groups.
Graphic G-7.Nesting of groups in Windows NT and in Windows 2000.
With Windows 2000, the nesting of groups is more complicated, as shown in the diagram. Furthermore, you can nest groups inside groups to any level, although nesting to one level is the recommended practice for effective administration.
Note that on Windows 2000–based networks, universal groups are available only when your domain controllers are running in native mode, not when they are running in mixed mode. Also, repeated nesting of groups is allowed only in native mode.
On member servers and computers running Windows 2000 Professional, you can also create a fourth type of group called a local group, one that exists only within the local security database of the machine on which it is created. Local groups in Windows 2000 are similar to local groups in Windows NT. They can contain user accounts that are local to the machine, and user accounts and global groups from their own domain. A local group can be granted permissions only to resources on the machine where it was created. You use Local Users and Groups, a snap-in for Microsoft Management Console (MMC), to create local groups on a machine.
TIP
On high-speed Windows 2000 networks, using only universal groups simplifies network administration. But if you have slower WAN links within your enterprise, using global and domain local groups can reduce the size of the global catalog at each site and significantly reduce the wide area network (WAN) traffic required to keep the global catalog current. Using global and domain local groups further reduces WAN traffic by reducing the size of users’ security tokens.
If your Windows 2000 network has only a single domain, use global groups and domain local groups for granting permissions to network resources. Create global groups according to function, add users to the global groups, create domain local groups according to groups of common resources, assign permissions to the domain local groups, and finally, place the global groups in the appropriate domain local groups. If you have a domain tree, use global and universal groups instead in a similar administrative approach.
In Windows 2000, you can change the scope of a group if desired. For example,
Global groups that are not members of other global groups can be converted to universal groups.
Domain local groups that do not contain other domain local groups can be converted to universal groups. Do this if you want to enable users in other domains to access resources that have been made accessible to the domain local group under consideration.
group account
See group
group policy
A group of settings that are applied to a subset of Active Directory objects in Microsoft Windows 2000. Group policies are created and assigned using Group Policy, a snap-in for the Microsoft Management Console (MMC). Group policies are typically used to simultaneously configure the desktop working environments of a group of users, but they have many other uses as well. Group policies can be used to
Manage applications—for example, by configuring policies to allow users to install applications published in Active Directory, or to automatically install or upgrade applications on their machines
Redirect folders from the Documents and Settings folder on a user’s local machine to a share on the network
Assign scripts for startup, shutdown, logon, and logoff events
Manage security—for example, to control users’ access to files and folders, control user logon rights, and configure account lockout restrictions
Manage software—for example, to configure user profiles such as desktop settings, Start menu, and other common settings
Group policies can be assigned to domains, sites, or organizational units (OUs). To create and configure a group policy, use Group Policy to create a new Group Policy object (GPO). Group policies are applied to users when they log on and to computers when they boot up. If two policies apply to a user or computer, and they do not conflict, they are applied in a cumulative fashion. Users are subject to group policies that apply to them as users and to group policies that apply to the computer at which they are working.
NOTE
Every Windows 2000 domain has a default group policy that applies to all users and computers in the domain. Computers that are moved to a different domain lose the GPO of their original domain and have the GPO of their new domain applied to them. The default GPO for a domain is the only GPO on which you can configure password restrictions, lockout restrictions, Kerberos, the Encrypting File System (EFS), and Internet Protocol (IP) security settings.
NOTE
Group policies set for machines running Windows 2000 do not apply to downlevel Windows NT, Windows 95, or Windows 98 clients.
TIP
A typical use for group policies is to enforce a written company policy across all users in a specific site or domain.
Group Policy
An administrative tool in Microsoft Windows 2000 that is used for configuring group policies; that is, user and computer settings for groups of users and computers. Group Policy is the successor to the Windows NT administrative tool called System Policy Editor.
How It Works
System Policy Editor for Windows NT stores system policy information in an ntconfig.pol file that modifies a portion of the Windows NT registry. Group Policy stores its settings in an Active Directory object called a Group Policy object (GPO) that contains the collection of settings for a group of users or computers created using Group Policy. A GPO is normally associated with a selected site, domain, or organizational unit (OU) object in Active Directory. Group policy information is also stored in a folder structure called the Group Policy Template on the SYSVOL volume on domain controllers. Group policies can also be configured for computers that are not domain members. Group Policy can be used to specify the following:
Scripts that should be run at startup, shutdown, logon, or logoff
Files to be placed on users’ computers
Software registry settings to customize users’ desktops, configure applications, and control services (similar to System Policy Editor)
Audit policies for auditing account logons, account management, directory service access, object access, and other functions
In addition, by using the Security Settings extension, you can configure users’ security settings, and by using the Software Installation extension, you can publish, update, or repair applications on user’s computers.
To configure a group policy for a specific site in Active Directory, open the administrative tool called Active Directory Sites and Services, select the specific site you want to configure, click the Action button on the toolbar, choose Properties from the drop-down menu, and select the Group Policy tab. Alternatively, you can install the Group Policy snap-in in a new Microsoft Management Console (MMC) (see screen capture).
NOTE
To configure a group policy for a directory object in Active Directory, you need access to a domain controller, read and write permissions on SYSVOL, and modify permissions on the selected directory object.
Group Policy for Windows 2000 cannot be used to configure group policies for downlevel Windows NT, Windows 95, or Windows 98 clients. Use System Policy Editor instead.
Graphic G-8.Group Policy.
GSM
See Global System for Mobile Communications (GSM)
GSNW
See Gateway Service for NetWare (GSNW)
Guest account
In Microsoft Windows NT, a built-in account with a null password created during installation. The Guest user account is a member of the Domain Guests global group on the domain controller or member server on which it is defined.
The Guest account is intended for occasional users who need temporary access to resources on the network. It is disabled by default and can be enabled using User Manager for Domains. The Guest account is also created by default on machines running Windows 2000 during installation.
NOTE
On a Windows NT domain controller, the Guest account is a global user account; a member server or Windows NT workstation has a separate Guest local user account. To control guest access to your network, you can assign these Guest accounts one, both, or neither of the following rights:
Access this computer from the network.
Log on locally.
TIP
Do not enable the Guest account unless you are sure you will need it; unless you are sure that all your shared resources have correct permissions assigned to them, enabling the Guest account could pose a security risk.
See also Guests group
Guests group
A Microsoft Windows NT built-in group existing on all Windows NT–based servers and workstations. The Guests group is a local group whose initial membership is the built-in Guest user account. If a member server or workstation joins a domain, the global group called Domain Guests is added to the local Guests group.
The Guests group has no preassigned rights or permissions on Windows NT domain controllers and has a single right, Log On Locally, on the Windows NT member server or workstation on which it exists. You can assign any network resource permissions to this group in order to grant temporary or guest users the access they require.
NOTE
Members of the Guests group do not have the right to make permanent changes to their desktop settings. The Guests group is also a built-in local group on machines running Windows 2000 that are not part of a domain.
