Principles of ClientServer Architecture

Principles of Client/Server Architecture

So now you know that client/server architecture allows a user on one machine, called the client (which can be either a UNIX or Windows NT/2000/XP machine), to request some type of service from a machine to which it is attached, called the server (a UNIX or Windows machine). And you know that they connect to each other over a network such as a LAN (local area network) or a WAN (wide area network). These services may be such things as requests for data in databases, information contained in files or the files themselves, or requests to print data on an attached printer. Although clients and servers are usually thought of as two separate machines, they may, in fact, be two separate areas on the same machine. Thus, a single UNIX machine may be both a client and server at the same time. Further, a client machine attached to a server may itself be a server to another client, and the server may be a client to another server on the network. It is also possible to have a client running one operating system and the server running another operating system.

Several types of client machines are common in client/server environments. One of the most popular clients is an Intel-based personal computer running in a Windows (Windows NT/2000/XP) environment. Another popular client machine is an X terminal; in fact, the X Window System follows a classic client/server model. X Window applications (clients) are separate from the software that manages the input and output (server), so that the same application can be used by X terminals with different hardware characteristics. The X Window System and its use of client/server relationships is discussed on the Companion web site.

There are also UNIX clients that run such operating system environments such as Linux and Mac OS X. You can have a server in your network that requests things from another server; in this case the first server is also a client of the server machine that it is requesting services from. Regardless of the type of client you are using in your client/server network, it is performing at least one of the basic functions described in the next section under client functions.

UNIX is an extremely popular server operating system because-as a true multitasking operating system environment-it can be used in more types of configurations on server machines than file servers and print servers. In addition to sharing applications over the network, one of the most popular uses of UNIX on servers is the file sharing capability available via NFS, which is discussed later in this chapter. In addition, UNIX servers support all distributed computing models, which is why a lot of companies run business-critical applications on UNIX servers. There are also a few different UNIX server environments. One example of a UNIX server environment is an Intel-based personal computer, a workstation, or a minicomputer running a version of UNIX such as Linux. There are also workstations running variants of the UNIX operating system environments such as Solaris, HP-UX, or Mac OS X, which are also described throughout this book. Regardless of the type of server you are using in your client/server network, it is performing at least one of the basic functions described under “Servers and Server Functions,” which follows.

Clients and Client Functions

Clients in a client/server network are the machines or processes that request information, resources, and services from an attached server. These requests may be such things as to provide database data, applications, parts of files, or complete files to the client machine. The data, applications, or files may reside on the server and just be accessed by the client, or they may be physically copied or moved to the client machine. This arrangement allows the client machine to be relatively small, such as a personal computer, and use the memory or disk storage capability on the server, which is often a workstation. A typical client request is to access file information that has been stored on a server called a file server. When a client requests some particular file information to be shared, the server must allow that client to access the requested file, usually through an internal table of which clients have access to server data. This concept is covered in detail later in this chapter in the sections on file sharing using NFS. You’ll learn more about file servers in the section “General Server Functions.”

Another typical client request is to provide some type of print service to the client from a centrally located printer on a server called a print server. This arrangement reduces the number of printers in a multiple-client environment, and it not only reduces the total cost of the network but also provides a single point of administration for all print requests.

Some other types of client requests are to provide communications services such as access to other servers or access to gateways such as the Internet, fax services, or electronic mail services using UNIX facilities such as sendmail and smtp. For each type of client environment there is usually specific software (and sometimes hardware) on the client, with some analogous software and hardware on the server.

Over the past decade, a new type of client has evolved. The web client is a machine that runs either a UNIX variant or Windows, and requests web services-such as retrieving URL and HTML information-from something called a web server (a machine that has special software to let users access web pages and other web services on the network). Chapter 10 discusses these concepts in more depth.

Servers and Server Functions

Servers in a client/server network are the resources-both hardware and software-that provide information and services to the clients on the network. When a client requests a resource such as a file, database data, access to remote applications, or centralized printing, the server provides these resources to the client. As mentioned previously, the server processes may reside on a machine that also acts as a client to another server. We will describe three of the more common UNIX server types later in this section. These are file servers, print servers, and web servers.

In addition to providing these types of services, a server may provide access to other networks, acting as a communications server that connects to other servers, or to mainframe or minicomputers acting as network hosts. It may also allow faxes or electronic mail to be sent from a client on one network to a client on another network. It may act as a security server, allowing only certain clients to gain access to other resources on the network. It may act as a network management server, controlling and reporting on various statuses of both clients and other servers on the network. It may act as a multimedia server, providing audio, video, and data files stored on CD-ROMs to clients from a centralized source, thus reducing hardware and disk storage requirements for each client. A server may also act as a directory or gateway server, whose sole function is to provide directory and routing functions to clients that wish to connect to outside networks, similar to a communications server. An example of this is a DNS (Domain Name Service), discussed in Chapter 17, whose sole function is to resolve host names that are outside of the local host table.

File Servers

File servers provide clients in a network access to files. The Network File System (NFS), developed by Sun Microsystems, is widely used by networks that want to share files in a heterogeneous environment. NFS is discussed in more detail later in this chapter.

The main feature of NFS is the capability to use RPCs (Remote Procedure Calls) to make requests for remote file services appear to the client as though they were local system requests. In other words, the user does not have to worry about where the files actually reside. The files are opened, read, written (if permitted), and closed just like local files. NFS administration takes care of which clients can access files.

The file systems containing client-requested files must be made available for users by first mounting them and then exporting them so that other users can access them. These concepts are discussed in depth later in this chapter.

Print Servers

Before networks existed, computer users printed their output on printers attached to their terminals or PCs. Because high-quality printers were expensive, most users had dot-matrix or letter-quality printers that were fine for text and simple graphics, but not for complicated graphics like those used in electronic publishing. With the advent of UNIX networks, the cost of a high-quality printer could be shared among a number of people using a server that controlled all of the printing for the network, called a print server. The print server accepts and schedules print jobs that are requested by a client machine, using a feature called remote printing. The PC or workstation requesting the printing service doesn’t know or care where the job is actually printed, and the user only cares that it prints fairly quickly and the output is easily accessible.

In a UNIX environment, in order for users to be able to print on a network printer, your network administrator must do a few things. First-if you are using a Linux system-the administrator must create an entry in the client machine’s printcap file. This is an example of a client printcap file:

 lp2 | remote1:\      :lp=:rm=unixprt:\      :sd=/var/spool/lp:\      :rp=hplaser

In the entry, lp2 and remote1 are the names that the user sends print jobs to. Because there is no local printer (lp is null), the jobs are sent to the remote printer specified by rm, called unixprt. The job will be spooled to /var/spool/lp and printed on the remote printer hplaser, as designated in rp.

Second, the administrator must create an entry with your client’s machine name in the host.lpd file on the print server. Third, the network administrator must create a printcap file on the print server with corresponding entries. Chapter 17 covers network administration.

If you are using another UNIX variant, such as Solaris, the administrator must make printers available using printmgr, a graphical user interface that administers both local and remote printers on a network. It is invoked by typing

 #/usr/sadm/admin/bin/printmgr

Web Servers

The evolution of the World Wide Web has created a new use for client/server architecture. Users on machines that run web clients (see previously in this chapter) depend on access to a machine that can provide services such as retrieving web information from the network, processing it, and sending it to the client to be displayed on the client’s local display This machine, called a web server, fits neatly into the client/server architecture. It is shared by all of the network users for services, just as in the traditional client/server relationship. In addition to offering simple services like file sharing and printing, it shares other types of files, among them HTML (Hypertext Markup Language) documents. Chapter 16 describes the Apache Web Server in detail. Apache is a very popular web server in the UNIX environment. It is free, and many vendors support it by developing new web server applications on top of it.

Client/Server Security

One of the important roles of the server is to determine which clients have access to the server’s resources, and which resources each client may have access to. For instance, a particular client on your network may have access to printer resources but not file sharing or transfer capabilities. Another client on your network may have access to some databases on the server, but not others. A remote client (a client on another connected network) who is attempting to use one of the clients on your server network as a server for that client’s network may be denied access to your server for various reasons. All of this information is included in tables and files that are stored on the server, the client, or both. The system and network administrators have the job of keeping these tables accurate and current.

The UNIX system must ensure that any shared files are safe from users who should not have access to them. It has several ways of restricting access to files in a networked environment. One way is to use an authentication system such as Kerberos. Kerberos was developed as part of Project Athena at MIT, for use on client/server networks, and is still used as an NFS service. You can use Kerberos to send sensitive information around a network and restrict the use of various services on your network to valid users. Kerberos includes a Ticket Granting Service to issue “tickets” allowing a user to access a network resource for a certain length of time. When the ticket expires, the user’s login and password must be authenticated again using a program called kinit in order to obtain a new ticket. Kerberos is available via anonymous FTP from ftp://athena-dist.mit.edu/pub/kerberos/dist/, or at the MIT web page at http://iveb.mit.edu/network/kerberos-form.html. Due to export restrictions, MIT will only distribute Kerberos to citizens of the United States or Canada. On Solaris machines there is a configuration file for Kerberos at /etc/krb5/krb5.conf. The Kerberos NFS servers themselves are configured by using the kadmin command. Refer to the online Solaris System Administration guide for more information at the following URL: http://docs.sun.com/app/docs/doc/816-4557/6maosrjld?a=view. NFSv4 (NFS version 4) comes with Kerberos security included.

We will discuss another way that files are secured during file sharing using secure NFS later on in this chapter. The concept of defining who has access to your files and data-and more important, how to establish security so that unauthorized users don’t have access-is also described in Chapters 12 and 17.