A Transmission Control Protocol (TCP) algorithm for controlling traffic congestion on a network.
Overview
Nagle's algorithm increases the efficiency of routers by reducing the latency of the routing process. This is accomplished by limiting the transmission of small Internet Protocol (IP) datagrams and by controlling the size of the TCP sending window. Nagle's algorithm is crucial in enabling IP networks to efficiently support applications such as Telnet that communicate using large numbers of small datagrams.
Nagle's algorithm is defined in RFC 896 and is implemented in common TCP/IP protocol stacks, including that of Microsoft Windows operating systems. Proposals have been put forth for improving the algorithm because it does not produce optimal results with certain kinds of TCP/IP interactions, such as those based on Hypertext Transfer Protocol (HTTP) version 1.1.
Implementation
To understand how the algorithm works, consider a Telnet client communicating with a Telnet server. When a user types a single character into the Telnet client window, TCP normally packages the character and sends it to the server as a very small IP packet. It would be highly inefficient if every character typed into a Telnet window were sent as such a packet, as this would flood the network with small packets. Using Nagle's algorithm, however, what actually happens is that when the user types the next character, one of two things occurs:
If an acknowledgment has already been received for the first packet sent, TCP packages the second character into a second small packet and sends it immediately to prevent delay.
If an acknowledgment has not been received for the first packet, TCP buffers the second character, then the third, and so on, until the acknowledgment is received or the buffer has reached a certain size, triggering TCP to package the buffered characters and send them. This process of buffering the TCP send buffer is sometimes called "nagling."
The other part of Nagle's algorithm addresses the problem of a network system getting bogged down when a large datagram is sent over and over again because it takes too long to fill a sending window (the receiving buffer) with the data from the datagram. According to the algorithm, when a client receives a message that datagrams are being dropped because of congestion at a particular host, the client responds by temporarily acting as if the host's window size has been reduced. This "throttles back" the amount of information sent to the host and enables the host to catch up.
See Also Hypertext Transfer Protocol (HTTP) ,Internet Protocol (IP) ,Telnet ,Transmission Control Protocol (TCP)
A legacy interprocess communication (IPC) mechanism.
Overview
Named pipes are a client/server communication mechanism that provides reliable, connection-oriented, two- way communication between processes running on different computers. A named pipe is essentially a portion of memory reserved for one process to pass information to another.
Developed originally for Microsoft OS/2 LAN Manager and maintained as a feature in later versions of Microsoft Windows for backward compatibility, named pipes provide guaranteed delivery of data between computers for distributed applications in a client/server environment. They provide a reliable, one-to-one, bidirectional, connection-oriented form of communication between a client process running on one machine and a server process (service) running on a different machine. Named pipes are implemented as file system drivers and therefore are opened by requests made from the redirector. They take full advantage of the features of file system drivers, such as security and validation.
Examples of situations where named pipes are still used include
WinLogon process of Windows NT Server
Client/server applications designed on older versions of Microsoft SQL Server
Windows 98 and Windows Millennium Edition (Me), which support client-side named pipes but not server-side named pipes
Notes
Named pipes consume more server-side memory than other IPC mechanisms (such as Windows Sockets) and generate a bit more network traffic.
See Also interprocess communication (IPC)
Resolving a fully qualified domain name (FQDN) into its associated Internet Protocol (IP) address.
Overview
In the Domain Name System (DNS), name resolution is the process of a resolver (DNS client) sending a request to a name server (DNS server). The resolver sends the name server the host name of an IP host on the network, and the name server returns the host's IP address. The name server is thus said to "resolve" the name of the host into its associated IP address.
The query sent by the resolver to the name server is most often a recursive query, which returns either the expected IP address or an error. This type of query makes it possible for a name server to forward the request on to other name servers if it cannot resolve the name and then return the result of that request to the resolver. If the queried name server is configured to forward requests, it can perform an iterative query, querying several name servers in succession until it resolves the name or runs out of name servers to query.
See Also Domain Name System (DNS) , fully qualified domain name (FQDN) ,host name resolution ,
The process of resolving the name of a host on a network into its associated network address.
Overview
Name resolution plays an important part of network communication because the logical names of hosts on the network must be resolved into their network addresses before actual communication can take place between them.
Transmission Control Protocol/Internet Protocol (TCP/IP) networks running Microsoft Windows operating systems support two basic name resolution methods:
NetBIOS name resolution: Used to resolve NetBIOS names into IP addresses. Performed by using broadcasts or by querying a Windows Internet Name Service (WINS) server. NetBIOS name resolution was used in Microsoft Windows NT and is supported by Windows 2000, Windows XP, and Windows .NET Server for backward compatibility purposes only.
Host name resolution: Used to resolve fully qualified domain names (FQDNs) in the Domain Name System (DNS) into IP addresses. Performed either by using a local Hosts file on the machine or by querying a name server.
Notes
Once the name of a host has been resolved into its associated IP address, a TCP/IP protocol called Address Resolution Protocol (ARP) is then used on Ethernet networks to resolve the host's IP address into its associated physical layer address (MAC address). Once ARP has completed this task, frames can then be placed on the wire with the destination MAC addresses embedded in their frame headers.
See Also Address Resolution Protocol (ARP) , Domain Name System (DNS) ,Ethernet ,frame ,fully qualified domain name (FQDN) ,host name resolution ,hosts file ,MAC address , Transmission Control Protocol/Internet Protocol (TCP/IP), Windows Internet Name Service (WINS)
A host used to resolve fully qualified domain names (FQDNs) into their associated Internet Protocol (IP) addresses.
Overview
Name servers are hosts on the Internet (or on large IP internetworks) that can be used to resolve host names into IP addresses, a process known as a name lookup. Name servers are an essential part of the Domain Name System (DNS). Because of name servers, when you want to access or reference a host on a TCP/IP network, you can use its friendly DNS name instead of its IP address, which is generally harder to remember.
The distributed system of name servers positioned at various locations around the Internet makes it possible to share the load of name resolution among many such servers instead of relying on a single server. Just imagine if one machine had to track the name of every host on the Internet-not only would its hardware requirements be astronomical, but it also would represent a single point of failure for the entire Internet economy!
Implementation
DNS operates as a client/server-based system, with name servers forming the server part and resolvers forming the client part. Each name server has authority over a portion of DNS namespace known as a zone, which means that the name server can resolve name lookups for hosts located within that zone. A resolver sends a name lookup request to a name server by passing it the DNS name of a host on the network. The name server performs name resolution by determining the IP address that corresponds to the requested host's name. Name servers can also refer such queries to other name servers if they cannot answer them themselves, so a typical name lookup from a resolver might involve obtaining responses from several name servers in sequence.
Each zone has one name server called the master name server that is authoritative over hosts located in the zone. In addition, name servers can be classified on the basis of how they store zone information:
Primary name servers: These name servers keep a local file of the information relating to their zone. This local file or DNS database contains resource records, which are mappings of host names to IP addresses for hosts in that zone. A DNS administrator must generally create and maintain the DNS database manually on a primary name server, although with Dynamic DNS (DDNS) hosts can automatically register this information with name servers. Microsoft Windows 2000 and Windows .NET Server support DDNS.
Secondary name servers: These name servers obtain their database of resource records from a master name server, which can be either a primary name server or another secondary name server. The process by which the DNS database is transferred from a master name server to a secondary name server is known as zone transfer. Secondary name servers are provided mainly for fault tolerance and load balancing.
See Also Domain Name System (DNS) ,dynamic DNS (DDNS) ,fault tolerance ,load balancing ,master name server ,primary name server ,resolver ,secondary name server ,zone ,zone transfer
An abstract space of names of nodes on a network.
Overview
The term namespace can be thought of as "the space of all names" for the particular type of network naming system under consideration. A simple example is Internet Protocol (IP) address space, the space of all possible IP addresses. This space is divided into class A, class B, and so on, which represent disjoint subgroups of the IP address space. Generally, every node on a Transmission Control Protocol/Internet Protocol (TCP/IP) network, internetwork, or the Internet must occupy a unique point in IP address space-that is, it must have a unique IP address. This ensures that a packet addressed to a particular node (such as a computer, network printer, or router interface) can be directed to the node using its IP address as the destination address. If two nodes on a network were to have the same IP address number, a packet intended for one might end up at the other. One exception to this is multicasting, in which a packet is sent to a group of hosts simultaneously and ignored by all other hosts. Another exception is when you have a private network connected to the Internet through a firewall that uses network address translation (NAT) to hide the addresses of hosts on the private network from hosts on the Internet. In this case, if no direct communication is expected between nodes in the two networks (except through the firewall), nodes in the private network can be assigned arbitrary IP addresses, such as 10.x.y.z , and two or more private networks can use the same addressing scheme without fear of confusion or lost packets.
Examples
Some other common examples of namespaces include the Domain Name System (DNS) namespace used on the Internet, the NetBIOS namespace used in legacy Microsoft Windows NT networks, and the LDAP namespace used by Active Directory. Unlike the space of IP addresses described above which is essentially flat, DNS namespace is hierarchical in nature and highly scalable. It also has the advantage of being a logical naming scheme that is easily remembered, in contrast to a physical naming scheme such as an IP address, which is hard to memorize and which is bound to the particular network structure being used. The root of the DNS namespace branches out to a relatively small number of top-level domains such as .com, .org, and .edu. Organizations, companies, and individuals can register a domain name in one of these domains and then subdivide their branch of the DNS namespace as they desire. For example, a company named Northwind Traders might register the domain name northwindtraders.com and then create three new subdomains under it named sales.northwindtraders.com, support.northwindtraders.com, and hq.northwindtraders. com. Specific servers and router interfaces exposed to the Internet might then be given specific DNS addresses to uniquely identify them in the DNS namespace. An address in the DNS namespace, called a fully qualified domain name (FQDN), maps to a unique node on the Internet. An example might be widgets.support. northwindtraders.com, which might map to the address 10.15.6.133. Names of domains, subdomains, and individual hosts are maintained on name servers located at various points across the Internet or within large private internetworks. If you want to locate a particular node in the DNS namespace, you query a name server. The process of locating a particular DNS node and resolving its FQDN into its associated IP address is called host name resolution.
The NetBIOS namespace used in Windows NT- based networks (and supported by Windows 2000 and Windows XP for backward compatibility) is simply the space of all NetBIOS names (computer names) of Microsoft Windows machines on the network. Unlike the hierarchical tree structure of the DNS namespace, the NetBIOS namespace is flat and is managed using the Windows Internet Name Service (WINS), which runs on WINS servers in the network. Because the NetBIOS namespace is flat, it is not as highly scalable as DNS. For example, say that you query a name server to resolve an FQDN such as widgets.support.northwindtraders.com into its associated IP address. The name server might first have to find another name server that is authoritative in the northwindtraders.com domain. Next, the name server must find a name server that is authoritative in the support. northwindtraders.com subdomain whose database contains a record for the widgets.support.northwindtraders. com host. Finally, the name server must resolve the information in the record into an IP address. The whole process might take only several referrals and a short inspection of a relatively small database of resource records because each name server on the Internet is authoritative over only a small portion of the DNS namespace. Once you locate the correct name server through a series of hierarchical queries, the final name lookup deals with only a small number of records. The NetBIOS namespace is different, however, because each WINS server maintains a database of records for all NetBIOS names on the network. So if you were to use WINS to manage a network the size of the Internet with its millions of hosts, each WINS server would have a flat-file database containing millions of records, which would need to be searched from top to bottom each time a query was issued against it.
An additional example of a namespace is the hierarchy of distinguished names (DNs) used to identify objects in a directory based on the Lightweight Directory Access Protocol (LDAP). The LDAP namespace is closely tied to the DNS namespace of the Internet, as the top-level LDAP containers are simply top-level domain names. The Active Directory directory service of Windows 2000 is based on LDAP and uses DNs to name objects stored within its directory.
Notes
Because of the flexibility and scalability of DNS and its association with the Internet, DNS is the primary naming system used by Windows 2000. Support for WINS is included only for backward compatibility with downlevel Windows NT stations and legacy Windows stations. Active Directory in Windows 2000 and Windows .NET Server uses DNS as the service for name resolution (for locating users, groups, computers, shared folders, printers, and other objects on the network). The namespace of Active Directory represents a bounded area within which the DNS name of the root of Active Directory is translated to all the objects within the directory. Within Active Directory, a domain tree represents a contiguous namespace of connected objects, but a domain forest is a disjointed namespace formed from two or more domain trees. Companies that have Windows 2000- or Windows .NET Server-based networks can use the same DNS namespace for both internal and external network connections, or they can use separate DNS names for the network from an internal or an external perspective.
See Also Active Directory , domain (DNS) ,Domain Name System (DNS) ,fully qualified domain name (FQDN) ,host name resolution ,IP address ,Lightweight Directory Access Protocol (LDAP) , Windows Internet Name Service (WINS)
A contiguous subtree or branch of Active Directory directory service namespace.
Overview
Naming contexts are used in Microsoft Windows 2000 and Windows .NET Server to partition the Active Directory namespace into sections, each with its own security boundary. Naming contexts are used during the process of directory replication to form the basic unit of the replication process. During multimaster replication of Active Directory, any naming context that has been updated is replicated to other domain controllers. For example, if the schema is modified on one domain controller, the schema naming context is replicated to all other domain controllers in Active Directory and also to the global catalog server. Only those portions of the naming context that have changed are actually replicated.
Active Directory always includes at least three naming contexts:
Configuration: Contains information about sites, services, partitions, and the Active Directory schema
Domain naming: Contains information relating to directory data for the domain in which the Active Directory domain controller resides
Schema: Contains the schema information that defines the classes, objects, and attributes used in Active Directory
See Also Active Directory , directory replication (Windows 2000 and Windows .NET Server) , schema
A rule for ensuring that users have their own unique username.
Overview
A simple and consistent naming convention for users on a network is an important part of network administration. Examples of naming conventions applied to the user Jeff Smith might include the following:
Jsmith: Here the first letter of the user's first name is concatenated with the user's full last name
Jeffs: Here the user's first name is concatenated with the first letter of the user's last name
Two users on a network might have the same first or last name, so your naming convention should include a rule to break ties. For example, if Jeff Smith is "jsmith," James Smith might be "jsmith2." You might also want to establish a rule for easily identifying temporary employees, such as "T-jsmith" or "jsmith(temp)."
Notes
On Microsoft Windows 2000-based networks, usernames of domain user accounts must be unique within the given organizational unit (OU) in which they are created in the Active Directory database. Usernames can be more than 20 characters long, but only the first 20 characters are used as logon credentials.
See Also Active Directory ,domain (DNS) ,organizational unit (OU) ,user account
Stands for Network Access Point, a point where Internet traffic is exchanged between Internet service providers (ISPs).
See Also Network Access Point (NAP)
Stands for network address port translation, a form of network address translation (NAT) in which both Internet Protocol (IP) addresses and port numbers are translated.
See Also network address translation (NAT)
Stands for network access server, the server at the Internet service provider (ISP) end of a dial-up connection.
See Also network access server (NAS)
Stands for network attached storage, a storage appliance that attaches directly to the network.
See Also network attached storage (NAS)
Stands for network address translation, a method of substituting one Internet Protocol (IP) address for another.
See Also network address translation (NAT)
A series of specifications for protecting commercial and residential buildings from electrical hazards.
Overview
The National Electric Code is published by the National Fire Protection Association (NFPA), an international organization that advocates standards for fire safety and related issues. The NEC is one of hundreds of standards documents produced by the NFPA. The NEC, which is NFPA standard number 70, deals with how to properly install and maintain electrical and electronic equipment in order to minimize fire hazards. In the area of computer networking, the NEC covers the proper installation and construction of copper cabling, fiber-optic cabling, and other network infrastructure. The NEC also covers issues relating to the powering of network devices, such as proper grounding.
The NEC is legally enforced in every state in the United States and in a number of other countries and regions. Most U.S. municipalities have adopted NEC recommendations in local building codes. Testing of electrical equipment for compliance with NEC standards is performed by Underwriters Laboratories (UL).
For More Information
Visit the NFPA at www.nfpa.org
See Also cabling ,infrastructure
A U.S. government organization that provides services and programs to help U.S. industries commercialize new technologies and compete internationally.
Overview
National Institute of Standards and Technology (NIST) certification identifies technologies as meeting federal government requirements. For example, in the area of relational database management systems (RDBMSs), NIST administers a test named Federal Information Processing Standard (FIPS) 127-2. FIPS 127-2 is based on the broader American National Standards Institute (ANSI) SQL92 standard, which ensures portability across heterogeneous RDBMSs by establishing a common set of structured query language (SQL) commands. There is no higher standard for SQL database languages than FIPS 127-2. Microsoft SQL Server 6.5 was the first RDBMS to pass the NIST version 5.1 validation tests for Entry Level FIPS 127-2, as it fully complied with both the ANSI SQL92 standard and the FIPS standards.
The following table shows some of the FIPS cryptography standards developed by NIST. One action of NIST that has had wide impact on the cryptography field is the contest recently hosted by NIST to find a successor to the Data Encryption Standard (DES), which has been shown to be no longer secure. NIST selected the Rijndael algorithm developed by Belgian cryptographers as the replacement for DES and as the basis of NIST's new Advanced Encryption Standard (AES).
Standard | Description |
FIPS 46-3 | Data Encryption Standard (DES) and Triple DES |
FIPS 81 | DES Modes of Operation |
FIPS 180-1 | Secure Hash Standard (SHS) |
FIPS 186-2 | Digital Signature Standard (DSS) |
For More Information
Visit NIST online at www.nist.gov.
See Also Advanced Encryption Standard (AES) ,cryptography ,Data Encryption Standard (DES) ,encryption ,Structured Query Language (SQL)
A mode for running Microsoft Windows 2000 and Windows .NET Server domain controllers.
Overview
Windows 2000 domain controllers operate in mixed mode by default. Mixed mode allows Windows 2000 and Windows NT to interoperate, which is essential during the migration of a Windows NT-based network to Windows 2000. If your migration is complete, however, or if you have a pure Windows 2000 network, then you should switch your domain controllers to native mode. Domain controllers running in native mode can only be used to authenticate users on a pure Windows 2000-based network.
Native mode gives you more options than mixed mode about types of groups. Specifically, you can use universal groups and you can nest groups to any degree. Running in mixed mode means that universal groups are not available, and you can nest global groups only in domain local groups and only to one level of nesting.
Windows 2000 domain controllers running in native mode are incompatible with Windows NT domain controllers, and if you want to use native mode, all domain controllers must be running Windows 2000 and must be configured to run in native mode, but member servers and client workstations can still run either Windows 2000 or Windows NT.
To change domain controllers from mixed mode to native mode, use the administrative tool Active Directory Domains and Trusts. Note that if you change a domain controller to native mode, you cannot change it back to mixed mode, so do not make the change until all your domain controllers are running Windows 2000.
Notes
Windows .NET Server domain controllers can operate in one of three available modes: Windows 2000 mixed, the default; Windows 2000 native; and Windows .NET. The first mode is used for the greatest degree of backward compatibility, at the cost of new functionality. The second mode provides some enhanced functionality but remains limited. Windows .NET mode does not allow for backward compatibility with former OS domain controllers, but it provides functionality that can be found only in this latest version of Active Directory. Domain functional levels can be raised from lower to higher, but once they are, the backward compatibility with domain controllers of a former OS is eliminated.
See Also domain controller , domain modes , universal group
Stands for NetBEUI Frame, an enhanced version of NetBIOS Extended User Interface (NetBEUI) supported by Microsoft Windows NT.
See Also NetBEUI Frame (NBF)
Stands for NetBIOS Name Server, a server responsible for maintaining a list of mappings between NetBIOS computer names and network addresses for a network that uses NetBIOS as its naming service.
See Also NetBIOS Name Server (NBNS)
A Transmission Control Protocol/Internet Protocol (TCP/IP) command that displays current connections and statistics using NetBIOS over TCP/IP (NBT).
Overview
Nbtstat can be run from the Microsoft Windows 2000 command prompt to view NBT statistics for the local computer and to display the status of TCP/IP connections on the computer. This is useful for troubleshooting certain NetBIOS name resolution problems.
You can also use Nbtstat to
Preload #PRE entries in the Lmhosts file into the NetBIOS name cache, which contains NetBIOS name to IP address mappings for other hosts on the network
View the NetBIOS name and NetBIOS scope ID of the machine
Examples
Some examples of using Nbtstat include
Nbtstat -n , which shows the NetBIOS names of the host that have been registered on the system
Nbtstat -c, which displays the current contents of the NetBIOS name cache
Nbtstat -a ComputerName , which displays the local NetBIOS name table on the computer named ComputerName and also its MAC address
See Also NetBIOS ,NetBIOS over TCP/IP (NetBT) Transmission Control Protocol/Internet Protocol (TCP/IP)
Stands for NetWare Core Protocol, a legacy NetWare protocol.
See Also NetWare Core Protocol (NCP)
Stands for Network Control Protocol, the portion of Point-to-Point Protocol (PPP) responsible for encapsulating network layer protocols.
See Also Network Control Protocol (NCP)
Stands for network driver interface specification, a specification for network driver architecture.
See Also network driver interface specification (NDIS)
Stands for Novell Directory Services, the directory services platform from Novell Networks.
See Also Novell Directory Services (NDS)
A measurement of the ability of network cabling to reject crosstalk.
Overview
Crosstalk is an undesirable condition in which the signals traveling through adjacent pairs of wire in twisted-pair cabling interfere with each other. Near-end crosstalk (NEXT) measures the ability of a cable to reject crosstalk between pairs of wire at the near end of the circuit. The pair causing the interference is called the "disturbing pair," and the pair experiencing the interference is the "disturbed pair." Channel NEXT is the NEXT value measured between one wire pair and another in the same cable; it is measured at both ends of the wire.
The NEXT value for a given cable type is typically expressed in decibels (dB) per 1000 feet and varies with the frequency of transmission. The higher the NEXT value, the greater the cable's ability to reject crosstalk at its local connection. For example, the specifications for Category 5 (Cat5) cabling include the minimum NEXT values shown in the following table. Note that the NEXT value generally decreases with increasing frequency, indicating increasing interference due to crosstalk at higher frequencies.
Near-end crosstalk (NEXT). Different types of NEXT.
Frequency | Minimum NEXT Value |
4 megahertz (MHz) | 53 dB/1000 feet |
10 MHz | 47 dB/1000 feet |
20 MHz | 42 dB/1000 feet |
1000 MHz | 32 dB/1000 feet |
Types
The various types of NEXT that can be measured are as follows:
Pair-to-Pair NEXT: NEXT between adjacent pairs of wire in a twisted-pair cable. A typical four-pair (eight-wire) unshielded twisted-pair (UTP) cable has six possible values for pair-to-pair NEXT, which are then averaged. This simple measurement is not adequate, however, because every pair of wire generates crosstalk with every other pair in the cable.
Power Sum NEXT (PS NEXT): A more rigorous way of rating a cable's crosstalk that measures the total amount of crosstalk between one wire pair and all its neighboring pairs in the same cable. PS NEXT is particularly important for cabling used in high- speed networks such as Gigabit Ethernet (GbE) and Asynchronous Transfer Mode (ATM) networks.
Far-End Crosstalk (FEXT): A measurement of how the far end of one wire pair affects the near end of another pair.
Notes
To minimize NEXT in installations of Cat5 cabling, do not expose more than 2 inches (6 centimeters) of wire pairs at the termination point of the cable (the patch panel, wall plate, or RJ-45 connector). Also, do not untwist the wire pairs more than 0.5 inches (1.27 centimeters).
See Also cabling
Stands for National Electric Code, a series of specifications for protecting commercial and residential buildings from electrical hazards.
See Also National Electric Code (NEC)
Stands for Microsoft .NET platform, Microsoft Corporation's new Extensible Markup Language (XML) Web services platform for building integrated service- oriented applications to meet the needs of today's Internet businesses.
See Also .NET platform
Stands for NetBIOS Extended User Interface, a networking protocol developed by IBM and Microsoft Corporation.
See Also NetBIOS Extended User Interface (NetBEUI)
An enhanced version of NetBIOS Extended User Interface (NetBEUI) supported by Microsoft Windows NT.
Overview
Some of the enhancements and special features of NetBEUI Frame (NBF) include
Support for network driver interface specification (NDIS) version 3 for full 32-bit asynchronous transport layer communication using the transport driver interface (TDI) layer as a NetBIOS emulator
Support for automatic memory tuning through dynamic memory allocation
Support for dial-up clients through the Remote Access Service (RAS)
An extension of NetBEUI's limit of 256 concurrent NetBIOS sessions to more than 1000 sessions
Notes
Although NetBEUI is essentially a nonroutable protocol, NBF supports Token Ring Source Routing on IBM Token Ring networks.
See Also NetBIOS ,NetBIOS Extended User Interface (NetBEUI)
A legacy protocol for network communications.
Overview
NetBIOS, which stands for Network Basic Input/ Output System (though no one calls it that anymore), is a specification originally created by Sytec for IBM in the early 1980s. NetBIOS was originally designed to enable personal computers to communicate with mainframes running Systems Network Architecture (SNA). It was later adopted by Microsoft Corporation for its LAN Manager platform to enable distributed applications to access network services running on different machines independent of the transport protocol used.
NetBIOS is defined in RFCs 1001, 1002, and 1088. The original NetBIOS specification could support a maximum of only 72 nodes, though this was later extended to thousands of hosts through various enhancements. The current version of the NetBIOS specification is NetBIOS 3.
Architecture
From an architectural viewpoint, NetBIOS defines two things:
An interprocess communication (IPC) mechanism and application programming interface (API) that allows applications that are NetBIOS-enabled to communicate remotely over a network and request services from lower levels of the protocol stack. This is the primary and original definition of NetBIOS.
A network protocol operating at the session and transport layers of the Open Systems Interconnection (OSI) reference model that supports functions such as session establishment and termination as well as name registration, renewal, and resolution.
Implementation
NetBIOS formed an essential part of the Microsoft Windows NT platform. Each Windows NT machine required a unique NetBIOS name in order to communicate on a network. These NetBIOS names consisted of 15 characters plus a 16th character that is reserved to identify various network services to the operating system. Also, depending on the underlying network protocol over which it is running, NetBIOS on Windows NT could take different forms. The following table lists some common network protocols and the form that NetBIOS takes over each protocol.
Network Protocol | Name When Combined with NetBIOS |
NetBEUI | NBF (NetBEUI Frame protocol) |
NWLink IPX/SPX- Compatible Transport | NWLink NetBIOS |
TCP/IP | NetBT (NetBIOS over TCP/IP) |
Issues
NetBIOS has been superseded in Windows 2000, Windows XP, and Windows .NET Server by the industry- standard Domain Name System (DNS), which is used for naming hosts and for name resolution (Windows NT also supported DNS but did not require it). Support for NetBIOS is still included, however, in Windows 2000, Windows XP, and Windows .NET Server to ensure backward compatibility with Windows NT, Windows 95, Windows 98, and Windows Millennium Edition (Me) computers. There are several instances where incompatibilities between the two naming systems can arise, however:
In Windows 2000, Windows XP, and Windows .NET Server, host names can be 64 characters long, but NetBIOS names can only be 15 characters long. If host names are longer than 15 characters, they are truncated, which can lead to collisions.
DNS names can use hyphens but not underscores to represent spaces, although NetBIOS names have traditionally used underscores for such purposes. Since the Windows 2000 and Windows .NET Server versions of DNS support Unicode characters, this is not really an issue unless support for downlevel name servers is required.
Another problem with leaving NetBIOS enabled on Windows 2000, Windows XP, and Windows .NET Server networks is that NetBIOS is not intrinsically secure. Using the Nbtstat command, for example, a user can easily find out the name, MAC address, services running, and other information about hosts on a network that supports NetBIOS. As a result, once a migration to Windows 2000 or later is complete, NetBIOS should be disabled if it is no longer required for communications with machines using earlier versions of Windows.
See Also application programming interface (API) , Domain Name System (DNS) ,interprocess communication (IPC) , Open Systems Interconnection (OSI) reference model, Windows Internet Name Service (WINS)
A networking protocol developed by IBM and Microsoft Corporation.
Overview
NetBIOS Extended User Interface (NetBEUI) is an extension of the NetBIOS specification that functions as a network protocol for workgroup-size local area networks (LANs) having up to 200 stations. This is because NetBEUI relies more heavily on broadcast packets than do protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP) and NWLink Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)-Compatible Transport protocols, which can support much larger networks. Because NetBEUI has a single-part naming scheme, it is also a nonroutable protocol and therefore generally unsuitable for wide area networks (WANs).
NetBEUI is a fast and efficient protocol with low overhead. NetBEUI is self-tuning and implements flow control and error detection. It also defines a framing mechanism at the transport layer and implements the Logical Link Control version 2 (LLC2) protocol of the Open Systems Interconnection (OSI) reference model.
NetBEUI supports two types of network communications:
Connection-oriented: Used, for example, when mapping drives using the Net Use command and starting services remotely using the Net Start command
Connectionless: Used, for example, when sending datagrams, registering NetBIOS names, and performing NetBIOS name resolution
Implementation
NetBEUI was developed in 1985 and was implemented as the main networking protocol for the Microsoft LAN Manager and Microsoft Windows for Workgroups operating system platforms. NetBEUI is supported by most Windows platforms for backward compatibility. The implementation of NetBEUI on Windows NT is properly known as NetBEUI Frame (NBF) protocol.
See Also NetBEUI Frame (NBF) ,NetBIOS ,NetBIOS name resolution Open Systems Interconnection (OSI) reference model, routing
A 16-byte name for a node on a network supporting the NetBIOS specification.
Overview
NetBIOS names are a friendly way of identifying computers on a network that supports the NetBIOS specification. This is because alphanumeric names are easier for users to remember than network numbers, such as dotted Internet Protocol (IP) addresses. In Microsoft Windows NT, for example, NetBIOS names are used to identify individual machines and also the various networking services running on each machine. Each service that is NetBIOS-enabled requires a unique NetBIOS name to identify it on the network in order for other computers to access those services on the machine.
The NetBIOS name (computer name) for a Windows NT machine is assigned to it during installation and can be up to 15 characters long. A 16th character is then suffixed to the computer name (or domain name or current user name) to identify the particular network service being referenced. For example, the 16th character identifying the Messenger service is 03h in hexadecimal form, so on a computer named SERVER12 the Messenger service would be uniquely identified on the network by NetBIOS as SERVER12[03h].
NetBIOS names are also distinguished by whether they are
A unique name, which applies to a single IP address
A group name, which applies to a subnet group of IP addresses
A multihomed name, which applies to a multicast group of IP addresses
The following table shows some of the more common suffixes that constitute the hidden 16th character of a NetBIOS name and the networking service with which they are associated.
Suffix (Hex) | First 15 Characters | Networking Service |
00 | Computer name | Workstation service |
00 | Domain name | Domain name |
03 | Computer name | Messenger service |
03 | User name | Messenger service |
06 | Computer name | RAS Server service |
20 | Computer name | File Server service |
21 | Computer name | RAS Client service |
1B | Domain name | Domain master browser |
1C | Domain name | Domain controllers |
1D | Domain name | Master browser |
1E | Domain name | Browser service election |
Notes
To view the NetBIOS names registered for your computer, use the Nbtstat command. NetBIOS names are also supported by Windows 2000, Windows XP, and Windows .NET Server, but only for interoperability with some Windows NT machines, as they use the Domain Name System (DNS) instead for naming hosts and name resolution on a network.
See Also Domain Name System (DNS) , Windows NT
Resolving a computer's NetBIOS name into its corresponding Internet Protocol (IP) address.
Overview
NetBIOS over TCP/IP (NetBT) enables hosts on a Microsoft Windows NT-based network to communicate with each other. This is accomplished by resolving the NetBIOS name of a target host into its associated IP address, a process called NetBIOS name resolution. Once the host's name has been resolved, address resolution protocol (ARP) is then used to further resolve the host's IP address into its corresponding physical layer address (MAC address). Then once the host's physical address is known, frames can be placed on the wire and directed to this address.
The following describes the main NetBIOS over TCP/IP (NetBT) naming functions in detail:
NetBIOS name discovery: NetBT hosts that want to communicate with similar hosts must issue a NetBIOS name query request to resolve the NetBIOS name of the target server into its IP address.
NetBIOS name registration: NetBT hosts must register their NetBIOS name when they are initialized on a network to ensure that no duplicate names are on the network. NetBIOS name registration can be done either by broadcasts or by directed packets sent to a WINS server. Either or both methods can be used in either order, depending on the NetBT node type of the host.
NetBIOS name release: NetBT hosts must release their NetBIOS names when they are shut down or when a particular NetBIOS-enabled service is stopped on the server. This enables another host to use the released name. NetBIOS name release can be done by broadcasts or by directed packets sent to a WINS server. Either or both methods can be used in either order, depending on the NetBT node type of the host.
Implementation
A number of different methods are used to perform NetBIOS name resolution. The following table shows the order in which these are attempted when the Windows NT machines on the network are configured as H-node machines (see the article called "NetBIOS over TCP/IP node types" elsewhere in this book). In a typical scenario where one Windows NT machine tries to establish communication with another, each name resolution method in the table is successively tried until either the target NetBIOS name is resolved into its associated IP address or the name resolution process fails. Note that some methods may not be available-for example, if there is no NetBIOS Name Server (NBNS) or DNS server on the network then these name resolution methods cannot be employed.
Method | Comments |
Check local NetBIOS name cache | The cache contains recently resolved NetBIOS names. |
Contact NBNS | This method works only if NBNS is configured. The name server is usually a Windows Internet Name Service (WINS) server on a Microsoft network. The requestor tries three times to contact the name server and then tries to contact a secondary WINS server three times (if configured with secondary servers). |
Perform local broadcast | The requestor broadcasts a NetBIOS name query request packet. The requestor tries three times before giving an error. |
Check local Lmhosts file (Unique to Microsoft networks. If all methods fail, an error message states that the computer could not be found on the network.) | The requestor checks if an Lmhosts file exists. |
Check local Hosts file (Unique to Microsoft networks. If all methods fail, an error message states that the computer could not be found on the network.) | On Windows NT the requestor checks the Hosts file if Enable DNS For Windows Resolution is selected on the WINS Address tab of the Transmission Control Protocol/Internet Protocol (TCP/IP) property sheet. This option is not available for Windows 2000 and later versions. |
Contact DNS server (Unique to Microsoft networks. If all methods fail, an error message states that the computer could not be found on the network.) | The requestor contacts the DNS server if Enable DNS For Windows Resolution is selected on the WINS Address tab of the TCP/IP property sheet and the DNS tab has a DNS server specified on it. The requestor also tries 5, 10, 20, and 40 seconds later. |
Examples
An example of when NetBIOS name resolution is used is when you go to the command prompt of a Windows machine and type net use followed by the NetBIOS name of the remote host in order to map a drive to a network share, for example, net use x: \\server7\pub . In order for this command to be fulfilled, the NetBIOS name of the remote host must first be resolved into its IP address so that it can be contacted on the network, and this is done using NetBIOS name resolution.
Notes
Note that NetBIOS name resolution is not confined only to TCP/IP networks-on Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) networks, NetBIOS over IPX (NBIPX) resolves NetBIOS names to IPX addresses.
NetBIOS names are also supported by Windows 2000, Windows XP, and Windows .NET Server, but only for interoperability with some Windows NT machines. Windows 2000, Windows XP, and Windows .NET Server use the Domain Name System (DNS) instead for naming hosts and name resolution on a network. Note that a different series of steps is used to resolve host names on a network that uses the Domain Name System (DNS)-this process is usually called host name resolution.
See Also Domain Name System (DNS) , host name resolution ,MAC address ,
A server responsible for maintaining a list of mappings between NetBIOS computer names and network addresses for a network that uses NetBIOS as its naming service.
Overview
On networks that support NetBIOS (such as Microsoft Windows NT-based networks), NetBIOS name servers (NBNSs) are employed to register NetBIOS names and perform NetBIOS name resolution. Normally, when computers boot up on such a network, they register themselves with the NBNS by providing it with their computer names and network addresses. Then, when one computer needs to communicate with another, the first computer queries the NBNS for the network address of the remote computer.
NBNSs operate in a NetBIOS over TCP/IP (NetBT) mode called p-node, which is defined in RFCs 1001 and 1002. On a Windows NT-based network, you can configure a Windows NT server to assume the role of an NBNS by installing and configuring the Windows Internet Naming Service (WINS) on the machine. WINS servers can also be used on Windows 2000-based networks, but only for communication with some Windows NT computers-the main naming scheme for Windows 2000 networks is the Domain Name System (DNS).
Notes
On networks too small to justify using an NBNS, NetBIOS names can also be resolved by using broadcasts, but this wastes more network bandwidth than using a dedicated NBNS. On such small networks, using Lmhosts files may be preferable to deploying an NBNS.
See Also Domain Name System (DNS) , Windows Internet Name Service (WINS)
NetBIOS session-layer protocol running over Transmission Control Protocol/Internet Protocol (TCP/IP).
Overview
NetBIOS over TCP/IP (NetBT) provides NetBIOS session management and naming functions such as NetBIOS name discovery, resolution, renewal, and release. In order to utilize NetBT effectively, a NetBIOS name server (NBNS) is required to centrally manage name processes, such as NetBIOS name registration. Using the Windows Internet Naming Service (WINS), a Windows NT server can fill the role of such an NBNS and facilitate network communications on a routed TCP/IP internetwork. WINS servers are essential on such internetworks to enable the NetBIOS client/server interface to function since broadcast-based name registrations are not normally forwarded by routers to remote subnets.
Notes
In Windows NT, the Server, Workstation, NetLogon, Browser, and Messenger services interact with NetBT using the Transport Driver Interface (TDI).
See Also NetBIOS ,NetBIOS name ,NetBIOS name resolution ,NetBIOS Name Server (NBNS) Windows Internet Name Service (WINS)
Different ways of configuring NetBIOS-enabled nodes to perform naming functions.
Overview
The NetBIOS node type of a computer supporting NetBIOS (such as a Microsoft Windows NT machine) determines exactly how NetBIOS naming functions such as name discovery, registration, and release are implemented by that machine. In particular, such naming functions can be performed by broadcast, by a NetBIOS Name Server (NBNS), or by both methods attempted in either order. The NetBIOS node type thus specifies both which methods are used and the order in which they are used.
The common NetBIOS over TCP/IP node types are listed in the following table.
Node Type | Method (in the Order Applied) | Comments |
B-node (broadcast) | Broadcast only | Uses NetBIOS name queries for name registration and name resolution. Typically not forwarded by routers, so limited to local subnet. Can create excessive traffic in large networks. |
P-node (peer-to- peer) | NBNS only | Uses NBNS, which is a single point of failure for NetBIOS naming functions. |
M-node (mixed) | Broadcast NBNS | A combination of B-node and P-node. Uses broadcast by default. If unable to resolve, uses NBNS. |
H-node (hybrid) | NBNS Broadcast | A combination of P-node and B-node. Uses NBNS by default. Default node type for Microsoft clients if an NBNS is configured on the network. |
Microsoft enhanced B-node | NetBIOS name cache Broadcast Lmhosts file | An enhanced broadcast that utilizes the Lmhosts file. Default node type for Microsoft clients if no NBNS is configured on the network. |
See Also NetBIOS ,NetBIOS name ,NetBIOS name resolution ,NetBIOS Name Server (NBNS) Windows Internet Name Service (WINS)
A character string appended to a NetBIOS name of a host that identifies the host as belonging to a specific group.
Overview
On Microsoft Windows NT-based networks you can use NetBIOS scope IDs to segment the flat NetBIOS namespace into a series of smaller subspaces. Two hosts can then communicate only if they have the same NetBIOS scope ID and thus belong to the same subspace. The total length of a NetBIOS name plus scope ID cannot exceed 256 characters. Note that the topology of NetBIOS subspaces does not have to match the physical topology of the network or the logical topology of subnets on a Transmission Control Protocol/Internet Protocol (TCP/IP) internetwork.
Uses
You might configure NetBIOS scope IDs if you wanted to isolate a particular subset of computers on your network from the rest of the network and allow them to communicate only among themselves. To configure a NetBIOS scope ID on a computer running Windows NT, use the WINS Address tab of the TCP/IP property sheet. In Windows 2000, you must manually modify an entry in the registry to accomplish this.
Notes
Actually using NetBIOS scope IDs is not recommended. For example, if trust relationships are configured between several Windows NT domains, using NetBIOS scope IDs can break the effect of these trust relationships by preventing pass-through authentication between trusted domain controllers that have different scope IDs. Furthermore, in a single-domain environment, if the scope ID of a workstation is different from that of the domain controllers, users will not be able to log on to the network at that workstation.
See Also domain (DNS) ,
Stands for NetBIOS over TCP/IP, the NetBIOS session-layer protocol running over Transmission Control Protocol/Internet Protocol (TCP/IP).
See Also NetBIOS over TCP/IP (NetBT)
A family of commands that can be utilized at the Microsoft Windows command prompt for managing certain aspects of networking.
Overview
These commands are summarized in the following tables. For more information about a specific command (such as net accounts), type net accounts /? or net help accounts at the command prompt. For additional information on the Net commands for Windows NT, Windows 2000, Windows XP, and Windows .NET Server, refer to Windows Help.
Command | Description |
Net Accounts | Update the accounts database, modify account and password settings, or display account information |
Net Computer | Add or remove computers from the domain |
Net Config | Display or change the setting for the Server or Workstation service |
Net Continue | Restart a paused Windows service |
Net File | Display a list of open shared files and file locks; this command can be used to close a shared file and remove a file lock |
Net Group | Add, modify, delete, or display global group account information in the domain directory database |
Net Help | Obtain a list of net commands or get help for a specific net command |
Net Helpmsg | Obtain further information about Windows network messages |
Net Localgroup | Add, modify, delete, or display local group account information in the local or domain directory database |
Net Name | Add, delete, or display the names or aliases that the Messenger service recognizes as representing your computer |
Net Pause | Pause a Windows service to allow users to disconnect before stopping it |
Net Print | Display and manage jobs in a print queue |
Net Send | Send a message to a user or computer over the network |
Net Session | Display the list of currently connected sessions on the local computer |
Net Share | Create, delete, or display shared resources |
Net Start | Display a list of running services or start a specific stopped service |
Net Statistics | Display statistics about the Server and Workstation services |
Net Stop | Stop a specified Windows service that is currently running |
Net Time | Synchronize the computer's clock with that of another computer or domain or display the time for a computer or domain |
Net Use | Connect or disconnect to shared resources or display information about connections |
Net User | Add, modify, delete, or display user account information in the local or domain directory database |
Net View | Display a list of computers in the domain or display the shared resources available on a specific computer |
Command | Description |
Net Config | Display current computer settings |
Net Diag | Run the Microsoft Network Diagnostic program to display diagnostic information about a computer |
Net Help | Obtain a list of net commands or get help for a specific net command or error message |
Net Init | Load protocol and network-adapter drivers without binding them to Protocol Manager |
Net Logoff | Break connections to network resources |
Net Logon | Log on to a domain |
Net Password | Change logon password |
Net Print | Display and manage jobs in a print queue |
Net Start | Start services |
Net Stop | Stop services |
Net Time | Synchronize the computer's clock with that of another computer or workgroup or display the time for a computer or workgroup |
Net Use | Connect or disconnect to shared resources or display information about connections |
Net Ver | Display information about workgroup redirector |
Net View | Display a list of computers in the workgroup or display the shared resources available on a specific computer |
Notes
Some of these commands produce more than one screen of output at the command prompt. To prevent information from scrolling off the screen, pipe the output through More-for example, type net help accounts | more.
See Also command prompt
A set of servers that facilitate the deployment, implementation, and management of the Web services foundational to the Microsoft .NET platform.
Overview
The .NET Enterprise Servers include
Application Center 2000: Used for deploying and managing Web services and applications across the enterprise
BizTalk Server 2000: Uses Extensible Markup Language (XML) and Simple Object Access Protocol (SOAP) to enable the exchange of information between business partners
Commerce Server 2000: Facilitates the development of Web applications for e-commerce
Content Management Server 2001: Facilitates simplified management, rapid deployment, and personalization of Web content on intranets or extranets
Exchange Server 2000: Provides the underlying support for messaging and for building collaborative Web-based workflow applications
Host Integration Server 2000: Enables access to data stores on mainframe computing platforms
Internet Security and Acceleration Server 2000: Enhances enterprise security through firewall and Web caching services
Mobile Information Server 2001: Enables wireless access to enterprise data from mobile clients
SharePoint Portal Server: Provides the ability to create intranet portals which facilitate the sharing of information stored in a variety of formats across the enterprise
SQL Server 2000: Standard platform for relational data storage that supports XML-based access to data
For More Information
Find out more about Microsoft's .NET Enterprise Servers at www.microsoft.com/servers.
See Also Application Center , BizTalk Server 2000 ,Commerce Server 2000 ,Exchange Server ,Host Integration Server ,Internet Security and Acceleration Server (ISA Server) ,Mobile Information Server , SQL Server
A term representing a user's interaction with Web services based upon the Microsoft .NET platform.
Overview
The term experience is often used in modern-day programming parlance to describe the interaction between the user and the user interface for an application. A .NET experience is similar to user interaction with traditional client/server applications, but with several enhancements. Specifically, .NET experiences are
Location-independent: .NET experiences can be accessed both offline (for example, at home from a PC) or online (for example, from a cell phone or wireless Personal Digital Assistant [PDA]).
Personalized: .NET experiences store user profile information that simplifies user interaction regardless of the device being used or services being accessed.
Targeted: A single .NET experience can manifest itself differently to the user depending on whether the user is employing a PC, cell phone, Pocket PC, Tablet PC, game console, or some other smart device.
See Also .NET platform
A developer environment for building, deploying, and running Web services and applications. The .NET Framework is a key piece of Microsoft's .NET platform.
Overview
The .NET Framework comprises three pieces:
Common Language Runtime (CLR): Supports the execution of code written in any programming language (the .NET Framework is language- neutral).
Framework Classes: Self-contained classes that do not require separate type libraries.
ASP.NET and ADO.NET: The .NET versions of ASP+ and ADO+. ASP.NET provides programming models for building Web Forms and Web Services. ADO.NET provides classes for accessing Extensible Markup Language (XML) documents in relational data stores.
The .NET Framework is designed to run on a variety of platforms, including Microsoft Windows 95, Windows 98, Windows NT 4, Windows Millennium Edition (Me), Windows 2000, Windows XP, and Windows .NET Server. There is also a version called the .NET Compact Framework that is designed to run on Windows CE, and embedded Windows to support key .NET functionality on cell phones, Personal Digital Assistants (PDAs), Tablet PCs, and other smart devices.
Notes
Developers can use the .NET Framework to create and deploy not only XML-based .NET Web services but also traditional COM+ applications. The .NET Framework resembles Windows Distributed interNet Applications Architecture (Windows DNA) in some ways, but it employs a more loosely coupled distributed component architecture.
See Also ADO.NET , ASP.NET ,
An administrative share used by Microsoft Windows NT domain controllers.
Overview
The NetLogon share maps to the %SystemRoot%\ system32\repl\import\scripts directory and is used for the following purposes:
Storing logon scripts (for example, Logon.bat).
Storing system policies (Ntconfig.pol or Config.pol files).
Storing a default user profile for users (which must be stored in a subdirectory called Default User). If a user without a local profile on his or her workstation or a server-based roaming profile logs on, the default user profile is used instead.
When a client is authenticated on a Windows NT domain, the final step in the logon process involves connecting to the NetLogon share and downloading or applying any of the items in the preceding list.
See Also domain controller ,Windows NT
Microsoft Corporation's new Extensible Markup Language (XML) Web services platform for building integrated service-oriented applications to meet the needs of today's Internet businesses.
Overview
Microsoft .NET aims to leverage several important technology shifts in today's economy:
The increasing availability of low-cost broadband Internet access for home and business, which makes delivery of fat content such as streaming video a practical reality.
The proliferation of new computing platforms such as handheld Personal Digital Assistants (PDAs), Tablet PCs, portable MPEG (Moving Pictures Experts Group) players, and Web-enabled cell phones, which are making the computing experience ever more pervasive in today's society.
The .NET platform is designed to help developers build distributed applications that leverage the power of Web for a wide variety of end-user devices. To facilitate this, the .NET platform consists of five components:
Tools for developers: Microsoft Visual Studio .NET, the latest incarnation of Microsoft's popular developer platform, provides language-independent tools and an integrated development environment for programmers to create both.NET experiences for end-user devices and the underlying Web services that provide the foundation for the realization of these experiences. Also key to developers is the .NET Framework, which provides the programming interfaces used for developing the Web services that are at the heart of the .NET vision. The foundation of these new tools is XML, an open standard created and managed by the World Wide Web Consortium (W3C) that is used to facilitate sharing of data and integration of software across different platforms. Other standards supported by .NET include Simple Object Access Protocol (SOAP) and Universal Description, Discovery, and Integration (UDDI) protocols.
.
NET Enterprise Servers: The essential underpinning for the .NET platform. These servers, including the Microsoft Windows .NET Server, are designed to aggregate, integrate, and deliver .NET Web services, providing a consistent and compelling user experience across all levels of devices. The .NET Enterprise Servers include familiar ones such as Exchange Server 2000 and SQL Server 2000, which have been partially XML-enabled and provide the underlying "plumbing" for Web services to function. Other .NET servers, such as Application Center 2000 and BizTalk Server 2000, carry this aggregation and integration of Web services to a higher level using special languages such as XLANG and SOAP.
Building block services: These services are designed to ensure that the .NET end-user experience is simple, consistent, and compelling. Building block services perform functions such as managing identities, providing notifications, and providing schematized storage that are necessary to enable the user experience to be consistent across different services, applications, devices, and platforms. Microsoft Corporation is developing a core set of building block services, but many more will be developed by third-party partners for corporate use.
Devices: An important part of the .NET vision is that Microsoft is developing client and device software that can bring the rich .NET experience to users through a variety of smart devices such as Web-enabled cell phones, Pocket PCs, Tablet PCs, and other devices. Microsoft is developing .NET device software for a number of platforms, including Windows XP, Windows 2000, Windows Millennium Edition (Me), Windows CE, and embedded Windows.
User Experiences: Microsoft aims to provide a powerful and compelling user experience through .NET. These experiences will leverage the flexibility of XML Web services together with the power of broadband business, residential, and wireless Internet access to provide a user experience that is secure, simple, consistent, and personalized.
For More Information
Microsoft expresses the heart of its .NET vision at www.microsoft.com/net.
See Also ASP.NET , building-block services , XML
A Transmission Control Protocol/Internet Protocol (TCP/IP) command that displays current TCP/IP connectivity status and statistics.
Overview
Netstat can be run from the Microsoft Windows 2000 command prompt to view current TCP/IP protocol statistics and connections for the local computer. You can also use it to view statistics on a per-protocol basis for Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Protocol (IP), and Internet Control Message Protocol (ICMP).
In particular, netstat provides information on
IP addresses and port numbers of TCP/IP connections, including client and server connections. Either host names or IP addresses can be displayed.
Ethernet statistics, including bytes sent and received, directed and broadcast frames sent and received, discards, and errors.
The routing table for the local machine.
Examples
To display all connections and listening ports for both TCP and UDP, type netstat -a at the command prompt.
See Also Transmission Control Protocol/Internet Protocol (TCP/IP)
The popular network operating system from Novell Networks.
Overview
Novell NetWare is a network operating system developed in the early 1980s that has been widely used in local area networks (LANs). It began as a platform for LAN-based file and print services and has evolved into a platform suitable for enterprise networking and e-commerce. The current version of NetWare is 6.
History
NetWare initially became popular in its NetWare 2.x and 3.x versions, which proved remarkably stable and easy to administer using text-based menu-driven MS-DOS-based utilities such as Syscon, Filer, Fconsole, Pconsole, and Monitor. Security on these platforms was based on the NetWare bindery, and networking was supported by a proprietary suite of protocols based on Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX) developed by Novell.
NetWare 4 provided a more scalable solution for the enterprise by introducing Novell Directory Services (NDS), a hierarchical directory service that replaced the bindery of earlier versions. NDS enabled users and applications to easily locate and access shared resources anywhere on a Novell network regardless of their location. NetWare 4 supported single-network logon, in which users log on once to the NDS tree, are authenticated, and can then find and access all resources on the network for which they have appropriate permissions. NetWare 4.0 also supported industry-standard Internet Protocol (IP) by encapsulating IP datagrams within IPX packets. The Windows-based administration tool Nwadmin also replaced most of the menu-driven MS-DOS-based administration tools and enabled managing a NetWare 4-based network from a single console.
NetWare 5 included support for native IP, replacing the legacy IPX/SPX used in earlier versions, plus related Internet protocols such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). NetWare 5 also included a new multiprocessing kernel with support for virtual memory.
The latest version, NetWare 6, includes a number of enhancements, including Internet file and printing services, 32-way symmetric multiprocessing (SMP), and 32-way clustering support.
Notes
Microsoft Windows 2000 includes a number of protocols and services that support interoperability between Microsoft Windows and Novell NetWare platforms, and migration from NetWare to Windows 2000. These tools include
NWLink IPX/SPX-Compatible Transport
Gateway Service for NetWare (GSNW)
Client Services for NetWare (CSNW)
File and Print Services for NetWare (FPNW)
Migration Tool for NetWare
For More Information
Visit Novell online at www.novell.com
See Also Client Services for NetWare (CSNW) , File and Print Services for NetWare (FPNW) ,Gateway Service for NetWare (GSNW) ,Internet Protocol (IP) ,
A legacy NetWare protocol.
Overview
NetWare Core Protocol (NCP) operates at the presentation layer protocol of the Open Systems Interconnection (OSI) reference model. NCP enables sharing of file and print services on legacy NetWare 2.x and 3.x platforms and performs various other accounting and security functions.
NCP functions by using information learned through Service Advertising Protocol (SAP) broadcasts. It employs Internetwork Packet Exchange (IPX) as its underlying transport and requires acknowledgment of every packet transmitted.
NCP is the analog of Server Message Block (SMB), a protocol used for similar purposes in Microsoft Windows platforms.
See Also Internetwork Packet Exchange (IPX) , Open Systems Interconnection (OSI) reference model, Server Message Block (SMB)
Old name for Novell Directory Services, the directory services platform from Novell Networks.
See Also Novell Directory Services (NDS)
A suite of protocols developed for legacy versions of Novell NetWare.
Overview
The networking architecture of NetWare evolved from the earlier Xerox Network System (XNS) created in the late 1970s. NetWare 2.x and 3.x used a proprietary suite of networking protocols that mapped to the upper five layers of the Open Systems Interconnection (OSI) reference model. The more important NetWare protocols included
Internetwork Packet Exchange (IPX): A network layer protocol used to route packets across a network. IPX is a connectionless protocol that identifies nodes on a network using a two-part address. The host portion of an IPX address is just the MAC address of the network interface on the host, and the network portion of the address is arbitrarily assigned by the administrator to uniquely identify each portion of the network. IPX also performs encapsulation for the data-link layer using one of four schemes: 802.2 (Novell proprietary), 802.3 (IEEE), Ethernet II, and Subnetwork Access Protocol (SNAP). IPX is the analog of Internet Protocol (IP), part of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite.
Sequenced Packet Exchange (SPX): A transport layer protocol that ensures reliable delivery of data. SPX performs functions such as delivering acknowledgments of successful delivery and performing error checking. SPX is the analog of Transmission Control Protocol (TCP/IP), also part of TCP/IP.
NetBIOS: A session layer protocol that performs name registration and discovery functions and supports interoperability with other NetBIOS-enabled operating systems, such as Microsoft Windows NT.
NetWare Core Protocol (NCP): A presentation layer protocol that enables sharing of file and print services and performs accounting and security functions. NCP uses information learned through SAP broadcasts and employs IPX as its underlying transport. NCP is the analog of Server Message Block (SMB), a protocol used in Microsoft Windows platforms.
Service Advertising Protocol (SAP): Enables NetWare servers to advertise themselves and their shared resources as present on the network in a fashion similar to the Computer Browser services of the Windows platform. This enables NetWare clients to find and access resources on these servers. SAP employs broadcasts issued every 60 seconds. In versions 4 and higher of NetWare, SAP is no longer required and is replaced by Novell Directory Services (NDS).
Get Nearest Server (GNS): A protocol used when a NetWare client boots to locate NetWare servers on the local network.
There are also several routing protocols specific to legacy versions of NetWare. These routing protocols are used for communication between routers, in contrast to the above protocols, which are used for communication between hosts. Examples of NetWare routing protocols include
Novell Routing Information Protocol (IPX RIP): This is a distance vector routing protocol that is a close analog of Internet Protocol Routing Information Protocol (IP RIP), usually just called Routing Information Protocol (RIP).
NetWare Link Services Protocol (NLSP): This is a link state routing protocol derived from the Intermediate System to Intermediate System (IS-IS) routing protocol, and was developed in response to the lack of scalability of IPX RIP to large internetworks.
Enhanced Interior Gateway Routing Protocol (EIGRP): This protocol supports both IPX and IP.
Notes
In addition to these original NetWare protocols, NetWare version 4 also supports Internet Protocol (IP) encapsulation of IPX/SPX packets, which means that IPX datagrams can be encapsulated within User Datagram Protocol (UDP) packets for transmission over TCP/IP internetworks. NetWare 5 and later now have native support for IP, and SAP has been replaced by Service Location Protocol (SLP), which uses IP as its underlying transport.
See Also Enhanced Interior Gateway Routing Protocol (EIGRP) , Internetwork Packet Exchange (IPX) ,MAC address , Open Systems Interconnection (OSI) reference model, routing, Routing Information Protocol (RIP), Service Advertising Protocol (SAP), Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP)
A group of computers that can communicate with one another.
Overview
Networks harness the power of computers by allowing them to work together. By creating a network, users can share resources with one another and send messages to one another. Networks also allow applications to be distributed across multiple computers. Networks provide applications and users with many benefits over stand- alone (independent) computers, including
Distributed processing capability
Enhanced storage capability
Centralized management of security and access to resources
Greater scalability, robustness, and redundancy
For computers to be connected into a network, they require three things:
Network client: Software running on the computer that makes the computer network-aware (able to be networked to other computers and to communicate with them). Operating systems such as Microsoft Windows are sometimes called network operating systems because they have built-in network client software and are thus intrinsically network-aware. Older operating systems such as Microsoft Disk Operating System (MS-DOS) were not networkable by themselves and required additional software such as the Microsoft Network Client 3 for MS-DOS in order to communicate on a network.
Network interface card (NIC): A card inserted into a slot on the computer's motherboard. The card provides a physical connection and the necessary electronics in order for a network cable to be connected to the computer. Other forms of NICs include Personal Computer Memory Card International Association (PCMCIA) cards for laptop computers and wireless access cards for wireless networking.
Network protocol suite: A collection of protocols that control the exact steps which computers use when communicating over a network. An example is the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, which includes Internet Protocol (IP), Transmission Control Protocol (TCP), Address Resolution Protocol (ARP), and Hypertext Transfer Protocol (HTTP). Each protocol within a network protocol suite has a specific function to support communication between computers on a network.
In addition to cables, NICs, and computers, most modern networks also require some kind of dedicated networking device in order to concentrate (join together) the cabling into an actual network. These devices fall into two general categories:
LAN devices: Used to build local area networks (LANs) and include hubs, bridges, routers, and switches.
WAN devices: Used to connect LANs using wide area network (WAN) services from a telecommunications service provider. Examples include routers, access servers, channel service unit/data service units (CSU/DSUs), multiplexers, Frame Relay Access Devices (FRADs), analog modems, Integrated Services Digital Network (ISDN) terminal adapters, and a host of other devices depending on the telecom service employed.
Together with the cabling, these LAN and WAN devices constitute the infrastructure of a company's network.
Types
Networks can be classified in many ways. For example, they can be distinguished according to
Administration: Networks can be private networks (owned and operated by a company or organization) or public networks (shared or leased to companies by a service provider). The Internet is a collection of public networks connected together and running the TCP/IP protocol suite. Not all public networks are part of the Internet, however-for example, AT&T's Frame Relay network is a telecommunications network that companies can lease and use to connect networks located in geographically separated regions.
Architecture: This describes the way signals are transmitted across the network. Examples of common network architectures include Ethernet (including Fast Ethernet and Gigabit Ethernet), Token Ring, Fiber Distributed Data Interface (FDDI), Asynchronous Transfer Mode (ATM), and even serial transmission using RS-232, V.35, and other interfaces.
Physical size: Depending on the number of computers involved and the location of these machines, networks can be variously labeled as local area networks (LANs), campus area networks (CANs), metropolitan area networks (MANs), or wide area networks (WANs). LANs and CANs are usually owned and managed by a single company or organization, MANs are typically owned and managed by telcos and other service providers and leased to companies to connect their LANs, and WANs typically consist of LANs owned and operated by one or more organizations and connected using leased services owned by another organization.
Protocol: Networks use a variety of different protocols, that is, methods for packaging information into frames, packets, or cells for transmission across a network. Common examples of networking protocols include TCP/IP, Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX), and Systems Network Architecture (SNA).
Security: Networks vary depending on how clients are authenticated and how resources are secured. Two common ways of implementing this include the workgroup, where every computer controls its own security, and the domain, where a special server called a domain controller manages security for the entire network. Both the workgroup and the domain model are supported by Windows 2000, Windows XP, and Windows .NET Server.
Topology: The term topology refers to the manner and complexity of interconnections between computers on a network. Possible network topologies include the bus topology, star topology, ring topology, and mesh topology. Networks can also be described as either flat (using one of the topologies listed previously) or hierarchical (using combinations of different topologies or multiple levels of a single topology).
Media: Computers can be physically connected together in various ways including using coaxial cabling, twisted-pair cabling, and fiber-optic cabling. Computers can also be networked without wires, an approach called wireless networking.
Notes
In TCP/IP networking, the term network is sometimes used to refer specifically to a group of hosts having the same network ID. Several such networks can then be connected using routers to form a larger network called an internetwork. Individual networks within an internetwork are usually referred to as subnets or subnetworks.
See Also analog modem , Asynchronous Transfer Mode (ATM) ,backbone ,bridge ,bus topology ,cabling ,campus area network (CAN) ,coaxial cabling ,domain controller ,domain (DNS) ,Ethernet ,Ethernet switch ,Fast Ethernet ,Fiber Distributed Data Interface (FDDI) ,fiber-optic cabling ,Gigabit Ethernet (GbE) ,hub ,infrastructure ,Internet ,internetwork ,ISDN terminal adapter ,local area network (LAN) ,mesh topology ,metropolitan area network (MAN) ,multiplexer (MUX) , ring topology, router, serial transmission, star topology, subnet, Systems Network Architecture (SNA), Token Ring, Transmission Control Protocol/Internet Protocol (TCP/IP), twisted-pair cabling, wide area network (WAN), wireless networking, workgroup
A point where Internet traffic is exchanged between Internet service providers (ISPs).
Overview
Network Access Points (NAPs) are points where sections of the Internet's high-speed backbone are connected together in order to exchange traffic between ISPs-typically, this means connections between Tier 1 ISPs (large backbone providers) and Tier 2 ISPs (regional providers). Since the global portion of the Internet's backbone consists of long-haul fiber-optic cabling and high-speed Asynchronous Transfer Mode (ATM) switching equipment owned and is operated by inter-exchange carriers (IXCs) such as AT&T, Sprint Corporation, and MCI WorldCom, such NAPs are usually located where these carriers interconnect their long-haul lines together, and they contain high-speed switching facilities for transferring traffic from one carrier's lines to another's.
In the Internet's early days, the National Science Foundation established four different NAPs in Chicago, New York, San Francisco, and Washington, D.C. With the growth of the Internet and the changing landscape of telecommunication companies, many more NAPs have been created. These include the well-known "MAE West" in San Jose, California, and "MAE East" in Washington, D.C., both of which are operated by MCI WorldCom.
To lessen the traffic burden on the Internet's backbone, major ISPs can connect their services directly to a NAP in the form of a "peering arrangement," whereby traffic that needs to move between two ISPs connected to the same NAP can move directly from one ISP to the other instead of having to traverse the Internet's backbone.
See Also inter-exchange carrier (IXC) ,Internet service provider (ISP)
The server at the Internet service provider (ISP) end of a dial-up connection.
Overview
The term network access server (NAS) is a general name for the server at an ISP that supports Point-to- Point Protocol (PPP) connections for dial-up clients. The NAS is typically responsible for authenticating the dial-up client's credentials and negotiating flow control and error correction. The NAS is often a general- purpose server running special software such as Microsoft Windows 2000's Internet Connection Services. Alternatively, a NAS may be a standard router that supports PPP.
The NAS can sometimes also be used to establish tunnels through the Internet for virtual private networking (VPN), for example, by using Point-to-Point Tunneling Protocol (PPTP).
Network access server (NAS). How a NAS works.
Another name for a NAS is a point of presence (POP) server.
See Also Internet service provider (ISP) ,Point-to-Point Protocol (PPP) ,Point-to-Point Tunneling Protocol (PPTP) ,router ,virtual private network (VPN)
Usually called network interface card, a device that allows a computer to communicate on a network.
See Also network interface card (NIC)
A method of substituting one Internet Protocol (IP) address for another.
Overview
Network address translation (NAT) is a mechanism for translating the IP addresses of hosts on one network into IP addresses belonging to a different network. NAT is usually used at the boundary of two networks, especially where a private network such as a corporate network meets a public network such as the Internet.
The motivation behind the creation of NAT is that the number of available global (public) registered IP addresses on the Internet is rapidly being depleted. NAT works around this problem by
Address reuse: NAT allows multiple private networks to use the same network IDs (same range of IP addresses). Private networks (networks not directly connected to the Internet) can use any range of IP addresses but usually employ those addresses specially reserved by the Internet Assigned Numbers Authority (IANA) for private network usage, such as 10.0.0.0 through 10.255.255.255 (or 10/8 in classless interdomain routing [CDIR] notation), 172.16.0.0 through 172.32.255.255 (or 172.16/12), and 192.168.0.0 through 192.168.255.255 (or 192.168/16). Addresses in this range are designated by IANA as nonroutable addresses, and networks using these addresses cannot directly connect to the Internet using a router. Instead, they need a router or access device that supports NAT so that these nonroutable addresses can be translated into public addresses for routing over the Internet.
Address multiplexing: NAT allows IP addresses of multiple hosts on a private network to be exposed to the Internet as a single public IP address. This allows the addresses of hosts on a private network to be hidden from the outside world, improving security on the network. Address multiplexing is sometimes referred to as network address port translation (NAPT).
NAT is defined in RFC 1631, and the IP addresses reserved by IANA for use on private networks is defined in RFC 1918.
Uses
NAT has several uses in enterprise networks:
NAT allows corporate networks using RFC 1918 private network addresses to access the Internet through NAT-enabled routers and access servers. NAT also enables older enterprises that deployed addresses noncompliant with RFC 1918 to connect to the Internet.
NAT allows corporate networks to hide the address topology of their networks from the Internet. NAT is not a replacement for firewalls, though, as in itself it performs no address or port filtering, just translation. In fact, NAT is usually available as an additional feature on most firewall products today.
Often two private networks need to join together as a result of a merger. If both networks are using the same RFC 1918 addresses, NAT enables the networks to be united without the needed of readdressing one of them.
Implementation
In a typical NAT scenario, a NAT-enabled router connects an internal corporate network with the Internet. The internal network has multiple IP hosts using private network IP addresses, while the router has a similar private IP address on its near-side (internal) interface and a public (global) address on its far-side (internal) interface. NAT operates by examining traffic passing through the router and building a table that maps the connections between hosts inside the network and hosts outside on the Internet. For each connection the table contains
Original IP address and port number of source address
Original IP address and port number of destination address
Translated IP address and port number of source address
Translated IP address and port number of destination address
Transmission Control Protocol (TCP) and Internet Control Message Protocol (ICMP) sequence numbers
All packets that enter the network through the router have their addresses translated, and all packets leaving the network have their addresses translated back again.
Implementing NAT on a router or firewall thus involves creating and configuring a NAT table containing these private/public IP address mappings. These address mappings can either be
Manually created: A static NAT table essentially consists of a series of manually created NAT rules that specify how IP addresses will be translated. Static NAT mappings are always one-to-one mappings between actual and translated addresses. For example, a typical static NAT rule might be equivalent to the statement, "Translate all IP addresses belonging to the network 176.43.8.z to IP addresses in the form 145.5.133.z with the subnet mask 255.255.255.0 used for both networks." This rule results in the address 176.43.8.1 being mapped to 145.5.133.1, 176.43.8.2 being mapped to 145.5.133.2, and so on. This approach can be used, for example, when corporate networks with conflicting addresses need to be merged into one network. Static mappings are not very useful, however, for connections between private networks and the Internet due to the large number of possible connections to Internet hosts, which can make the NAT table grow excessively large thus degrading router performance.
or
Dynamically assigned: NAT-enabled routers can often dynamically allocate IP addresses to hosts on the private network by selecting addresses drawn from a specified pool. Dynamic NAT mappings are also one-to-one mappings between actual and translated addresses. This process is similar to Dynamic Host Configuration Protocol (DHCP) and can be done either randomly or, more usually, on a round- robin basis. Each time a connection is formed between the external and internal networks, NAT assigns a different IP address from the pool to the internal host being connected to and address information in packets is modified accordingly.
Another popular form of dynamic NAT is called address overloading, masquerading, port address translation (PAT), or network address port translation (NAPT). In this situation all the IP addresses of the internal private network are hidden to outsiders, who can access only the single IP address of the interface exposed to the public network. Address overloading thus employs many-to- one mappings of IP addresses and is used when the number of internal addresses is greater than the available number of global addresses. Address overloading differs from standard NAT in that port numbers are also translated, not just IP addresses. For example, it is possible to multiplex many TCP connections through a single global IP address by assigning each connection a different port number. These numbers might be chosen, for example, from the range 61,000 through 65,096, which would allow up to 4096 simultaneous TCP connections through a single overloaded IP address. Address overloading is often used by firewalls and sometimes for load balancing Web servers.
Advantages and Disadvantages
NAT provides corporate networks with portability by eliminating the need for an organization to obtain globally unique IP addresses from its Internet service provider (ISP). Should an organization using global addresses need to change providers, this usually means obtaining new global addresses from the new provider and reconfiguring the network accordingly. With NAT, a company can use RFC 1918 private addresses for hosts on its corporate network, regardless of which ISP it is connected to the Internet through. And when changing ISPs, the only reconfiguration that would be required would be on the external interface of the company's router or firewall, which would need a new global address obtained from the new provider.
NAT also reduces cost for large corporate networks that need to connect to the Internet. This is because without NAT you would need to purchase a large block of unique IP addresses from your ISP in order to connect your network with the Internet, and such address blocks are sometimes scarce and therefore costly. Using NAT, however, only the far side (public interface) of your router or firewall needs a unique global IP address obtained from your ISP-within your network you can use RFC 1918 addresses because your private network is securely hidden from the outside world behind your NAT-enabled router firewall. And RFC 1918 addressing provides companies with access to address blocks as large as Class A (the 10/8 block) that can support millions of different hosts. Try obtaining a Class A from an ISP today if you think you need one-all Class A addresses have been assigned years ago, and only a few Class B addresses are still available.
NAT also helps to conserve the available pool of IPv4 addresses for the Internet, thus postponing the day when networks will need to be migrated to IPv6, a process that may be costly for large enterprises and will require considerable training of network professionals in use of the new protocol.
NAT's main disadvantage is that some protocols (and hence the applications that use them) simply do not work when IP addresses are translated. This particularly applies to protocols that involve
Encryption: NAT does not work with protocols that use encryption schemes, and it can interfere with authentication systems that employ encryption as well. The main way of working around this issue with IPsec, a popular IP encryption protocol, is to use a router that supports both NAT and virtual private networking (VPN) to tunnel IPsec-encrypted packets through unencrypted IP packets that can be translated using NAT, but this is a complicated workaround that increases the router's processing load (and therefore the cost).
Embedded addresses: NAT does not work with protocols that embed address and port information within the data portion of packets in a nonpredictable fashion.
The following table lists some of the protocols that have no trouble working with NAT, that can work with NAT as long as NAT devices are specially configured to support them, and that cannot easily work with NAT.
Work with NAT by Default | Can Be Configured To Work with NAT | Cannot Easily Work with NAT |
Hyptertext Transfer Protocol (HTTP) | Domain Name System (DNS) name resolution | Boot Protocol (BOOTP) |
Network File System (NFS) | File Transfer Protocol (FTP) | IPsec |
Network Time Protocol | H.323 | Kerberos |
Rlogin | Internet Control Message Protocol (ICMP) | Novell Directory Services (NDS) zone transfers |
Telnet | IP multicast | Routing table updates |
Trivial File Transfer Protocol (TFTP) | NetBIOS over TCP/IP (NetBT) | Simple Network Management Protocol (SNMP) |
Another disadvantage of NAT is that end-to-end connectivity is effectively lost, which makes it more difficult to troubleshoot routing issues. Also, more costly routers may be required due to the additional processing overhead incurred by NAT. This processing overhead can introduce additional latency into internetworks using NAT-enabled routers, which can degrade time-sensitive applications such as Voice over IP (VoIP) and streaming multimedia presentations.
Marketplace
Many routers and access servers support NAT. In particular, Cisco System routers running Cisco's Internetwork Operating System (IOS) versions 11.2 and higher support NAT.
Microsoft Windows 2000 supports two ways of translating IP addresses for connecting a private network with the Internet:
Internet Connection Sharing (ICS): Intended for small office/home office (SOHO) environments to provide access to the Internet through a designated Windows 2000, Windows XP, or Windows .NET Server computer. ICS automatically allocates addresses for internal hosts and only supports one interface to the internal network.
Routing and Remote Access Service (RRAS): Provides a robust solution for larger corporate networks to access the Internet through multiple interfaces and using an addressing scheme chosen by the administrator. Windows 2000 or Windows .NET Server computers using the NAT feature of RRAS also function as DNS and Windows Internet Name Service (WINS) proxies for their connected subnets.
Prospects
NAT is essentially a workaround to extend the viability of the current IPv4 system by reducing the number of unique IP addresses required for connectivity to the Internet. NAT is viewed as a temporary solution until existing IPv4 networks can be fully migrated to the new IPv6 standard. However, the security advantages of using NAT-enabled firewalls has actually revitalized IPv4 to an extent and hence made migration to IPv6 seem less urgent to many network architects. Thus, while the Internet community presses for migration to IPv6, most large enterprises are content to use NAT and avoid the costs associated with a mass upgrade to the newer IPv6 protocol.
On the other hand, the proliferation of small mobile networked devices such as Web-enabled cell phones and Personal Digital Assistants (PDAs) may provide the impetus needed to push the wider networking community toward IPv6. The current IPv4 system lacks sufficient available addresses to support the millions of Internet-enabled mobile devices just over the horizon, and some countries such as Japan are already starting to roll out IPv6 on these devices. Workarounds such as NAT may still be in use for years, however, and gateways can be deployed for converting IPv6 to IPv4 addresses within the mixed IPv6/4 environment that is likely to characterize the global Internet of the next decade.
See Also classless interdomain routing (CIDR) ,Dynamic Host Configuration Protocol (DHCP) ,firewall ,Internet ,IP address ,IPsec ,routing ,virtual private network (VPN)
Method used for packaging information for transmission over a network.
Overview
The term network architecture is used to describe the signaling, media access control method, and types of cabling for a particular type of computer network. Network architectures are different for local area networks (LANs), wide area networks (WANs), and networks that use terminals to connect to mainframes. Some common examples of LAN network architectures include
Ethernet: This is by far the most popular LAN network architecture in use today. Ethernet, together with Fast Ethernet and Gigabit Ethernet (GbE), forms the basis of all types of business networks from the small office/home office (SOHO) to the enterprise.
Token Ring: This architecture was developed by IBM and can support speeds of 4 and 16 megabits per second (Mbps). In the mid-1990s work was going on to push Token Ring to speeds up of 100 Mbps and higher, but these have been largely abandoned as Fast Ethernet and GbE have displaced Token Ring in most enterprises.
Fiber Distributed Data Interface (FDDI): This architecture runs over fiber-optic cabling and was widely used in the late 1980s and early 1990s for backbones in campus area networks (CANs). It has largely been replaced by Fast Ethernet and GbE.
Asynchronous Transfer Mode (ATM): This technology was envisioned as the successor to both Ethernet and FDDI, but its complexity and high cost have resulted in it being restricted to backbones in large enterprises. If current trends continue, GbE and the emerging 10G Ethernet standard are likely to displace ATM. ATM still retains a strong hold in the telcom market, however, where it is widely implemented in telco switching centers and for long-haul communications between inter-exchange carriers (IXCs).
Examples of LAN architectures that were once popular but are now rarely used include
ARCNET: A legacy LAN architecture that was developed by Datapoint Corporation for small bus topology networks. It has almost disappeared, having been replaced by Ethernet.
100VG-AnyLAN: A legacy architecture that was developed by AT&T and Hewlett-Packard and which has been largely replaced by Fast Ethernet and GbE.
The following are also sometimes considered LAN architectures, but they are really protocol suites that run on top of architectures such as Ethernet and Token Ring:
AppleTalk: A legacy architecture developed by Apple Computer for its Macintosh platform that is essentially a protocol suite that can run on top of Ethernet, Token Ring, or FDDI networks. AppleTalk has largely been replaced by Transmission Control Protocol/Internet Protocol (TCP/IP) running on Ethernet.
Banyan VINES: A legacy set of network protocols and applications developed by Banyan (now called ePresence) that runs on top of Ethernet and Token Ring.
See Also 10G Ethernet , 100VG-AnyLAN ,AppleTalk ,ARCNET ,Asynchronous Transfer Mode (ATM) ,backbone ,cabling ,campus area network (CAN) ,Ethernet ,Fast Ethernet ,Fiber Distributed Data Interface (FDDI) ,Gigabit Ethernet (GbE) ,inter-exchange carrier (IXC) ,local area network (LAN) ,media access control method , protocol, signaling, telco, Token Ring, topology, Transmission Control Protocol/Internet Protocol (TCP/IP), wide area network (WAN)
A storage appliance that attaches directly to the network.
Overview
Traditional file servers use bus-attached disk storage and tend to be processor-bound machines unless unnecessary services and applications are disabled on the machine. Network attached storage (NAS) devices are essentially dedicated file servers that do nothing else. They are generally rack-mounted boxes containing a processor, memory, a Fast Ethernet or Gigabit Ethernet (GbE) network interface card (NIC), and disk drives either in the form of "just a bunch of disks" (JBOD) or a RAID 5 array for fault tolerance. NAS devices usually run an embedded operating system that is optimized for the sole task of rapid serving of files to clients on an Internet Protocol (IP) network.
Using a NAS device is typically as simple as plugging it in and connecting it to the network. Client machines on the network see the NAS device as just another file server. Management of NAS devices may be through a Web interface or from a management console that supports Simple Network Management Protocol (SNMP).
Storage capacity for NAS devices range from hundreds of gigabytes (GB) for those designed for the small to mid-sized business market to large boxes supporting multiterabyte (TB) storage for the large corporation.
Advantages and Disadvantages
NAS devices are generally more efficient file servers than traditional network file servers that use bus- attached storage. They are usually cheap, easy to set up, reliable, and they may sometimes be expandable to meet your growing storage demands. NAS devices typically support a wide range of clients including Microsoft Windows, Apple Macintosh, UNIX, and Linux. They are not as flexible as their larger cousin, storage area networks (SANs), which can be repartitioned when necessary, but they are much easier to manage. Some NAS devices also support advanced features such as load balancing, clustering, remote mirroring, and snapshot fault tolerance.
Marketplace
Vendors of NAS devices for the small office/home office (SOHO) and mid-sized businesses include Compaq Computer Corporation, Dell Computer, Hewlett- Packard, Maxtor Corporation, Network Appliance, Quantum Corporation, Snap Appliances, and Sun Microsystems. In the enterprise arena, EMC Corporation, Network Appliance, and Procom Enterprises are popular enterprise NAS vendors.
See Also Fast Ethernet , Gigabit Ethernet (GbE) , RAID, Simple Network Management Protocol (SNMP), storage, storage area network (SAN)
Software that makes a computer network-aware.
Overview
Network client software typically runs on a client computer, a desktop computer (workstation) used by one or more users. The purpose of network client software is to enable the client computer to communicate with other computers called servers in order to access network resources (applications, files, or services) located on these servers.
Without the appropriate client software, a workstation cannot access resources on a network server. For example, a Microsoft Windows client can access resources on a Windows-based server easily, but in order for the Windows client to access resources on a Novell NetWare server the client computer needs special NetWare-aware network client software installed on it.
Windows 2000, Windows XP, and Windows .NET Server include the following network clients:
Client for Microsoft Networks: Enables the computer to participate in a Windows-based network and access resources on servers running different versions of Windows
Client Service for NetWare (CSNW): Enables the computer to directly access resources on Novell NetWare servers
Note that in some Windows operating systems such as Windows 95, Windows 98, and Windows Millennium Edition (Me), the NetWare client is called Client for NetWare Networks instead of Client Service for NetWare. Some versions of Windows also include clients for legacy networks such as Banyan VINES.
See Also Client for Microsoft Networks , Client for NetWare Networks ,Client Services for NetWare (CSNW) ,Microsoft Windows ,
An add-on for Microsoft Disk Operating System (MS-DOS) that makes it a network-aware operating system.
Overview
Network Client enables MS-DOS-based workstations to access resources (such as shared folders, printers, and applications) on a Microsoft network using text-based Net commands. Using Network Client, an MS-DOS- based workstation can participate in either workgroups or domains.
Network Client must be installed on a machine that already has MS-DOS installed on it (you can create installation disks for Network Client using the Windows NT administrative tool called Network Client Administrator). Network Client has only limited support for Transmission Control Protocol/Internet Protocol (TCP/IP), but it does support the Dynamic Host Configuration Protocol (DHCP), Windows Internet Name Service (WINS), and Domain Name System (DNS).
Notes
If you cannot remember the syntax for Network Client commands when you use the MS-DOS command prompt, type net to load and open the Network Client pop-up command interface.
See Also Domain Name System (DNS) , Dynamic Host Configuration Protocol (DHCP) ,Microsoft Disk Operating System (MS-DOS) , Transmission Control Protocol/Internet Protocol (TCP/IP), Windows Internet Name Service (WINS)
The portion of Point-to-Point Protocol (PPP) responsible for encapsulating network layer protocols.
Overview
Establishing communications between a PPP client and a PPP server involves several stages. The first step in establishing a PPP session is negotiating the actual connection. This is performed using Link Control Protocol (LCP), a PPP data-link layer protocol that is used for authenticating the client and performing callback, compression, and establishing a multilink connection if required. Once LCP has done its job, Network Control Protocol (NCP), another PPP data-link protocol that is actually a family of protocols, takes over to perform two functions:
Negotiating network layer attributes: This involves selecting a network layer protocol understood by both the PPP client and server.
Encapsulating the network layer protocol: This involves selecting the appropriate NCP protocol to encapsulate network layer packets for transmission over the connection. The table shows some of the common NCP protocols used for different network-layer protocols.
Network Layer Protocol | NCP Protocol | Request For Comments (RFC) |
Internet Protocol (IP) | Internet Protocol Control Protocol (IPCP) | 1332 |
Internetwork Packet Exchange (IPX) | Internetwork Packet Exchange Control Protocol (IPXCP) | 1552 |
AppleTalk | AppleTalk Control Protocol (ATCP) | 1378 |
IPv6 | IPv6 Control Protocol (IPV6CP) | 2023 |
See Also Link Control Protocol (LCP) ,Point-to-Point Protocol (PPP)
The science (or art) of designing a properly functioning network.
Overview
Designing networks that can efficiently transport traffic in expected ways can be a challenge. The performance, reliability, scalability, and manageability of a network depend on a variety of factors, including
Bandwidth: Dealing with traffic congestion on a network is important to ensure that applications function smoothly and that users are happy. Solutions include simply throwing bandwidth at the problem (for example, replacing Ethernet with Fast Ethernet), replacing shared media devices (hubs) with switches (local area network [LAN] or Ethernet switches), and implementing Quality of Service (QoS) to better manage existing bandwidth. An issue related to bandwidth is how that bandwidth is distributed across a network. In the 1980s most enterprise networks were designed with the 80/20 rule in mind, which said that you could expect 80 percent of network traffic to be local (within a workgroup or department) but 20 percent of the traffic would need to be carried over the backbone to remote locations. With the rapid growth of the Internet, however, and the fact that it has become an essential element of enterprise networks, the 80/20 rule has shifted to more like a 20/80 rule, especially for networks that need to support multimedia applications such as streaming audio and video presentations or Voice over IP (VoIP).
Fault tolerance: Networks that run mission-critical business applications need some degree of fault tolerance so they can continue operation in the event of a problem. Solutions can include using routed networks with mesh topologies that provide alternate routes, multihoming a corporate network by connecting it to several Internet service providers (ISPs), and using a dual-ring architecture as in Fiber Distributed Data Interface (FDDI).
Geography: Networks that span a continent are designed and built differently from those that occupy only a single office. Wide area networks (WANs) not only use different technologies than LANs but also involve leasing telecommunications services from telcos and other service providers, distributing network administration among regional offices, and dealing with legal and political issues.
Simplicity: Managing a heterogeneous network consisting of multiple network architectures and protocols can be a headache, but it is also a reality that most large enterprises grow their network in an organic fashion over a period of years. As new networking technologies are added, existing ones are maintained as legacy services to reduce the up-front cost of migrating architectures, services, and data. The result is anything but simple, so anything a network manager can do to reduce the complexity of an enterprise network should be done. The most important thing to do, of course, is to plan each modification of the network carefully.
Network design. Typical hierarchical design of an enterprise network.
Size: Flat networks may suffice for small businesses, but in enterprises where thousands of machines need to be networked, a hierarchical network is more scalable and manageable.
Standards: Using protocols and equipment that conform to internationally recognized standards can be a lifesaver in network design. Although networking devices can initially be purchased from a single vendor to eliminate interoperability issues, the vendor you purchased from might not be around several years later when you want to expand your network. Purchasing standards-based networking equipment ensures (usually) that when you later add devices from a different (but also standards-based) vendor to your existing network, no interoperability issues will arise to haunt you.
Architecture
A typical enterprise network today uses a hierarchical design having three levels:
Core level: This is the network's backbone, and it carries the greatest load of traffic. The network's core can be located in a single equipment room (collapsed backbone) or spread all over a building or campus (distributed backbone). The core connects the switches and routers that form the basis of the next level of the network, the distribution level.
Distribution level: This is the portion of the network responsible for moving traffic from one site (or department or workgroup or floor or building) to another. Traffic control features are typically implemented at this level as well. Different blocks of the distribution level are connected by the core, and the distribution level delivers traffic to end users through the access level. Each block of the distribution level (called switch block) defines a separate broadcast domain, typically serving no more than 2000 hosts to ensure good performance.
Access level: This portion of the network provides users' client machines with direct access to the network.
The specific networking technologies and infrastructure used within each level of an enterprise network vary as well. The main function of the core is to transport traffic quickly, and, as a result, large Layer 2 backbone switches are typically used at this level. Many enterprises employ a dual core with redundant switches to ensure that critical backbone traffic is carried uninterrupted. The distribution level of older enterprise networks employed routers for routing traffic to and from the core, but modern networks tend to use Layer 3 switches instead. The access level uses hubs or Layer 2 workgroup switches if greater carrying capacity is required for multimedia desktop applications. The switches for the access and distribution layers are often combined in the form of switch blocks as mentioned above.
Notes
To get an idea of how the science of network design has evolved over the last decade, consider the following table, which describes a typical network problem and how to solve it based on late 1980s and late 1990s network design principles.
Issue | Old Approach | New Approach |
LAN traffic is becoming congested | Segment the network | Replace hubs with switches |
Real-time applications perform poorly | Throw bandwidth at the problem | Implement Quality of Service (QoS) |
Network is complex, heterogeneous, and multiprotocol | Use a combination of routers, switches, and load balancers | Use multilayer switches |
Remote users need access to the network | Use expensive leased lines for branch offices and slow dial- up for mobile users | Use virtual private networking (VPN) over the Internet |
WAN traffic is becoming congested | Lease a bigger WAN pipe | Use a content delivery network (CDN) or redirect traffic to local caching devices |
See Also 80/20 rule , backbone ,Ethernet ,Ethernet switch ,Fast Ethernet ,hub ,infrastructure ,Layer 2 switch ,Layer 3 switch ,local area network (LAN) ,multihoming ,Multilayer Switching (MLS) , quality of service (QoS), router, routing, wide area network (WAN)
A specification for network driver architecture.
Overview
Network driver interface specification (NDIS) simplifies the process of writing drivers for network interface cards (NICs) by enabling them to interact transparently with different transport protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP), Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX), and NetBIOS Extended User Interface (NetBEUI). NDIS is also a library of routines (a "wrapper") that is implemented in Microsoft Windows 2000, Windows XP, and Windows .NET Server as the driver Ndis.sys, which provides a uniform programming interface between NIC drivers and network protocols.
Version | Platform | 16- or 32-bit | Features |
2 | Windows for Workgroups and OS/2 | 16 | Real mode; each NIC must have its own driver. |
3 | Windows NT 3.5x | 32 | Unlimited number of NICs can be bound to an unlimited number of protocols. |
3.1 | Windows 95 | 32 | A superset of NDIS 3 with plug and play functionality and support for minidrivers. Windows 95 supports up to four NICs in a computer. |
4 | Windows NT 4 | 32 | Unlimited number of NICs can be bound to an unlimited number of protocols. Also allows capturing of all frames on local network segment without the need to switch the NIC to promiscuous mode. |
5 | Windows 98, Windows Me, Windows 2000, Windows XP, Windows .NET Server | 32 | Adds support for connection- oriented networks such as Integrated Services Digital Network (ISDN) or Asynchronous Transfer Mode (ATM), including support for multiple virtual circuits on one network adapter. |
NDIS was developed jointly by Microsoft Corporation and 3Com Corporation in 1989 and has gone through a series of revisions, as shown in the above table. The most recent versions allow one NIC to be bound to many protocols (which is ideal for heterogeneous networks) and one protocol to run on a system with multiple NICs (which helps increase network bandwidth for heavily used servers).
See Also NetBIOS Extended User Interface (NetBEUI) ,network interface card (NIC) Transmission Control Protocol/Internet Protocol (TCP/IP)
A suite of protocols for accessing file systems across a network.
Overview
Network File System (NFS) is a distributed file system developed by Sun Microsystems in the early 1980s that has become the de facto standard in distributing file systems. NFS was designed to enable the exporting of files system across heterogeneous networks comprising multiple operating systems and platforms. NFS technology has been licensed to over 200 vendors and implementations have been made available for a wide variety of platforms including UNIX, Linux, Microsoft Windows, and mainframe environments.
NFS allows clients to locate and access files stored on remote servers. The original NFS specification was designed for local area network (LAN) use and was not optimized for wide area network (WAN) connections, but the current version NFS 3 performs well in the WAN as well as the LAN. The features of NFS 3 include
Support for terabyte-size files using 64-bit file size indicators (previous versions supported files up to 4 gigabytes in size).
Maximum packet size of 64 kilobytes (earlier versions supported only 8 KB packet size).
Choice of User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) for NFS network transport (earlier versions supported only UDP, which performed poorly over a WAN).
Support for caching of client requests by the server.
The original NFS specification is defined in RFC 1094 and the current NFS 3 version is defined in RFC 1813.
Implementation
NFS uses a layered protocol architecture that maps to the seven layers of the Open Systems Interconnection (OSI) reference model as shown in the following table.
OSI Layer | NFS Protocol |
Physical | Any (Ethernet common) |
Data link | Same as Physical |
Network | Internet Protocol (IP) |
Transport | User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) |
Session | Remote Procedure Call (RPC) protocol |
Presentation | External Data Representation (XDR) protocol |
Application | Network File System (NFS) and Network Information System (NIS) |
NFS is implemented as a client/server system that uses special NFS servers and NFS client software running on workstations. These servers use NFS to export (make available) their file system to machines running NFS clients-to the client machine the exported file system appears as part of its own local file system. NFS typically uses remote procedure calls (RPCs) running over User Datagram Protocol (UDP) on server port 2049 for stateless communication between clients and file servers on the network. NFS clients (client machines running NFS client software) import remote file systems from NFS servers, while the NFS servers export local file systems to clients. Machines running the NFS client can connect to NFS servers and read, modify, copy, move, or delete files on the server using RPC requests such as READ, WRITE, CREATE, and MKDIR. To the user accessing the remote file system from the client, the files appear to be stored locally on his or her system. Before a user can access files within the directory structure on the local UNIX file system of the NFS server, the administrator must generally mount the portions of the local UNIX file system that will be made accessible to clients and assign appropriate user privileges.
Marketplace
Although NFS is widely used on UNIX platforms, another file sharing protocol called Server Message Block (SMB) is common on Windows platforms. Windows 2000 and Windows .NET Server support NFS in Services For Unix (SFU) version 2, and products such as Samba implement SMB on UNIX platforms. Interoperability between SMB and NFS is thus available both ways for integrating Windows and UNIX platforms for common file sharing purposes. A wide variety of third-party products are also available that implement NFS on the Windows platform, including ChameleonNFS from NetManage, NFS Maestro from Hummingbird International, and many others.
See Also Internet Protocol (IP) , Linux ,Microsoft Windows , remote procedure call (RPC), Server Message Block (SMB), Transmission Control Protocol (TCP), UNIX, User Datagram Protocol (UDP)
The portion of an Internet Protocol (IP) address that identifies the subnet on which the host resides.
Overview
The IP address of a host consists of two parts: the network ID and the host ID. The network ID portion of an IP address uniquely identifies the host's local subnet. By contrast, the host ID portion of the IP address identifies the host within its local subnet. Together, the host ID and network ID uniquely identify the host on an internetwork.
Examples
The network ID is found by logically ANDing the binary form of the IP address with the binary form of the subnet mask for the network. For example, if a host has an IP address of 172.16.8.55 on a network with a subnet mask of 255.255.0.0 (the default subnet mask), the network ID of the host is 172.16.0.0, or simply 172.16, as it comprises the first 16 bits of the 32-bit address.
See Also host ID ,Internet Protocol (IP) ,IP address ,subnet
A protocol used for naming and directory services on UNIX platforms.
Overview
Network Information System (NIS) functions as a kind of telephone book for locating resources on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. In fact, the original name for NIS was "Yellow Pages (YP)." NIS enables users and applications distributed across a network to locate and access files and applications anywhere in the network by accessing a central NIS server. The kinds of information typically provided by NIS servers include password files, host tables, and e-mail aliases.
NIS operates using broadcasts, and on most UNIX platforms, NIS clients communicate with NIS servers using remote procedure calls (RPCs) running over User Datagram Protocol (UDP).
The original NIS was not secure and NIS servers were often targeted in attacks on UNIX networks. A newer version developed by Sun Microsystems called NIS+ includes additional security features, but it has gained only limited popularity in the marketplace.
See Also remote procedure call (RPC) ,UNIX ,User Datagram Protocol (UDP)
Also called network adapter card or network card, a device that allows a computer to communicate on a network.
Overview
Network interface cards (NICs) are typically adapter cards that plug into a slot on the a computer's motherboard, but they also come in Personal Computer Memory Card International Association (PCMCIA) card format for laptop computers and as cards or external devices for wireless networking. A wide variety of devices for home networking also perform the same general function of a NIC, including devices that plug into Universal Serial Bus (USB), parallel, or serial ports and transmit network signals over twisted pair wiring, telephone lines, or even electrical lines in a home. This article focuses, however, on the use of NICs in servers in enterprise environments, particularly in Gigabit Ethernet (GbE) networking.
Types
NICs are typically
Media-specific: UTP and fiber-optic cabling are the two most common options. Some older combo cards support both thinnet and UTP.
Network architecture-specific: Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI) each use their own distinctive type of NIC.
NICs for Ethernet networks are available in various speeds including 10 megabits per second (Mbps) for Ethernet, autosensing 10/100 Mbps for Fast Ethernet, and autosensing 10/100/1000 Mbps for GbE. These autosensing NICs determine the highest network speed supported by hubs and switches on the network and configure themselves accordingly.
Implementation
NICs are available for all common system bus types, including Industry Standard Architecture (ISA), Extended Industry Standard Architecture (EISA), Micro Channel Architecture, and Peripheral Component Interconnect (PCI). PCI cards are available in 32-bit and 64-bit form and give the best performance. In addition, PCI NICs are plug and play and hence easy to install and configure, in comparison to legacy NICs that require manual configuration of interrupt request (IRQ) and base I/O port settings.
A NIC's role is to convert the parallel stream of data on a computer's bus to serial form for transmission over the medium joining computers together on the network. This medium is typically either Category 5 (Cat 5) or enhanced Category 5 (Cat 5e) unshielded twisted-pair (UTP) cabling, fiber-optic cabling, or in the case of wireless networking, free space. The computer can communicate with the NIC using several methods, including memory-mapped I/O, direct memory access (DMA), or shared memory. A parallel stream of data is sent to the card and buffered in on-card memory before being packaged into discrete frames for transmission over the network. Framing adds headers and trailers to the data, which contains addressing, clocking, and error-checking information. The frames are then converted to electrical voltage pulses that drive an electrical signal over the wire (for copper wiring), modulated light pulses (for fiber-optic cabling), or microwaves (for wireless networking). The NIC on the receiving computer processes the signal in the reverse order, converting the signal first into a bit stream of frames and then into a parallel data stream for the receiving computer's bus. Some of the above functions are built into the NIC's firmware, and the remainder are implemented by the NIC driver software installed on the computer.
Marketplace
The largest producer of enterprise NICs overall is 3Com Corporation, while the top producer of GbE NICs is Intel Corporation, which has almost half of the enterprise market in this arena. 3Com is in second place in the GbE NIC market after its recent acquisition of Alteon Web Systems' GbE adapter technology. Asant Technologies rocked the market in 2000 with its introduction of a copper-based 1000BaseT NIC that sold for around $150-half the price of other vendors at the time. The copper GbE NIC market has steadily grown against the fiber GbE NIC market, and by the end of 2000, half of all GbE NICs shipped were copper 1000BaseT NICs.
Choosing the right NIC for a high-performance server is a crucial consideration in enterprise computing and e-commerce, as an inferior NIC can easily become a bottleneck for accessing network services. Some GbE NICs support advanced features such as onboard Internet Protocol Security (IPsec) processing to offload workload from the server. Certain NICs from 3Com fall into this category. Other smaller vendors have produced high-performance NICs with specialized features, such as Akamba Corporation's technology that allows for NICs used in Web servers to process Hypertext Transfer Protocol (HTTP) traffic, and Alacritech's technology for implementing a server's TCP stack in hardware on the NIC.
See Also Category 5 (Cat5) cabling ,enhanced Category 5 (Cat5e) cabling ,Ethernet ,Fast Ethernet ,Fiber Distributed Data Interface (FDDI) ,fiber-optic cabling ,frame ,Gigabit Ethernet (GbE) ,serial transmission ,Token Ring ,universal serial bus (USB) ,unshielded twisted-pair (UTP) cabling ,wireless networking
Layer 3 of the Open Systems Interconnection (OSI) reference model.
Overview
When two hosts on a network need to communicate, the network layer is responsible for determining a suitable path across the network, usually through some form of route calculation. The network layer thus enables hosts on a network to establish communications with each other. The network layer is also responsible for
Logical addressing of packets so they can be routed over the network to their intended destination
Fragmenting packets that are too large to be forwarded by router interfaces into sequences of smaller packets
Reassembly of sequences of packets into their original order
Performing congestion control
Types
Network layer protocols may be either connectionless or connection-oriented in operation. Examples of connectionless network-layer protocols include
Internet Protocol (IP): The network layer protocol used on the Internet
Internetwork Packet Exchange (IPX): A legacy NetWare protocol
The above protocols employ the transport layer protocols Transmission Control Protocol (TCP) and Sequential Packet Exchange (SPX), respectively, to ensure reliable communications by fragmenting and reassembling packets and requesting retransmissions when required.
Examples of connection-oriented network layer protocols include X.25 and Logical Link Control Type 2 (LLC-Type 2).
Protocols that enable routers to exchange information to create network topology maps also work at the network layer. Examples of such network layer routing protocols include Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Interior Gateway Routing Protocol (IGRP), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP).
See Also Border Gateway Protocol (BGP) , Enhanced Interior Gateway Routing Protocol (EIGRP) ,Interior Gateway Routing Protocol (IGRP) ,Internet Protocol (IP) ,Internetwork Packet Exchange (IPX) , Open Shortest Path First (OSPF), Open Systems Interconnection (OSI) reference model, Routing Information Protocol (RIP), transport layer, X.25
Managing a network's hardware, applications, and performance.
Overview
Network management is a broad term describing platforms and applications that can manage the various devices and software that constitute a network. This includes such general tasks as
Monitoring, measuring, and optimizing the performance of routers, switches, access servers, multiplexers, Web servers, mail servers, and other network devices and hardware.
Detecting, diagnosing, repairing, working around, and predicting the likelihood of failures and other problems.
Installing, upgrading, patching, distributing, configuring, managing, monitoring, and troubleshooting operating systems and applications on servers, desktop workstations, routers, and other hardware. This is often called desktop or systems management.
Network management may also involve
Mapping the topology of a network in real time through autodiscovery and graphically displaying this information in useful form to administrators.
Maintaining a central inventory database describing all devices, operating systems, and software on the network and how they are configured. When a change is made to the configuration of a device or application, the database is updated with the information automatically.
Setting alarms and establishing automated responses to various alert conditions when they arise. These alerts may relate to device failure, traffic bottlenecks, server overload, and other problems.
Remotely adding, removing, or rearranging local area network (LAN) and wide area network (WAN) links, a process called configuration management.
Monitoring a network against intrusion by hackers and other attacks.
Taking remote control of systems to manage, repair, or troubleshoot them.
Monitoring service level agreements with vendors and service providers.
Using artificial intelligence to determine the root cause of network failure and perform needed fixes automatically.
Generating real-time and cumulative logs and reports of network performance, traffic flow, server load, and other information. These can be for auditing, management, planning, troubleshooting, or provisioning purposes.
Managing different aspects of a network from workstations, using standard Web browsers, and even using wireless Personal Digital Assistants (PDAs).
Perform policy-based management of network resources and traffic prioritization, a rapidly emerging new area in network management.
Implementation
Most network management platforms employ a combination of proprietary solutions and standards-based usage of Simple Network Management Protocol (SNMP) and its cousin Remote Monitoring (RMON). Other standards from the Distributed Management Task Force (DMTF) and Internet Engineering Task Force (IETF) are important also, particularly Web-Based Enterprise Management (WBEM) and the emerging Policy Framework and SNMPConf initiatives. Network management platforms support these existing and emerging standards to various degrees.
Network management can be accomplished in several ways:
Using prepackaged tools included with network operating systems such as Microsoft Windows and UNIX: For example, Windows 2000 includes administrative tools such as Performance Monitor, Network Monitor, Computer Management, and other utilities that can be used to remotely monitor, manage, and troubleshoot server and network problems. Command-line tools such as Ping, Ipconfig, Tracert/Traceroute, Netstat, Nslookup, and others are also available on both Microsoft and UNIX platforms for configuring and troubleshooting Transmission Control Protocol/Internet Protocol (TCP/IP) networks. Trivial File Transfer Protocol (TFTP) and Telnet are often used for remote management of Cisco routers and other networking equipment from a command-line interface.
Using enterprise network management frameworks: These are suites of tools integrated to various degrees that enable (or promise to enable) administrators to remotely manage all aspects of a diverse, heterogeneous network from a central administrator console. Many of these systems began in the 1980s as organic collections of tools united by a common user interface (admin console) and back-end database (for storing network configuration information). They were large, complex, expensive, and difficult to implement, often requiring a great deal of customization to work properly and never quite living up to their marketed goals. Such systems were targeted mainly to large enterprises having deep pockets and have found wide acceptance in such environments to this day. This failure to fulfill customer expectations was partly a result of the rapid pace of technological evolution in operating system and networking technologies, with the result that vendors of such network management systems had difficulty keeping up with the pace of change in these technologies. Many of these systems have now evolved into one-size-fits-all packaged management systems that are easier to deploy and use but which are more limited in their goals. Some framework vendors have also made their systems extensible to allow third-party point products to fill gaps in their framework products. Popular examples of these types of frameworks are listed below in the section entitled "Marketplace."
Using loose collections of freeware and open source network management tools: Network administrators of small to mid-sized companies often create their own custom toolkit of useful management tools and utilities developed in-house or downloaded from the Internet and used for monitoring, configuring, and troubleshooting networks and servers. Using such diverse collections of tools, however, requires a high level of understanding of how networks actually work and how they ought to work and requires the discipline of implementing proper procedures and processes for maximum benefit.
Outsourcing network management needs: Small companies often benefit from outsourcing all of their network management needs to a network/systems integrator, who often can remotely manage network performance and troubleshoot server problems by means of the Internet using browser-based tools. Larger companies may outsource only specific portions of their management needs, such as allowing telcos to remotely monitor the channel service unit/data service units (CSU/DSUs) and T1 multiplexers that they lease to the customers. Outsourcing is a viable option for companies that do not have the resources to hire their own qualified network personnel.
Whatever the approach used for managing networks, most companies do not make this a high enough priority or allocate sufficient resources (in terms of both staff and money) to this aspect of their business as they do for their deployments of enterprise resource planning (ERP) and customer relationship management (CRM) software. If a company's customer and product data and communication/collaboration abilities are important and must be safeguarded and maintained at all costs, then safeguarding and maintaining the network on which information is stored and over which it travels should be an equally high priority, whatever the cost.
Marketplace
Network management frameworks for enterprise use are available from both traditional vendors and newer startups. Traditional vendors include Tivoli/IBM, Hewlett-Packard, Computer Associates, BMC Software, and several others. Tivoli Enterprise is a suite of platforms and tools providing desktop, network, storage, security, service, Web, and performance management. Tivoli products are available for a wide range of network operating systems, including Microsoft Windows, UNIX, and IBM's OS/390 mainframe platform. Tivoli even has a product line supporting end-to-end management of retail solutions that include point-of-sale terminals and automated teller machines (ATMs). They also have one for managing Personal Digital Assistants (PDAs), a rapidly growing concern in the enterprise environment. Tivoli software is used by 96 percent of Fortune 500 companies and is probably the most widely used management framework in enterprise environments. IBM's earlier NetView management platform is also integrated into the Tivoli line of products.
Another popular framework product is HP OpenView from Hewlett-Packard. Sun Microsystems also offers a management platform called Sun NetManager for their SunOS and Solaris machines. VERITAS Software Corporation is another contender in the enterprise arena with their Veritas NerveCenter-other vendors include Aprisma, NextPoint Networks, Lucent Technologies, and others. Finally, Microsoft has Microsoft Operations Manager (MOM) that provides enterprise-class event and application monitoring for the Windows 2000 and Windows .NET Server operating systems, and .NET Server application platforms.
Microsoft Systems Management Server is popular in the enterprise as a server, desktop, and applications management system. So is LANDesk Management Suite from Intel Corporation and Unicenter TNG from Computer Associates. Windows 2000 also supports a number of networking application programming interfaces (APIs) that allow information about network resources to be programmatically accessed, and some Active Directory Services Interface (ADSI) interfaces also provide similar functionality for script access.
Some vendors of point products that fill specific gaps in the management functionality of framework platforms include Concord Communications, Micromuse, RiverSoft Technologies, Tavve Software, and many others. A good example is CiscoWorks, which can be installed as an add-in for popular management frameworks such as HP OpenView and Sun NetManager. A number of start- ups provide point products providing root-cause analysis, automated event correlation, and other features previously lacking in big-name framework products. These startups include Evidian, Oxydian, Magnum Technologies, and many others.
Policy-based management tools include Cisco QoS Policy Manager from Cisco Systems and Orchestream Enterprise Edition from Orchestream. Application monitoring and performance tools include EcoSCOPE from Compuware Corporation, NextPoint S3 from NextPoint Networks, eHealth from Concord Communications, VitalSuite from Lucent Technologies, and many others. The most popular remote control software used in enterprise systems management is undoubtedly PCAnywhere from Symantec Corporation. The Terminal Services component of Windows 2000, Windows XP, and Windows .NET Server offers out-of-the-box remote control functionality for these operating systems. Citrix RMS from Citrix Systems is another network management tool that includes remote control.
Network probes are growing in popularity as weapons in the network manager's arsenal. These probes are small SNMP-enabled devices that can be plugged into a WAN demarcation point or LAN segment to monitor network traffic and collect statistics for network management stations.
Management of Linux systems can be easily performed using Volution, a platform from Caldera International designed for large enterprises, application service providers (ASPs), Internet service providers (ISPs), and similar companies that may use large numbers of Linux machines. Volution is based on Red Hat Package Manager (RPM) technology and supports a number of major Linux distributions. Also in the open source arena, an initiative called OpenNMS was acquired by Atipa Technologies and rebranded as the Bluebird network management platform. Bluebird is available under the open-source license.
For More Information
A good overview on network management standards and free software can be found at www.simpleweb.org
See Also Distributed Management Task Force (DMTF) , Internet Engineering Task Force (IETF) , Remote Network Monitoring (RMON), Simple Network Management Protocol (SNMP), Telnet, topology, Transmission Control Protocol/Internet Protocol (TCP/IP), Web-Based Enterprise Management (WBEM)
A software-based protocol analyzer included with Microsoft Windows 2000 and Windows .NET Server.
Overview
Network Monitor is a useful tool for troubleshooting network problems at the data-link, network, transport, and higher layers of the Open Systems Interconnection (OSI) reference model. You can use Network Monitor to
Capture data frames from a connected network
Display, filter, edit, and retransmit frames on the network
Monitor and display protocol statistics
Examine individual captured frames in detail
Network Monitor. Example of a trace in Network Monitor.
Notes
The version of Network Monitor included with Windows NT, Windows 2000, and Windows .NET Server is a simplified version that lacks some of the features in the full version included with Microsoft Systems Management Server (SMS). In particular, the simplified version can perform only local capturing of data to and from the computer running Network Monitor.
See Also network troubleshooting ,Open Systems Interconnection (OSI) reference model ,Systems Management Server (SMS)
The Internet protocol for Usenet newsgroups.
Overview
Network News Transfer Protocol (NNTP) is an Internet standard protocol that governs the interaction between NNTP servers (news servers) and NNTP clients (news readers). NNTP is the underlying protocol on which the Usenet news system popular on the Internet. NNTP connections between clients and servers and between servers and servers use Transmission Control Protocol (TCP) for reliable, guaranteed packet delivery.
NNTP is defined in RFC 977.
Implementation
NNTP is both a client/server protocol and a server/server protocol. NNTP supports a set of simple text commands that:
Enable NNTP clients such as Microsoft Outlook Express to connect to NNTP servers on TCP port 119 and download a list of newsgroups, read the messages in a newsgroup, and post a reply or a new message to a newsgroup.
Enable NNTP servers to replicate newsgroups and their content among each other. This replication process between NNTP servers (or NNTP hosts, as they are often called) forms the basis of the worldwide news system called Usenet.
NNTP client commands include the following:
LIST: To obtain a list of newsgroups available on the server
GROUP: To select a specific newsgroup
ARTICLE: To display a selected message
POST: To post a new message or reply to an existing one
NNTP clients connecting to NNTP servers sometimes require authentication before their NNTP commands are accepted.
See Also Internet , Transmission Control Protocol (TCP)
Numbers assigned to subnets on a legacy Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX) internetwork.
Overview
Network numbers uniquely identify portions of the network on an IPX/SPX internetwork. Network numbers must typically be manually assigned to hosts by the administrator to ensure proper network communication.
When using the NWLink IPX/SPX-Compatible Transport protocol on Microsoft Windows 2000, Windows XP, or Windows .NET Server networks, you must configure two different network numbers to ensure proper network communication:
The IPX network number (also known as the external network number), a unique number assigned to all computers on the same network segment that are using the same NWLink frame type. In Windows 2000, Windows XP, and Windows .NET Server, you configure this number by accessing the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol property sheet, selecting Manual Frame Type Detection, clicking Add, and entering the number.
The virtual network number (also known as the internal network number), a unique number assigned to a machine that enables it to be used in a multiple network environment. This number is hexadecimal 0 by default; in Windows 2000, Windows XP, and Windows .NET Server, you can configure it by specifying it on the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol property sheet.
To view the network number of a computer running Windows 2000, type ipxroute config at the command prompt.
Notes
When using the Transmission Control Protocol/Internet Protocol (TCP/IP), network numbers are instead called network IDs.
See Also internetwork ,
An operating system that is network-aware.
Overview
Network operating systems (NOSs) are used to build local area networks (LANs) that can be used for
Authenticating users who want to access the network for greater security
Enabling users to share files and printers and exchange messages for performing collaborative work
Centralizing administration of multiple computers to a single management console
Running distributed applications that share processing on multiple computers
Marketplace
Examples of popular NOSs include
Microsoft Windows 2000
Novell NetWare
Various flavors of UNIX
Linux
Internetwork Operating System (IOS) from Cisco Systems is an example of a NOS that runs not on computers but on internetworking devices such as routers.
See Also Internetwork Operating System (IOS) , Linux ,local area network (LAN) , UNIX, Windows 2000
A device for collecting network statistics.
Overview
Network probes are generally small devices that can be plugged into various points of a network to collect statistics and forward them to a network management station. These statistics then allow you to perform traffic analysis and identify trends so you can plan proper upgrades and identify problems.
Implementation
Network probes are a complement to existing network monitoring functionality based on Simple Network Management Protocol (SNMP) and Remote Monitoring (RMON) and are built in to today's intelligent network hubs, switches, and routers. Different probes are available that collect different kinds of information in various levels of detail, store this information in memory, and forward it to troubleshooting tools and management systems. Probes are available for different kinds of network architectures ranging from Ethernet to Asynchronous Transfer Mode (ATM) and from local area network (LAN) to wide area network (WAN) usage. LAN probes can usually be attached anywhere in a network or plugged into a port on an Ethernet switch. WAN probes are usually best located at the demarc point, the location where the physical circuit for the WAN link first enters the network-in other words, before the channel service unit/data service unit (CSU/DSU) when using leased lines such as T-carrier circuits.
See Also Asynchronous Transfer Mode (ATM) , Channel Service Unit/Data Service Unit (CSU/DSU) ,Ethernet ,Ethernet switch ,local area network (LAN) , Remote Network Monitoring (RMON), Simple Network Management Protocol (SNMP), T-carrier, wide area network (WAN)
A Layer 3 (network layer) of the Open Systems Interconnection (OSI) reference model for networking.
Overview
Common network protocols include the following:
Internet Protocol (IP): Part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite for connectivity with the Internet
Internetwork Packet Exchange (IPX): A legacy Novell NetWare protocol.
NetBEUI: A protocol developed from NetBIOS that functions at both the network and transport layers
Microsoft Corporation's 32-bit Windows operating systems are implemented in a layered fashion that allows multiple network protocols to be bound to multiple network interface cards (NICs) and allows multiple network clients and services to access these protocols. Windows computers can thus establish connectivity and interoperability with non-Microsoft operating system platforms such as UNIX and Novell NetWare.
See Also Internet Protocol (IP) , Internetwork Packet Exchange (IPX) , Open Systems Interconnection (OSI) reference model
The methods used to protect a network from hostile attack.
Overview
Network security is not only a broad topic but also an essential one for today's network administrator. Attempts to intrude, disrupt, and deface business and corporate networks has never been higher, facilitated in part by the ubiquitous presence of the Internet and broadband Internet access. The vulnerability of today's networks to security attacks is compounded by lack of awareness by corporate management, overworked IT (information technology) staff, rapid software upgrade cycles that encourage the release of buggy software, widespread availability on the Internet of easy-to-use hacking and cracking tools, and vulnerabilities in the underlying Transmission Control Protocol/Internet Protocol (TCP/IP) itself, the networking protocol used by the Internet.
Some of the risks faced by networks today include
Denial of service (DoS) attacks that tie up a network's resources so that legitimate users cannot gain access to them
Trojan horse programs that install back doors to allow valuable network credentials to be stolen and misused or that install remote control programs that provide intruders with full access to network resources
Viruses that invade networks through e-mail attachments and wreak havoc with important files
Network operating systems and applications whose default configurations are insecure and permit a wide range of attacks to be performed
Public Web sites that expose credit card information stored in databases through buffer overflows and script issues
Wireless networks with weak or no encryption that can be accessed easily by anyone driving by with a wireless-enabled laptop
Some of the tools and techniques network administrators can use to secure their networks include
Physical security: Simply locking the server room is a step that should not be overlooked. Users should also be taught not to write down their passwords on slips of paper taped under their keyboards and to be alert for malicious social engineering and persons calling and posing as network administrators and asking for passwords to fix alleged network problems.
Virus protection: Subscribing to a virus protection service is essential for hosts connected to the Internet.
Authentication: Properly configuring authentication methods are a necessary step to ensure against unauthorized logons. For high-security environments users can be provided with smart cards and other authentication tokens. Biometrics can also be employed if required, enabling users to be authenticated using fingerprint or retina scanners.
Access control: Properly securing resources with suitable permissions is a necessary step to ensure against unauthorized resource access. Periodic auditing of access controls is also important.
Auditing: Periodic auditing of security logs is essential, as even intelligent risk-analysis systems may miss certain kinds of attacks.
Encryption: Using a protocol such as Internet Protocol Security (IPsec) can ensure the integrity and privacy of data transmitted over the network, and other protocols such as Pretty Good Privacy (PGP) can be used to secure e-mail.
Firewalls: This is an essential tool for securing the perimeter of a network connected to the Internet, but firewalls must be properly configured and maintained and their logs should be periodically reviewed.
Remote access: Remote access systems can be made more secure by implementing callback and other features. If the Internet is used for remote access, virtual private networks (VPNs) can employ IPsec for greater security.
Intrusion detection: Installing an intrusion detection system (IDS) is becoming an essential part of corporate network security. Usually, the more intelligence these systems have the better, but they cannot replace the intelligence of the network administrator.
Patches: Operating systems and applications are frequently found to be buggy or insecure, and vendors issue fixes to address these problems. Keeping up to date regarding available patches and applying them in timely fashion is essential for today's network administrators. Web servers are especially viewed as targets by attackers, and they require considerable attention to maintain security and protect against newly discovered vulnerabilities.
Backups and fault tolerance: Every system is liable to be breached at some point, so having redundant hot standby systems is important in mission-critical e-commerce systems, and regular backups that are periodically restored for testing purposes are often the last line of defense against attackers damaging corporate databases.
Security policy: Developing, internally publishing, monitoring, and enforcing a corporate security policy is a vital step in securing your network.
Training: Making sure that IT staff are trained in using security tools is essential unless network operations are outsourced to other companies.
For More Information
Visit the SANS Institute at www.sans.orgVisit the CERT Coordination Center at www.cert.org
See Also access control ,auditing ,authentication protocol ,backup ,biometric authentication ,denial of service (DoS) ,disaster recovery ,encryption ,fault tolerance ,firewall ,hacking ,Internet Protocol Security (IPsec) ,intrusion detection system (IDS) ,remote access ,virtual private network (VPN) ,virus
The way that a network appears to end nodes communicating over it.
Overview
There are two different ways to consider the service method employed for host-host communications on a network: connection method and delivery method. These methods are provided through the operation of the lower three layers of the Open Systems Interconnection (OSI) reference model; namely, the network, data link, and physical layers. Delivery methods may be either
Reliable: Packets are delivered in the correct order without loss or duplication.
or
Best effort: Also called the datagram method, packets (datagrams) may be delivered out of order with possible duplication or lost packets. With best effort delivery, the transport layer (Layer 4 of the OSI model) is usually responsible to ensure out of sequence packets are reordered, duplicate packets are ignored, and lost packets are retransmitted.
From the point of view of network connectivity, there are also two kinds of network services:
Connectionless: Each packet is transmitted independently and contains the full source and destination address of the hosts communicating. No session establishment is required before communications can begin-the transmitting host simply starts sending packets to the destination, hoping higher layer protocols will ensure that delivery is achieved.
Connection-oriented: Also called the virtual circuit (VC) method, this method involves first establishing a communication session between two hosts before transmitting data. Once a session has been established, it is usually assigned some kind of session identifier in place of full source/destination addressing, and all data packets transmitted include this identifier and are routed or switched similarly.
See Also connectionless protocol ,connection-oriented protocol ,Open Systems Interconnection (OSI) reference model ,virtual circuit
A text file that provides a local method of resolving network names into their network IDs on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
Overview
The entries in the networks file are friendly names for TCP/IP networks; they can be used in TCP/IP commands such as the route command and for TCP/IP network management.
The networks file is at the following location on computers running Microsoft Windows:
Windows NT, Windows 2000, Windows XP, and Windows .NET Server: %SystemRoot%\ system32\drivers\etc
Windows 95 and Windows 98: \Windows
Examples
Each line in the networks file contains a friendly network name for the network, followed by the IP address of the network and an optional comment prefixed with a pound sign (#). The following example is from the sample networks file included with Windows 95 and Windows 98:
loopback 127 campus 284.122.107 london 284.122.108
See Also hosts file ,lmhosts file ,protocol file ,services file
A telecommunications device used in Integrated Services Digital Network (ISDN) networking.
Overview
The Network Termination Unit (NTU) allows customer premises equipment to be connected to the switching equipment at the telco's central office (CO). ISDN customer premises equipment, such as routers and ISDN phones, usually have an ISDN S/T interface, while the ISDN termination at the customer end of the local loop usually has a U interface using an RJ-45 connector. The NTU converts the U termination of the ISDN line to one or more standard coding S/T interfaces that are suitable for connecting digital ISDN-ready phones, routers, and other devices to an ISDN line.
NTUs work differently from ISDN terminal adapters, which allow you to connect analog telephones, faxes, and similar equipment to your ISDN line. NTUs typically support either point-to-point or multipoint connections over distances of up to 3.4 miles (5.4 kilometers) on 26 AWG copper twisted-pair cabling. Some newer ISDN- enabled devices have a built-in U interface, making an NTU unnecessary.
The following table shows the differences between the Basic Rate ISDN U and S/T interfaces.
Property | U Interface | S/T Interface |
Number of wires | 2 | 4 |
Connector | RJ-45 | RJ-45 |
Zero-to-peak voltage | 2.5 V | 0.75 V |
Line coding | 2B1Q (or 4B3T in Europe) | ASI (Alternate Space Inversion) |
See Also Integrated Services Digital Network (ISDN) ,ISDN terminal adapter
An Internet protocol for synchronizing computer clocks to an accurate reference clock.
Overview
Network Time Protocol (NTP) is used to synchronize computers with a remote reference system such as a cesium atomic clock. Synchronization of computers on a network is important for distributed applications, directory services, mail services, and other network services to work reliably. NTP solves this problem by providing a hierarchical series of time servers from which other computers can obtain the exact time, typically within an accuracy of several milliseconds. NTP time servers use Universal Time Coordinated (UTC), a global standard time that is independent of time zones.
NTP is defined in RFC 1305 and is supported by most UNIX platforms. A simplified version of NTP called Simple Network Time Protocol (SNTP) is also widely used and is supported by Microsoft Windows 2000, Windows XP, and Windows .NET Server.
Architecture
Master clocks are located at the U.S. Naval Observatories in Washington, D.C., and Colorado Springs, Colorado. These clocks are highly accurate atomic clocks that lose less than a second in a thousand years. Stratum 1 NTP servers obtain their time from direct connections to these master clocks. Stratum 2 servers obtain their time from stratum 1 servers and can provide time synchronization for computers on a network.
See Also UNIX ,Windows 2000
The way in which information transmitted over a network is received.
Overview
There are three basic types or models of how network transmissions are performed:
Unicasting: One host transmits to another host. An example is Transmission Control Protocol (TCP), part of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. Unicasting is the main transmission method used for sending data over a network.
Broadcasting: One host transmits to all hosts. An example is Address Resolution Protocol (ARP), used by TCP/IP networks running on Ethernet to resolve Layer 3 (network layer) Internet Protocol (IP) addresses into their associated Layer 2 (data link layer) MAC addresses. Broadcasts are often employed on networks for advertisements, announcements, name registrations, and other purposes.
Multicasting: One host transmits to a select group of hosts. Multicasting is often used for delivery of streaming audio or video across an IP network.
Notes
A broadcast's scope depends on the aspect of the network under consideration. For example, on IP networks a broadcast is delivered to all hosts on the local subnet, but on Ethernet networks a broadcast is sent to all hosts within a given broadcast domain.
See Also Address Resolution Protocol (ARP) ,broadcast domain ,broadcasting ,data-link layer ,Ethernet ,MAC address ,multicasting ,subnet ,Transmission Control Protocol (TCP) ,Transmission Control Protocol/Internet Protocol (TCP/IP) ,unicasting
The process of identifying and fixing network communication problems.
Overview
Computer networks are complex entities, and problems can arise on many levels that can prevent network communications from working. Network troubleshooting involves tools and procedures for identifying, locating, repairing, and maintaining networks so they can perform as expected.
Network administrators have a variety of weapons in their arsenal for troubleshooting different types of network problems, including
Physical-layer tools: The physical layer (Layer 1) of the Open Systems Interconnection (OSI) reference model is the layer responsible for signaling, that is, for placing voltages on the wire or light pulses within fiber-optic cabling. Cable testers and time domain reflectometers (TDRs) are the main tools used for diagnosing and locating cable breaks, fractures, and loose connections.
Higher-layer tools: For troubleshooting at the data link, network, transport, and higher layers of the OSI model, protocol analyzers are the primary tool. Protocol analyzers sniff (capture) network traffic and use various degrees of intelligence to interpret the nature of this traffic and any underlying problems that may be present. They range from software that can be installed on standard PCs that have network interface cards (NICs) that support promiscuous mode, to stand-alone devices ranging from handheld to briefcase size.
Integrated analyzers: These tools package together cable testers and TDRs with protocol analyzers to provide an integrated platform for troubleshooting a wide range of network problems.
Network probes: Also called Remote Network Monitoring (RMON) probes, these are generally small devices that can be plugged into a network or into switch ports to capture and buffer traffic statistics for forwarding to a network analyzer or network management system. Network probes facilitate troubleshooting of switched networks, an area in which traditional network analyzers designed for shared networks are less effective.
Marketplace
The market leader in network test equipment is Fluke Corporation, whose LANMeter line of protocol analyzers are widely used in enterprise environments. Fluke's new OptiView Integrated Network Analyzer takes this a step forward by providing an integrated network test device for troubleshooting cabling issues, performing protocol analysis, and capturing RMON statistics at speeds up to the gigabit per second range and using intelligence to present information to users in an understandable format.
Other vendors of network test equipment include 3Com Corporation, Agilent Technologies, Datacom Textron, Microtest, NetScout Systems, Network Associates/Sniffer Technologies, Network Instruments, Nortel Networks, and WildPackets.
Notes
Some general tips on diagnosing and resolving network problems include
Determining whether the problem affects a single user, group of users, or all users on the network
Establishing whether the problem is continuous, periodic, or intermittent
Checking for loose, sharply bent, or damaged cabling
Swapping hardware such as cabling, network interface cards (NICs), hubs, and switches to see the effect
Using Transmission Control Protocol/Internet Protocol (TCP/IP) troubleshooting commands such as ping and tracert
See Also cable tester , Open Systems Interconnection (OSI) reference model, ping, Remote Network Monitoring (RMON), time domain reflectometry (TDR), tracert
The percentage of available bandwidth being used in a network.
Overview
For Ethernet networks, a network utilization of 40 to 60 percent is normally the maximum. Higher utilization than this typically results in excessive collisions and retransmissions. Another word that describes network utilization is throughput, which is typically measured in megabits per second (Mbps) or megabytes per second (MBps).
See Also Ethernet ,
Replication of Network News Transfer Protocol (NNTP) newsgroup listings and content.
Overview
Newsfeeds are an essential part of the architecture of NNTP. Newsfeeds enable news servers belonging to the Internet's Usenet system to exchange lists of newsgroups and messages with one another.
Newsfeeds come in two types:
Push feed: Initiated by the remote host. This type is usually used when the newsfeed is very large.
Pull feed: Initiated by the local host. This type gives the local host more control over what to download.
The host that provides the newsfeed is called the inbound host; the host that receives the newsfeed is called the outbound host.
See Also Internet ,
A group of related messages on a Network News Transfer Protocol (NNTP) host.
Overview
Newsgroups generally contain postings on a particular topic, although they are often a prime target for spammers who post unsolicited advertisements. Newsgroups are defined hierarchically using a dotted notation. An example of a newsgroup is alt.books.computing, which is an "alternative" group that discusses books about computing. The dotted notation of the newsgroup name emphasizes the hierarchical structure of the Usenet system of newsgroups. For example,
alt is the root of the hierarchy of alternative newsgroups.
alt.books refers to either a newsgroup on alternative books or a collection of such newsgroups.
alt.books.cooking refers to either a newsgroup on alternative cookbooks or to a collection of such newsgroups.
Newsgroups can be either moderated or unmoderated. In moderated newsgroups, all messages posted to the newsgroup are first sent to the newsgroup moderator, who accepts or rejects messages depending on their relevance to the group's focus. Unmoderated groups are generally a free-for-all, although politeness dictates that users post only messages related to the newsgroup's focus.
Notes
When you first join a newsgroup, it's a good idea to "lurk" in the background for a while and read the postings to understand the focus and tone of the group. Posting off the topic or at too low a level in an advanced group can cause a "newbie" to get "flamed" (bombarded with offensive mail).
See Also Internet ,
Stands for near-end crosstalk, a measurement of the ability of network cabling to reject crosstalk.
See Also near-end crosstalk (NEXT)
A specification designed to replace the Peripheral Component Interconnect (PCI) system bus.
Overview
With today's Pentium III processors and high-speed hard disks, the PCI bus is rapidly becoming the bottleneck that limits the performance of high-speed data center servers. The PCI bus is limited to about 500 megabits per second (Mbps) of shared throughput. It lacks an error-detection mechanism and has relatively high latency. Next Generation I/O (NGIO) is intended to overcome these limitations. It uses a channel-based architecture that supports full-duplex transmission speeds of up to 2.5 gigabits per second (Gbps).
The NGIO Forum recently combined its efforts with a group called Future I/O, which was promoting a different standard. The combined standard will be called System I/O; its development group is headed by Intel Corporation and IBM and includes Microsoft Corporation, Sun Microsystems, Hewlett-Packard, and Dell Computer Corporation. System I/O will use a channel-based I/O architecture instead of a bus architecture and will use from 1 to 12 wires, each having a throughput of 2.5 Gbps. The channel-based architecture will allow different channels to carry different information to different components simultaneously, which will be a great improvement over parallel-transmission bus technologies. System I/O will also fully support hot-swapping of components.
For More Information
Visit the NGIO Forum at www.ngioforum.org
Stands for Network File System, a suite of protocols for accessing file systems across a network.
See Also Network File System (NFS)
Stands for Next Generation I/O, a specification designed to replace the Peripheral Component Interconnect (PCI) system bus.
See Also Next Generation I/O (NGIO)
Stands for network interface card, a device that allows a computer to communicate on a network.
See Also network interface card (NIC)
Stands for Network Information System, a protocol used for naming and directory services on UNIX platforms.
See Also Network Information System (NIS)
Stands for National Institute of Standards and Technology, a U.S. government organization that provides services and programs to help U.S. industries commercialize new technologies and compete internationally.
See Also National Institute of Standards and Technology (NIST)
Stands for Network News Transfer Protocol, the Internet protocol for Usenet newsgroups.
See Also Network News Transfer Protocol (NNTP)
A general term for a device on a network that has a specific physical or logical address.
Overview
Nodes on a network can be computers, repeaters, bridges, or other devices on a network that can transmit, receive, or process signals. Another name for a node, especially on Ethernet networks, is a station .
Other common meanings of the term node include
A domain or subdomain in the namespace of the Domain Name System (DNS)
An object in the console hierarchy of Microsoft Management Console (MMC)
In clustering terminology, a machine that is a member of a cluster
See Also clustering , Ethernet ,
Random disturbances in a transmission.
Overview
In computer networking, noise is undesirable random electrical transmission that is generated by networking components such as network interface cards (NICs) or induced in cabling by proximity to electrical equipment that generates electromagnetic interference (EMI). Noise is generated by all electrical and electronic devices, including motors, fluorescent lamps, power lines, and office equipment, and it can interfere with the transmission of signals on a network. The better the signal-to- noise ratio of an electrical transmission system, the greater the throughput of information on the system.
Noise can usually be reduced (but never entirely eliminated) by using higher-quality components, lowering the temperature of components, or using shielded cabling. Be sure to locate sensitive networking components and cabling away from heavy machinery, generators, motors, and other equipment that can generate a lot of EMI. Also be sure to terminate cables properly at patch panels and wall plates to minimize noise due to crosstalk.
See Also cabling , crosstalk ,electromagnetic interference (EMI) , signal
A type of backup in which all the selected files and folders are backed up.
Overview
Also known as full backup, normal backups are the most secure way of backing up files and folders to tape. In a normal backup, the archive attribute is marked for each file and folder that is backed up. If the file is later modified, the archive attribute is cleared, indicating that the file needs to be backed up again. Normal backups are the safest form of backup but take the longest and use the most tape. They are also the easiest form of backup to perform a restore from, because you generally need only one tape to perform the restore (unless the amount of information to be backed up exceeds the capacity of the tape).
Notes
A good backup plan consists of at least one normal backup each week, with either incremental or differential backups during the rest of the week.
See Also backup ,backup type
Stands for network operating system, an operating system that is network-aware.
See Also network operating system (NOS)
The directory services platform from Novell Networks.
Overview
Novell Directory Services (NDS) is a distributed network directory service platform for managing network resources such as users, groups, servers, shares, printers, and applications. NDS was introduced in 1993 with version 4 of the Novell NetWare operating system. Eventually, NDS was ported to other platforms, ranging from Sun Microsystems' Solaris platform to IBM S/390 mainframes. NDS is widely used in enterprise environments and is the main competitor for the Active Directory directory service of Microsoft Windows 2000 and Windows .NET Server.
Implementation
NDS is loosely modeled after the X.500 specification from the International Telecommunication Union (ITU). The foundation of NDS is the directory tree, which provides a hierarchical view of all network resources. Resources in the network can be grouped logically according to their location, function, or the structure of the company. Objects in the tree can be either containers or leaf objects, with the root container being the name of the company or organization. Containers can be considered branches and can hold leaf objects or other containers. When a user is assigned access rights to a container, these rights flow down into any subcontainers within the container. Trees, subtrees, and containers can also be renamed and merged.
You can implement NDS directories as a distributed database that is partitioned among multiple NDS servers on the network to provide fault tolerance and load balancing. As a result, no single server contains or is responsible for the entire directory. The NDS servers replicate with each other to ensure that each server contains an up-to-date version of the directory for the portion of the directory that the server is responsible for. To locate an object such as a user, a group, a shared directory, or a printer on the network, an NDS client can access the directory on any NDS server.
Notes
NDS was originally called NetWare Directory Services, since it was tightly coupled to the Novell NetWare operating system. The latest version of NDS is now called Novell eDirectory.
See Also Active Directory ,directory ,eDirectory ,X.500
A utility for diagnosing problems with name servers.
Overview
Nslookup is a Transmission Control Protocol/Internet Protocol (TCP/IP) command-line utility for troubleshooting name servers that are part of the Domain Name System (DNS). Nslookup can be used to manually display resource records contained in the zone files of name servers. Nslookup is supported by the Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server operating systems.
Examples
Nslookup can operate in either interactive or noninteractive (batch) mode. You enter interactive mode by typing nslookup at the command prompt. Once in the interactive running state, you could type ls -d microsoft.com, for example, to list all the resource records for the microsoft.com domain that are stored in the DNS database of the name server being queried.
See Also Domain Name System (DNS) , Transmission Control Protocol/Internet Protocol (TCP/IP)
A Domain Name System (DNS) record that identifies a secondary name server for a zone.
Overview
For each zone in the DNS namespace there are typically one or more name servers that can be used to resolve the names of hosts in that zone into their associated Internet Protocol (IP) addresses. The master name server for a zone (the name server that is authoritative for that zone) is listed in the SOA record that defines the zone's characteristics. Secondary name servers for the zone are identified by one or more NS records, one for each secondary name server in the zone. Each NS record also requires a matching A record that resolves the fully qualified domain name (FQDN) of the secondary name server into its associated IP address.
NS records are also used to specify primary name servers for delegated zones. The full syntax for the NS record is found in RFC 1035.
Examples
Here is a typical example of an NS record:
microsoft.com. IN NS ns2.microsoft.com.
In this example, hosts within the microsoft.com domain can be resolved using the name server called ns2. In this example IN stands for Internet and NS stands for name server.
See Also A record , Domain Name System (DNS) ,fully qualified domain name (FQDN) , SOA record
Stands for NTFS file system, the file system of Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server.
See Also NTFS file system (NTFS)
The file system of Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server.
Overview
NTFS file system (NTFS) is an advanced, high- performance file system designed for use with the Windows NT and supported by Windows 2000 and later. NTFS provides better performance and reliability than the file allocation table (FAT) file system first developed for the Microsoft Disk Operating System (MS-DOS) and used in earlier versions of Windows. NTFS also supports security features for data access control and ownership privileges that make it suitable for corporate file and application servers. The following table shows a comparison between the features of NTFS and FAT.
Feature | NTFS | FAT |
Local security | x | |
File-level access permissions | x | |
Automatic recoverability using lazy writes and transaction logging | x | Lazy writes only |
File-level compression | x | |
POSIX-compliant | x | |
Supports Services for Macintosh | x | |
Dual boot with Windows 95 and Windows 98 | x | |
Maximum volume size | 264 = 32 exabytes (theoretical) 241 = 2 terabytes (practical) | 232 = 4 gigabytes (GB) |
Optimal volume size | Less efficient for volumes under ~50 megabytes (MB) | Less efficient for volumes over ~500 MB |
Windows 2000, Windows XP, and Windows .NET Server support a new version of NTFS called NTFS5 that includes additional features not supported by the earlier NTFS4 of Windows NT. These features provide greater manageability and enhanced security and include
Multiple data streams: Allow libraries of files to be defined as alternate streams.
Reparse points: Alter the way in which NTFS resolves path names.
Change journal: Provides a persistent log of all changes made to files on the volume.
Encryption: Allows data to be stored in encrypted form using the Encrypting File System (EFS).
Sparse file support: Allows programs to create very large files while consuming disk space only as needed.
Disk quotas: Allow administrators to control how much disk space users have access to.
FAT32: Supports an enhanced version of FAT first included with the OSR2 version of Windows 95. FAT32 supports larger disk partitions than FAT.
Universal Disk Format (UDF): The replacement for the earlier Compact Disk File System (CDFS). UDF is an international standard (ISO-13346) that supports both CD-ROM and DVD-ROM drives.
Architecture
Like FAT, NTFS uses the cluster as the fundamental unit of disk space allocation. The default size of the clusters for an NTFS volume depends on the size of the volume, as shown in the table. When you create a new NTFS volume by formatting a disk partition with NTFS, the master file table (MFT), which contains information concerning all the files and folders stored on the volume, is created. The MFT is located on the disk immediately after the partition boot sector, which contains the BIOS parameter block and the code that enables the operating system to find and load the startup files. After the MFT comes NTFS system files, which help implement NTFS by storing information such as the contents of the volume, volume name and version, table of attribute names and numbers, a list of transaction steps used for NTFS recoverability, and the root folder. After the NTFS system files is the file area where user data can be stored. The total overhead of the MFT and NTFS system files is about 1 MB.
NTFS file system (NTFS). Structure of an NTFS volume.
Volume Size | Sectors/Cluster | Cluster Size |
512 MB or less | 1 | 512 bytes |
513 KB-1024 MB | 2 | 1 kilobyte (KB) |
1025 MB-2048 MB | 4 | 2 KB |
2049 MB-4096 MB | 8 | 4 KB |
4097 MB-8192 MB | 16 | 8 KB |
8193 MB-16384 MB | 32 | 16 KB |
16385 MB-32768 MB | 64 | 32 KB |
32769 MB or more | 128 | 64 KB |
Notes
Note that Windows NT 4 systems must be running Service Pack 4 or later to read basic volumes formatted using the Windows 2000 version of NTFS. Also, because of the different disk structures, Windows NT 4 disk utilities such as Autochk and Chkdsk will not work on Windows 2000, Windows XP, or Windows .NET Server NTFS volumes. Because of these incompatibilities, Microsoft Corporation does not recommend dual booting between Windows NT 4 and Windows 2000.
See Also file allocation table (FAT) ,file system
A set of permissions used in Microsoft Windows 2000, Windows XP, and Windows .NET Server to secure folders and files located on an NTFS file system (NTFS) partition or volume.
Overview
NTFS permissions provide security for both local and network access to the file system. They are different from shared folder permissions, which can be applied only to folders and which secure the file system for network access only, not for local access.
NTFS permissions in Windows 2000 differ depending on whether they are applied to files or to folders. The five standard file permissions and six standard folder permissions are listed in the following tables. These standard file and folder permissions are actually composed of various groupings of the 18 different special permissions-for more information, see the "NTFS special permissions (Windows 2000, Windows XP, and Windows .NET Server)" article elsewhere in this book. These groupings simplify the job of securing files and folders on NTFS file system partitions and volumes.
File Permission | User Access Granted |
Read | Open the file and view its permissions, attributes, and ownership |
Write | Modify the file, modify its attributes, and view its permissions, attributes, and ownership |
Read & Execute | Delete the file and do everything Read permission allows |
Modify | Delete the file and do everything Read & Execute and Write permissions allow |
Full Control | Take ownership, modify permissions, and do everything Modify permission allows |
Folder Permission | User Access Granted |
Read | View contents of folder and view its permissions, attributes, and ownership |
Write | Create new files and folders in the folder, modify its attributes, and view its permissions, attributes, and ownership |
List Folder Contents | View contents of folder |
Read & Execute | View subfolders within the folder and do everything Read and List Folder Contents permissions allow |
Modify | Delete the folder and do everything Read & Execute and Write permissions allow |
Full Control | Take ownership, modify permissions, and do everything Modify permission allows |
To use these standard permissions to secure a file or folder, you must be the object's owner, have full control of the object, or be a member of the Administrators system group. You must explicitly assign a permission to a file or folder for the permission to be granted. If no permission is specified for a given user or group, the user or group has no access to the file or folder. When you explicitly assign a permission, you can choose to either allow or deny that permission.
When you create a file or folder on an NTFS file system volume, it inherits the permissions of its parent folder or volume. When you assign a permission to a parent folder or volume, you have the option of propagating that permission to all of its child folders and files.
The following rules apply to assigning permissions for files and folders on NTFS file system volumes:
If a user belongs to two or more groups and the groups have different permissions on a given folder, the user's effective permission is the least restrictive of the permissions. For example, if a user has Read permission on a file and a group the user belongs to has Modify permission, the user's effective permission is Modify, which is the least restrictive of the two.
A permission explicitly denied overrides a similar permission explicitly allowed. For example, if a user has Read permission on a file and a group the user belongs to has been denied Read permission, the user cannot open and read the file.
A permission for a file overrides a similar permission for the folder containing the file. For example, if a user has Modify permission on a file and Read permission on the folder containing the file, the user can open, read, edit, and save changes to the file.
Notes
The differences between NTFS standard permissions for the Windows 2000, Windows XP, and Windows .NET Server operating systems and those for Windows NT include the following:
Windows 2000, Windows XP, and Windows .NET Server have six folder permissions; Windows NT has seven.
Windows 2000, Windows XP, and Windows .NET Server have five file permissions; Windows NT has four.
In Windows 2000, Windows XP, and Windows .NET Server, you can explicitly grant or explicitly deny any standard file or folder permission. In Windows NT, you can only explicitly grant a permission (but you can explicitly grant no access as a permission).
When you format a partition or volume using NTFS, the Everyone system group is automatically assigned full control permission for the root of the volume. Any new files or folders you create on the volume inherit this permission. Be aware that leaving full control for everyone might create a security risk; you should replace it with more suitable permissions such as full control for the Authenticated Users special identity.
See Also NTFS permissions (Windows NT) ,NTFS special permissions (Windows 2000, Windows XP, and Windows .NET Server)
A set of permissions used in Microsoft Windows NT to secure folders and files on an NTFS file system (NTFS) partition.
Overview
NTFS permissions provide security for both local and network access to the file system. They are different from shared folder permissions, which can be applied only to folders and which secure the file system for network access only, not for local access.
NTFS permissions in Windows NT differ depending on whether they are applied to files or to folders. The four standard file permissions and seven standard folder permissions are listed in the following tables. These standard file and folder permissions are actually composed of various groupings of six NTFS special permissions:
Read (R)
Write (W)
Execute (X)
Delete (D)
Change Permission (P)
Take Ownership (O)
For more information on these special permissions, see the "NTFS special permissions (Windows NT)" article elsewhere in this book.
File Permission | Special Permissions |
Full Control | RWXDPO |
Change | RWXD |
Read | RX |
No Access | None |
Folder Permission | Special Permissions for Folders | Special Permissions for Files in a Folder |
Full Control | RWXDPO | RWXDPO |
Change | RWXD | RWXD |
Add & Read | RWX | RX |
Add | WX | Unspecified |
Read | RX | RX |
List | RX | Unspecified |
No Access | None | None |
To use these standard permissions to secure a file or folder, you must be the object's owner, have full control of the object, or be a member of the Administrators system group. You must explicitly assign a permission to a file or folder for the permission to be granted. If no permission is specified for a given user or group, the user or group has no access to the file or folder.
When you create a file or folder on an NTFS file system partition, it inherits the permissions of its parent folder or partition. When you assign a permission to a parent folder or partition, you have the option of propagating that permission to all of its child folders and files.
The following rules apply to assigning permissions for files and folders on NTFS file system volumes:
If a user belongs to two or more groups and the groups have different permissions in a given folder, the user's effective permission is the least restrictive of the permissions. For example, if a user has Read permission on a file and a group the user belongs to has Change permission, the user's effective permission is Change, which is the less restrictive of the two.
The No Access permission overrides all other permissions. For example, if a user has Read permission on a file and a group the user belongs to has No Access permission, the user cannot open and read the file.
A permission for a file overrides a similar permission for the folder containing the file. For example, if a user has Change permission on a file and Read permission on the folder containing the file, the user can open, read, edit, and save changes to the file.
Notes
For a description of the differences between NTFS standard permissions for Windows 2000 and for Windows NT, see the "NTFS permissions (Windows 2000)" article elsewhere in this book.
In most cases NTFS standard permissions are sufficient for controlling access to a file or folder. If standard permissions are not sufficiently granular for your purposes, you can use NTFS special permissions.
See Also NTFS permissions (Windows 2000, Windows XP, and Windows .NET Server) ,NTFS special permissions (Windows 2000, Windows XP, and Windows .NET Server)
Individual permissions granted or denied when NTFS file system (NTFS) standard permissions are not sufficiently granular for specific security purposes.
Overview
NTFS special permissions available depend on whether you are securing files or folders. In both cases, 14 special permissions are available; 10 of these are common to the two scenarios. The following tables list the various NTFS special permissions available in Microsoft Windows 2000, Windows XP, and Windows .NET Server.
Special Permission | User Access Granted |
Read Attributes | View the attributes (including read-only, hidden, system, and archive) of the file or folder |
Read Extended Attributes | View custom attributes that can be defined by certain applications for the file or folder |
Write Attributes | Modify the attributes of the file or folder |
Write Extended Attributes | Modify custom attributes that can be defined by certain applications for the file or folder |
Delete Subfolders And Files | Delete subfolders or files |
Delete | Delete the file or folder; however, even if this permission is denied on a file, you can delete it if its parent folder has been granted Delete Subfolders And Files permission |
Read Permissions | View the permissions on the file or folder |
Change Permissions | Modify the permissions on the file or folder |
Take Ownership | Take ownership of the file or folder |
Synchronize | Lets threads in multithreaded programs wait on the file or folder handle and synchronize with another thread that signals it |
Special Permission | User Access Granted |
Execute File | Execute the file |
Read Data | Read the file |
Write Data | Modify the file |
Append Data | Append to the file (but not modify existing data) |
Special Permission | User Access Granted |
Traverse Folder | Drill down to other files and folders in the folder even if you have no permissions on intermediate subfolders |
List Folder | View the names of subfolders and files in the folder |
Create Files | Create files in the folder |
Create Folders | Create subfolders within the folder |
You can grant or deny special permissions by using the Advanced button on the Security tab of a file's or folder's property sheet. You can select different combinations of special permissions to create custom sets of permissions for special purposes. In most cases, however, it is simplest to use NTFS standard permissions for securing files and folders. If you use special permissions, there is a lot of flexibility in how you can apply them, especially if you are applying them to a folder. For example, you can apply a custom set of special permissions to
The selected folder only
The selected folder, its subfolders, and files
The selected folder and its subfolders only
The selected folder and its files only
Subfolders and files of the selected folder but not the folder itself
Subfolders of the selected folder but not the folder itself
Files in the selected folder but not the folder itself
To use special permissions you must be the object's owner, have full control of the object, or be a member of the Administrators group.
Notes
In Windows XP and Windows .NET Server, the Full Control permission is listed in the Special Permissions screen. When selected, Full Control gives the user all special permissions that apply to the file or folder.
There are significant differences between NTFS special permissions for Windows 2000, Windows XP, and Windows .NET Server and those for Windows NT. The most obvious difference is that in Windows 2000, Windows XP, and Windows .NET Server, you can assign any of 14 special permissions, but in Windows NT you have 6 special permissions to choose from: Read (R), Write (W), Execute (X), Delete (D), Change Permission (P), and Take Ownership (O). The reason for this difference is that in Windows NT much of the machinery of NTFS is hidden from the user interface, but in Windows 2000, Windows XP, and Windows .NET Server, this machinery is exposed in the user interface.
See Also NTFS permissions (Windows 2000, Windows XP, and Windows .NET Server) ,NTFS permissions (Windows NT)
Individual permissions granted or denied when NTFS file system (NTFS) standard permissions are not sufficiently granular for specific security purposes.
Overview
The special permissions available are the same whether you are securing files or folders, with the exception that when you secure a directory you have the additional option of leaving access unspecified instead of assigning a specific set of special permissions. In both cases, six special permissions are available; these are listed in the following table.
Special Permission | Symbol | User Access When Applied to Files | User Access When Applied to Folders |
Read | R | View file owner and permissions Read the file | View contents of the folder View folder attributes View folder owner and permissions |
Write | W | View file owner and permissions Modify file attributes Edit the file | Add files to the folder Add subfolders Modify folder attributes View folder owner and permissions |
Execute | X | View file owner and permissions Modify file attributes Run the executable file | View folder attributes Browse folder hierarchy View folder owner and permissions |
Delete | D | Delete the file | Delete the folder |
Change Permission | P | Change file permissions | Change folder permissions |
Take Ownership | O | Take ownership of the file | Take ownership of the folder |
By selecting different combinations of special permissions, you can create custom sets of permissions for special purposes. In most cases, however, NTFS standard permissions are sufficient for securing files and folders. To use special permissions, you must be the object's owner, have full control of the object, or be a member of the Administrators system group. For information on which sets of special permissions comprise the various standard permissions, see the "NTFS permissions (Windows NT)" article elsewhere in this book.
Notes
For a description of the differences between NTFS special permissions for Microsoft Windows NT and for Microsoft Windows 2000, see the "NTFS special permissions (Windows 2000, Windows XP, and Windows .NET Server)" article elsewhere in this book.
See Also NTFS permissions (Windows 2000, Windows XP, and Windows .NET Server) ,NTFS permissions (Windows NT)
Another name for Windows NT Challenge/Response Authentication, an authentication scheme used in Microsoft Windows NT-based networks.
See Also Windows NT Challenge/Response Authentication
Stands for Network Time Protocol, an Internet protocol for synchronizing computer clocks to an accurate reference clock.
See Also Network Time Protocol (NTP)
Stands for Network Termination Unit, a telecommunications device used in Integrated Services Digital Network (ISDN) networking.
See Also Network Termination Unit (NTU)
Stands for NT Virtual DOS Machine, an MS-DOS environment simulator in Windows NT.
See Also NT Virtual DOS Machine (NTVDM)
An MS-DOS environment simulator in Microsoft Windows NT.
Overview
NT Virtual DOS Machine (NTVDM) is a single- threaded Win32 application that simulates an MS-DOS environment on Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server. The NTVDM enables the system to properly run MS-DOS and Windows 3.x applications. Each MS-DOS-based application running on Windows NT requires its own NT Virtual DOS Machine (NTVDM). As a result, if an MS-DOS-based application fails while running on Windows NT, it does not affect other MS-DOS-based applications.
You can customize the NTVDM for an MS-DOS-based application by right-clicking on the application's executable file and choosing Properties. The settings you can configure are similar to those available in the Windows 3.x tool PIF Editor.
See Also Microsoft Disk Operating System (MS-DOS) ,Windows NT
A serial cable with cross-pinning that is used for file transfers and for other specialized communication between computers.
Overview
Null modem cables, also known as file transfer cables, are used to directly connect two computers for transferring files between them-for example, by using the Direct Cable Connection accessory of Microsoft Windows 95 and Windows 98. Note that parallel data- transfer cables achieve faster data transfer rates for file transfer than serial null modem cables.
The most common form of null modem cable is based on the RS-232 serial transmission interface specifications. Pins 2 and 3 are crossed in a null modem cable to allow you to directly link two RS-232 serial ports on different computers. Other pins can also be crossed depending on the intended purpose of the cable. The most common forms of termination for these cables are DB9 and DB25 connectors.
Serial RS-232 null modem cables support distances of up to about 50 feet (15 meters) and can be used for any communication for which a direct DTE-to-DTE connection or DCE-to-DCE connection is required. If longer distances are needed in serial communication, you can use a line driver to amplify the signal up to several kilometers. A cable connecting two pieces of data terminal equipment (DTE) is specifically called a null modem cable, but a cable connecting two pieces of data communications equipment (DCE) is usually called a tail-circuit cable and has a different cross-pinning. You can obtain null modem cables for other serial interfaces such as V.35 and those with special types of pinning.
Notes
Use a shielded null modem cable to extend distances up to 98 feet (30 meters) without using line drivers.
See Also data communications equipment (DCE) ,data terminal equipment (DTE) ,RS-232 ,serial transmission
Stands for NWLink IPX/SPX-Compatible Transport, Microsoft Corporation's version of Novell's legacy Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX).
See Also NWLink IPX/SPX-Compatible Transport (NWLink)
Microsoft Corporation's version of Novell's legacy Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX).
Overview
IPX/SPX is a legacy networking protocol used in Novell NetWare 2.x and 3.x . NWLink IPX/SPX-Compatible Transport (NWLink) is Microsoft's 32-bit version of this protocol for the Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server platforms.
NWLink supports the following features:
Compliance with network driver interface specification (NDIS) 4 on Windows NT and NDIS 5 on Windows 2000, Windows XP, and Windows .NET Server.
Support for NetBIOS over NWLink (NWLink NetBIOS)
Support for the following interprocess communications (IPC) mechanisms: Windows Sockets, named pipes, and remote procedure calls (RPCs)
Uses
NWLink can be used on Microsoft platforms when
Microsoft clients such as Windows NT Workstation, Windows 2000 Professional and Windows XP Professional require access to NetWare file, print, and application servers. These clients can access NetWare servers either directly using Client Services for NetWare (CSNW) or through a gateway server running Gateway Service for NetWare (GSNW).
NetWare clients need access to servers running Windows NT, Windows 2000, and Windows .NET Server. NetWare clients can access file and print services directly on Windows servers using File and Print Services for NetWare (FPNW).
Notes
If a Windows NT, Windows 2000, Windows XP, or Windows .NET server or client with NWLink installed is unable to communicate with NetWare clients or servers, check the properties of NWLink to make sure you are using the same frame type as the machines running NetWare. Note that you must also specify IPX/SPX network numbers when configuring NWLink.
See Also Client Services for NetWare (CSNW) , File and Print Services for NetWare (FPNW) ,Gateway Service for NetWare (GSNW) ,