Networks

This section is not covered in Exam 220–604.

This section covers a detailed study of fundamental aspects of networks. We will also review the basic concepts already covered in the A+ Essentials Study Guide.

Network Fundamentals

Before you install or configure network adapters and drivers and connect to a network, you must be familiar with different networking topologies, standards, protocols, services, and connectivity technologies. This section provides some basic information about networking fundamentals.

The Open System Interconnect (OSI) defines the seven layers of a networking model. These layers define the standards for implementing networking functions and protocols. The functions of each layer are described in the following sections. Table 5-7 provides a summary of the functions of different layers of the OSI model.

Table 5-7. Summary of different layers of the OSI model

OSI layer

Functions

Physical (Layer 1)

Provides specifications for the physical topology of the network.

Data Link (Layer 2)

Handles functions such as media access method, hardware addressing, and error detection and correction. Consists of MAC and LLC sublayers.

Network (Layer 3)

Provides routing functions and discovery of the best network path to the destination network.

Transport (Layer 4)

Provides guaranteed delivery, segmentation of data, flow control, and error detection and correction.

Session (Layer 5)

Manages dialog (sessions) between applications running on remote computers. It sets up, regulates, and terminates the sessions.

Presentation (Layer 6)

Provides data format translation of data formats such as encryption/decryption, encoding/decoding, and compression/decompression.

Application (Layer 7)

Provides an interface for applications to access the network services.

Networking protocols provide ways for computers to communicate with each other through the networking media. In this section, we will discuss the features of different networking protocols, as well as their advantages and limitations.

The Transmission Control Protocol/Internet Protocol (TCP/IP) is a set of several protocols. It is the most widely used protocol suite in private networks as well as on the Internet. Unlike the AppleTalk and IPX/SPX protocols, TCP/IP is not proprietary to any organization but is a public protocol suite. Needless to say, it is a fully routable protocol. The routing functionality is provided by a number of routing protocols such as RIP and OSPF. The TCP/IP protocol suite is supported by all major network and desktop operating systems. Some of the well-known protocols and their functions are discussed later in this section.

The following are some of the main configuration settings on a typical computer:

IP address

An IP address is a unique address used to identify a computer or a host on the network. This address is made up of 32-bit numbers written in dotted decimal notation in the w.x.y.z format. Each eight bits are known as an octet or a byte. A part of the IP address is known as the network address or network ID and the rest of it is known as the host address or host ID. These parts are based on the class of IP addresses used on the network. All computers on a particular network must have the same number as the network address, while the host address must be unique on the entire network.

Subnet mask

Every IP address is accompanied by a subnet mask. It is used to help identify the part of the network where the host is located. Like the IP address, the subnet mask is a 32-bit binary number that distinguishes the network ID from the host ID.

Default gateway

A default gateway allows computers on a network segment to communicate with computers on another segment. The default gateway for all computers on a particular segment is the IP address of the router interface that is connected to the local segment. If a computer is not configured with the IP address of a default gateway, it cannot communicate with computers on a different network segment.

DNS address

The IP address of a DNS server is configured on TCP/IP hosts so that all name resolution queries are sent to the designated DNS server. Most network and desktop operating systems allow you to configure multiple DNS servers.

WINS address

The IP address of a WINS server is configured to resolve NetBIOS name resolution queries. As with the DNS address, you can configure more than one WINS server address on a TCP/IP host.

Static IP addressing

When static IP addressing is used, network administrators manually configure all TCP/IP settings on a computer. This method is useful only on very small networks.

Automatic IP Addressing

TCP/IP hosts can be configured to obtain IP address configuration automatically from a Dynamic Host Configuration Protocol (DHCP) server. This is the default configuration on most desktop and server operating systems.

IPX/SPX is a full protocol suite used in Novell NetWare networks. It is a fully routable protocol. Different protocols in this suite are listed in Table 5-8.

Table 5-8. IPX/SPX protocols

Protocol

Function

Service Advertising Protocol (SAP)

Allows systems to advertise services such as file and print services.

NetWare Core Protocol (NCP)

Allows client/server interactions such as file and print sharing.

Internet Packet Exchange (IPX)

Provides network addressing and routing services.

Sequenced Packet Exchange (SPX)

Provides connection-oriented services on top of the IPX protocol.

Routing Information Protocol (RIP)

The default routing protocol for IPX/SPX networks; based on distance vector routing algorithm.

NetWare Link Services Protocol (NLSP)

Provides routing services based on link state algorithm.

The servers and workstations use a 48-bit hexadecimal address that defaults to the MAC address of the network interface card. The node address is appended to the network address to create a unique node address in the internetwork. The following is an example of an IPX address:

0AC74E02:02254F89AE48

Tip

In a NetWare network environment, only the servers are assigned hostnames consisting of a maximum of 47 characters. NetWare clients do not have hostnames and use their IPX addresses instead. Logical NetWare networks are assigned 32-bit hexadecimal addresses.

NetBEUI stands for NetBIOS Extended User Interface. It is an old Microsoft networking protocol used in small networks. This protocol provides services at the transport and network layer of the OSI model. It is not a routable protocol and as such, cannot be used on large routed networks. It is easy to install and the fastest of all protocols covered in the A+ exam. The computers using the NetBEUI protocol use Network Basic Input Output System (NetBIOS) naming conventions. NetBIOS computer names consist of a maximum of 15 characters such as Server1 or Workstation1.

Tip

Since the NetBIOS name resolution mainly depends on broadcasts, the NetBEUI protocol creates significant network traffic if there are a large number of computers on the network. This protocol is used only on nonrouted Microsoft networks.

SMTP is a connection-oriented application layer protocol that is used to transport messages between remote email servers. It uses TCP at the transport layer and hence guarantees delivery of data.

Like POP3, IMAP4 is also used to retrieve email from mail servers. The advantage of using IMAP4 over POP3 is that it provides a secure authentication mechanism.

ICMP works at the network layer to provide error checking and reporting functions. It is a connection-less protocol and uses IP for providing best-effort delivery. It is used in network management and maintenance systems. For example, PING is a troubleshooting utility that uses the ICMP protocol.

ARP works at the network layer. It is used to resolve IP addresses to MAC addresses. Upper-layer protocols use ARP to correctly deliver data packets to the destination host. ARP maintains a mapping of IP addresses and MAC addresses in the system memory called the ARP cache. If the ARP cache does not have an entry for a requested IP address, it broadcasts the IP address on the local network to find out which host has the specified IP address.

HTTP is an application layer protocol that allows text, images, and multimedia to be downloaded from web sites. It is also a connection-oriented protocol that uses TCP at the transport layer. HTTP works with a uniform resource locator (URL) to connect to the desired web site. An example of a URL is http://www.oreilly.com.

HTTPS is the secure version of the HTTP protocol that allows servers and clients to be authenticated before the communication session starts. This protocol is also an application layer protocol and uses TCP at the transport layer. It is commonly used for online banking and other e-commerce functions. It uses a secure socket layer (SSL) to encrypt the network traffic between the web server and the web client. A web site using SSL has a URL starting with https://.

SSL is an encryption protocol popularly used for Internet-based transactions such as online banking. This protocol is based on public key encryption mechanisms. Transport Layer Security (TLS) is the successor of SSL but can be scaled down to SSL 3.0 mode for backward-compatibility. SSL provides end-to-end security for Internet communications by using encryption. In typical implementations, only the server component is required to use public keys for authentication. For end-to-end security, a Public Key Infrastructure (PKI) is required. Both the server and the client must be SSL-enabled to communicate over a secure channel.

Telnet is an application layer protocol that allows connections to remote hosts. Administrators use this protocol to connect remotely to network devices and run commands in order to configure or maintain them. Telnet is also a connection-oriented protocol and uses TCP at the transport layer.

FTP works at the application layer to provide file transfers between remote computers. FTP uses TCP as its transport protocol. FTP is a client/server application that authenticates users before allowing access to servers that host the FTP service. Most FTP servers allow anonymous logons that enable multiple users to connect to the server and download files. FTP is commonly used on the Internet for file downloads. One of the major limitations of the FTP protocol is security. The authentication method uses clear text usernames and passwords, which is a serious security concern. FTP uses several commands for file transfers as listed in Table 5-9.

Table 5-9. FTP commands

FTP command

Description

ascii

Allows file transfers in ASCII mode.

binary

Allows file transfers in binary mode.

cd

Used to change the working directory on the remote computer.

get

Used to download a single file from the remote computer.

ls

Used to list files on the remote computer.

mget

Used to download multiple files from the remote computer.

mput

Used to upload multiple files on the remote computer.

put

Used to upload a single file on the remote computer.

DNS stands for Domain Name System. The DNS service is used to translate fully qualified domain names (FQDN) to their respective IP addresses. Large corporate networks and all hosts on the Internet use FQDN notation to identify computers on the network. A fully qualified domain name can consist of a maximum of 63 characters including the dots. An example of a fully qualified domain name is www.us.books.oreilly.com.

DNS servers on a network run the DNS service and are responsible for resolving DNS queries for their clients. They can do it either by themselves or by having the queries resolved though referring to another DNS server. DNS clients are configured to use one or more DNS servers when configuring their TCP/IP properties.

A WINS server is used to translate NetBIOS computer names to IP addresses. NetBIOS names consist of a maximum of 15 characters. These servers are used only on Windows networks. The WINS server maintains a mapping of NetBIOS names to IP addresses. When a Windows client needs to resolve a computer name to its IP address, it sends a name resolution query to the WINS server. This helps limit the amount of broadcast traffic generated by a broadcast method of name resolution. Windows clients can be configured to use one or more WINS servers.

Network connectivity is achieved using a number of technologies. These technologies are different for local area connections, wide area connections, and wireless connections. This section discusses some of the commonly used connectivity technologies.

Ethernet networking and cabling technologies are defined in IEEE 802.3 standards. There are several variations in this standard—depending on speed, length, topology, and cabling—used in implementing networks. The following sections provide a brief summary of the standards tested on the A+ exam.

The 10 Mbps standards include 10Base2, 10BaseT, and 10BaseFL. All of these standards define a maximum data transfer speed of 10 Mbps. It is unlikely that you will encounter any 10 Mbps networks in your career. Table 5-10 gives a summary of 10 Mbps networking standards.

Table 5-10. Summary of 10 Mbps networking standards

Standard

Cable

Length of segment

Network topology

Connector

10Base2

Thin Coaxial

185 Meters

Bus

BNC

10BaseT

UTP CAT 3, 4, or 5

100 Meters

Star

RJ-45

10BaseFL

Fiber Optic

2000 Meters

Star

SC or ST

Most of the modern networks support 100 Mbps speed, which provides better bandwidth for demanding applications. Table 5-11 gives a summary of 100 Mbps networking standards.

Table 5-11. Summary of 100 Mbps networking standards

Standard

Cable

Length of segment

Network topology

Connector

100BaseTX

CAT 5

100 Meters

Star

RJ-45

100BaseT4

4 Pairs of CAT 3, 4, or 5

100 Meters

Star

RJ-45

100BaseFX

MM Fiber or SM Fiber

MM Fiber-412 Meters

SM Fiber-10,000 Meters

Star

SC or ST

1000 Mbps (1 Gigabit) Ethernet network is also known as a Gigabit Ethernet. This uses either copper or fiber optic cabling. These networks are implemented mainly as a backbone for large networks. Table 5-12 offers a summary of Gigabit Ethernet networking standards.

Table 5-12. Summary of Gigabit Ethernet networking standards

Standard

Cable

Length of segment

1000BaseLX

MM Fiber Optic or SM Fiber Optic

MM Fiber-550 Meters

SM Fiber-5,000 Meters

1000BaseSX

MM Fiber −50 Micron

550 Meters

1000BaseCX

STP

25 meters

1000BaseT

UTP

75 Meters

A WAN consists of two or more interconnected connect LANs. Usually a third party, a telephone company, or an ISP is involved in providing a connectivity solution to the organization that needs to set up a WAN. A WAN can be set up using a dial-up telephone line for low-bandwidth requirements or may be set up using a high-bandwidth dedicated line. It is also possible to tunnel the WAN connection through the Internet. The following sections describe various technologies used for WAN connectivity.

The ISP refers to an organization that provides Internet access or WAN facilities. ISPs provide low-cost Internet connectivity to home users via dial-up, cable modem, ISDN (BRI), or Digital Subscriber Lines (DSLs). For large organizations that require high speed and bandwidth, the connectivity is provided through Gigabit Ethernet, ATM, ISDN (PRI), T-carriers, or Sonet. These technologies are covered in greater detail in Chapter 8.

On the Internet, there is actually a hierarchy of lower- and higher-level ISPs. Just as customers connect to an ISP, the ISPs themselves are connected to their upstream ISPs. Several ISPs are usually engaged in peering, in which all ISPs interconnect with each other at a point known as the Internet Exchange (IX). This is done to allow routing of data to other networks. ISPs who do not have upstream ISPs are called Tier 1 ISPs. These sit at the top of the Internet hierarchy.

Dial-up using the Plain Old Telephone Service (POTS) and Public Switched Telephone Network (PSTN) is the traditional method of connecting to remote access servers or the Internet. These are dial-up methods, and the user has to dial the telephone number of the ISP to authenticate and get Internet connectivity. The telephone line is connected to a modem that is further connected to a serial or USB port on the user's computer. Most computers have built-in modems that can be directly connected to the telephone line.

POTS/PSTN provide a maximum data transfer speed of 56 Kbps. There are several ISPs that offer dial-up Internet access. Most ISPs provide added features such as free email accounts and access to newsgroups, and some even offer hosting of a small web site for the user.

DSL is a family of technologies that uses ordinary analog telephone lines to provide digital data transmissions. It uses different frequencies for voice and data signals; the same telephone line can simultaneously be used for phone and data transfer. It is commonly used for high-speed Internet access from homes and offices. Different DSL technologies are collectively noted as xDSL and support data transfer speeds from 128 Kbps to 24 Mbps, as discussed in the following list:

Asymmetrical DSL (ADSL)

ADSL is the most common of all types of DSL variations. The download speed of data is faster than upload speeds. It uses one channel for analog voice (telephone) transmissions, a second channel for data uploads, and a third channel for data downloads.

Symmetrical DSL (SDSL)

SDSL supports equal speeds for both data uploads and downloads. It cannot be used for voice transmissions and hence is suitable only for Internet access at offices.

ISDN DSL (IDSL)

IDSL is a variation of symmetric DSL. It does not support analog voice transmissions and is used only in those environments where ADSL and SDSL are not available.

Rate Adaptive DSL (RADSL)

RADSL is a variation of asymmetric DSL that can vary the transfer speeds depending on line conditions. It supports both data and voice transmissions.

Table 5-13 provides a summary of different DSL variations and their data transfer speeds.

Table 5-13. DSL variations

DSL variation

Download speed

Upload speed

Phone usage

ADSL

8 Mbps

1 Mbps

Yes

SDSL

1.5 Mbps

1.5 Mbps

No

IDSL

144 Kbps

144 Kbps

No

RADSL

7 Mbps

1 Mbps

Yes

Broadband Internet Access, or simply Broadband, is provided by the cable companies that provide digital cable services. It is a reliable and efficient means of Internet access. The coaxial cable connects to a cable modem that further connects to the computer or other network device (hub, switch, or router) using a UTP cable. The cable connection can be shared among several computers in a home or in small offices using low-cost wired or wireless routers.

With a cable modem, the user does not have to dial the ISP, and the connection is always there. This might pose a security risk for computers that are used for critical purposes. Most cable modems support bandwidths from 1.5 to 3 Mbps for the Internet access. The cable modem usually supports up to 10 Mbps data speeds for the LAN connection. The actual Internet access speed depends on the utilization of the shared cable signals in the area.

In areas where DSL or cable is not available (such as rural areas), satellite is the only option for high-speed WAN connectivity. The signals travel from the ISP to a satellite and then from the satellite to the user. The data transmission speeds vary from 512 Kbps (upload) to 2 Mbps (download). Major drawbacks of satellite Internet access are that it is expensive, and it offers low transfer speeds as compared to DSL and cable.

Satellite Internet access suffers from propagation delays or latency problems. Latency refers to the time taken for the signal to travel from the ISP to the satellite, located in the geostationary orbit at 35,000 Km above earth, and then back to the user. Latency also depends on atmospheric conditions.

ISDN is a packet switched network that allows transmission of data and voice over telephone lines. This results in better quality and higher data transfer speeds than regular dial-up connections. ISDN requires dedicated telephone lines or leased lines and hence is expensive. When the two ends need to communicate, one of them dials the specified ISDN number and the connection is set up. When the communication between the two nodes is over, the user hangs up and the ISDN line becomes free. Computers using the ISDN line need a special network interface known as the ISDN adapter, or terminal adapter.

ISDN communications use two types of channels: a bearer channel (B channel) used for data (or voice), and a delta channel (D channel) used for control signals. The two main implementations of ISDN are as follows:

Basic Rate Interface (BRI)

BRI ISDN uses 2 B channels of 64 Kbps each for data/voice, and a D channel of 16 Kbps. The total data transfer speed of BRI ISDN using two B channels is 128 Kbps. The two B channels can also be used separately with 64 Kbps speed.

Primary Rate Interface (PRI)

PRI ISDN uses 23 B channels of 64 Kbps each for data/voice, and a D channel of 64 Kbps. The total data transfer speed of PRI ISDN is up to 1.544 Mbps. The PRI ISDN is usually carried over dedicated (leased) T1 lines.

Table 5-14 summarizes the two ISDN implementations.

Table 5-14. BRI and PRI ISDN connections

Characteristic

BRI

PRI

Carrier Line

ISDN

T1

Channels

2B+1D

23B+1D

Total Speed

128 Kbps

1.544 Mbps

Wireless networks rely on radio frequencies to communicate instead of the network cabling used for normal computer networks. Radio frequencies create electromagnetic (EM) fields, which become the medium to transfer signals from one computer to another. As you go away from the hub, or from the main equipment generating the radio frequency of the wireless network, the strength of the EM field reduces and the signal becomes weak.

Wireless networks defined in IEEE 802.11 standards use radio frequencies with spread spectrum technology. The two spread spectrum technologies are as follows:

Frequency-hopping spread spectrum (FHSS)

FHSS is the method of transmitting RF signals by rapidly switching frequencies according to a pseudorandom pattern, which is known to both the sender and the receiver. FHSS uses a large range of frequency (83.5 MHz) and is highly resistant to noise and interference.

Direct-sequence spread spectrum (DSSS)

DSSS is a modulation technique used by wireless networks that uses a wide band of frequency. It divides the signal into smaller parts and transmits them simultaneously on as many frequencies as possible. DSSS is faster than FHSS and ensures data protection. It utilizes a frequency range from 2.4 to 2.4835 GHz and is used in 802.11b networks.

The most popular of the IEEE 802.11 wireless network standards are 802.11b, 802.11a, and 802.11g. Table 5-15 gives a brief comparison of the characteristics of different 802.11 standards.

Table 5-15. Comparison of 802.11 standards

802.11 standard

Operating frequency

Maximum speed

802.11

2.4 GHz

1 or 2 Mbps

802.11b

2.4 GHz

11 Mbps

802.11a

5 GHz

54 Mbps

802.11g

2.4 GHz

54 Mbps

Infrared technology employs electromagnetic radiations using wavelengths that are longer than the visible light but shorter than radio frequency. Common examples of Infrared devices are the remote controls used in TVs and audio systems. The following are some of the key characteristics of IrDA wireless communication technology:

Bluetooth wireless networking technology provides short-range communications between two or more devices. It is a low-cost networking solution widely used in telephones, entertainment systems, and computers. It is designed to overcome the limitations of IrDA technology. Some of the key characteristics of Bluetooth-based wireless communications are listed next.

A cellularnetwork is actually a radio network made up of cells that operate at radio frequencies. Each of the cells is served by a base station or a cell site and covers a predefined area. Cellular networks use Frequency Division Multiple Access (FDMA) and Code Division Multiple Access (CDMA) methods to distinguish between signals transmitted by different cells. With the FDMA technology, each neighboring cell uses a different frequency. This helps reuse a particular frequency in distant cells and thereby increases the coverage of the cellular network.

The most common example of a cellular network is the mobile (wireless) network. Large geographical areas are divided into small cells, with each cell being served by a cell site or base station. Mobile phones within a cell transmit and receive voice and text messages through the base station.

It is possible to connect a computer through a mobile phone. The computer dials the telephone number of the ISP through a mobile phone to establish Internet connectivity.

VoIP stands for Voice over Internet Protocol. Other popular names for this technology are Internet telephony, IP Telephony, and Broadband Phone. VoIP is a mechanism to transmit voice signals over Internet Protocol (IP). The special protocols used to carry voice signals over an IP network are called VoIP protocols. One of the major advantages of VoIP is the ability of a user to make telephone calls from anywhere in the world. VoIP allows VoIP phones to integrate with other Internet services (such as video conversations and file exchanges) simultaneously with verbal conversations. Since the VoIP service is heavily dependent on availability and reliability of the Internet connection, this technology is still in the development process.

Installing, Configuring, and Optimizing Networks

This section covers fundamental concepts of installing and configuring network adapters and drivers as well as configuring their properties on a Windows desktop. It also discusses some troubleshooting utilities and diagnostic procedures to resolve common network connectivity problems.

The first step in establishing network connectivity for a computer is to obtain a network connection from the network administrator. The network administrator provides an available port on the network hub or switch where the new desktop can be connected. From the desktop technician, the connection is available in the form of a UTP or STP network cable attached to a male RJ-45 connector. This cable is attached to the female RJ-45 socket on the network adapter installed on the desktop.

Most new desktops come equipped with built-in network adapters. In newer computers, the network interface is integrated with the motherboard. But you might have to install, replace, or upgrade network adapters in some old desktops. For example, you might be asked to replace a 10 Mbps network adapter with a 10/100 Mbps fast network adapter. When installing a network adapter, you will need to make sure of the following:

Most new network adapters are PnP. PnP adapters are automatically detected and configured by most operating systems. This configuration includes setting aside system resources such as IRQ, I/O, and DMA for the adapter as well as installation of an appropriate driver.

In case the network adapter is not PnP, you will be required to install the network driver manually (you will need to obtain the driver, which may be available either on the CD-ROM accompanying the network adapter or from the vendor's web site). On Windows XP and Windows 2000 Professional computers, you can use the Add/Remove Hardware applet in the Control Panel to add the network adapter. The Device Manager snap-in can be used to install the network adapter device driver.

Installing or configuring a desktop operating system on a home computer is straightforward. Most technicians leave the default configuration options, which are good for most users. The scene is different when working in a network environment. You will need to configure networking options on the desktop, which will enable the user to use shared resources on the network. These configuration tasks include joining a workgroup or a domain in a Windows environment or an NDS tree in a NetWare environment, and then configuring file and folder permissions for other users.

On Windows XP and Windows 2000 Professional computers, you can join a workgroup or a domain during or after the installation of the operating system. In case the computer will join an existing workgroup, you will need the name of the workgroup or you can create a new one. The steps that are shown next explain how you can change the network settings on Windows XP or Windows 2000 Professional computers.

  1. Open the Control Panel from the Start menu.

  2. Double-click the System icon to open System Properties.

  3. Click the Computer Name Tab. The current settings for computer name and workgroup/domain membership are displayed.

  4. Click the Change button.

  5. Click the radio button for Domain or Workgroup in the Member Of section, as required.

  6. Enter the name of an existing Domain or the Workgroup in the Computer Name Changes dialog box, as shown in Figure 5-15.

  7. Click OK twice to close all dialog boxes. Close the Control Panel.

    Joining a workgroup or domain

    Figure 5-15. Joining a workgroup or domain

In case the computer will join an existing domain, you will need the following information from the domain administrator:

On NetWare platforms, you will need Supervisor rights in the NDS tree that you are trying to join. The following information is required when configuring a desktop to join an NDS Tree:

The directory context and tree names can sometimes be too complex for a user to remember. To get around this problem, it is a common practice to configure the user's desktop with context and tree names.

The main purpose of creating networks is to share resources. File and folder sharing is one of the fundamental tasks of a network technician. In a workgroup environment, each user is responsible for sharing files and folders on her desktop and to configure appropriate permissions for other network users. In large networks such as Windows domain or NetWare NDS tree environments, these actions are performed by administrators and supervisors respectively. In the following sections, we will look at some basic steps required to configure file and folder permissions.

File- and folder-level permissions are managed in Windows XP and Windows 2000 Professional computers using the filesystem. Disk partitions formatted with NTFS filesystem support both folder- and file-level permissions. FAT and FAT32 filesystems support only folder-level permissions. Tables 5-16 and5-17 list standard NTFS file and folder permissions respectively.

Table 5-16. NTFS file permissions

Permission

Description

Read

Read the file and its attributes, permissions, and ownership.

Read and Execute

Run the file, plus access granted by the Read permission.

Write

Overwrite the file, change file attributes, and view permissions and ownership.

Modify

Modify and delete the file, plus the access granted by the Write and the Read and Execute permissions.

Full Control

All actions that are permitted by other NTFS permissions, plus the Change and the Take Ownership permissions.

Table 5-17. NTFS folder permissions

Permission

Description

Read

View files and subfolders in the folder and its attributes and permissions.

List Folder Contents

View the names of files and subfolders.

Read and Execute

Move through folders and subfolders and other permissions are granted by Read and List Folder Contents.

Write

Create new files and subfolders within the folder and change folder attributes.

Modify

Delete the folder, plus other permissions granted by the Read and Execute and the Write permissions.

Full Control

Change Permissions, delete files and subfolders, and take ownership. Includes all other NTFS folder permissions.

The preceding permissions can be set to Allow or Deny any user or group. By default, administrators and owners of the file or folder get Full Control permissions. Permissions can be assigned to users and groups from the Security tab of the file or folder properties window, as shown in Figure 5-16.

NTFS permissions

Figure 5-16. NTFS permissions

The following steps explain how NTFS permissions can be configured for a user or a group:

  1. Right-click a folder and select Properties from the menu.

  2. Click the Security tab in the Properties dialog box.

  3. Click the Add button to add a user or group.

  4. Select a user or group from the Select Users and Groups dialog box. Click OK.

  5. Click the Allow or Deny checkbox for appropriate permissions. Click OK.

NetWare filesystems work by providing users access to hard disk partitions, known as volumes. Clients can map their disk drives to server disk volumes on which they have appropriate rights. File permissions on NetWare servers are assigned through the use of a complex set of rights, as given in the following list:

Supervisor

Includes all rights to the file. This is equivalent to the Full Control permission in Windows.

Read

Allows users to read the file.

Write

Allows users to write to the file.

Create

Allows users to create a new file.

Erase:

Allows users to erase (delete) the file.

Modify

Allows users to modify the file contents.

Filescan

Allows users to view a file.

Access Control

Allows the user to change permissions on the file.

As a computer support technician, you will frequently be tasked with configuring Internet settings on desktop computers. This section covers configuration of network browsers, including enabling and disabling of scripts, configuring browsers to use a proxy server, and configuring security settings. Fundamental knowledge of these settings will help you perform these tasks correctly and conveniently.

JavaScript, ActiveX controls, and cookies are client-side components of Internet services and are often overlooked. In order to secure web browsers from potential security vulnerabilities, these components must be properly configured. They are usually downloaded from the web server and run on the client computer. In case of a problem, the client computer is affected instead of the web server. Script support can be configured on Microsoft Internet Explorer on a Windows computer as shown in the following steps:

  1. Open Internet Explorer.

  2. Click Tools → Internet Options.

  3. Click the Security tab.

  4. Click the Custom Level tab.

  5. Scroll down to the Scripting section as shown in Figure 5-17.

  6. Configure the scripting options as required.

  7. Click OK to close the dialog box.

    Configuring script settings in Internet Explorer

    Figure 5-17. Configuring script settings in Internet Explorer

Internet browsers can be configured to connect to the Internet either directly or through a proxy server. A proxy server enables administrators to share a single Internet connection among multiple network users. It provides better performance by means of caching frequently visited web pages. Administrators can configure advanced security as well as track user activities. Microsoft's Internet Explorer can be configured to use a proxy server as given in the following steps:

  1. Open Internet Explorer.

  2. Click Tools → Internet Options.

  3. Click the Connections tab.

  4. Click the LAN settings tab to open the dialog box shown in Figure 5-18.

  5. Click the checkbox under Proxy Settings.

  6. Enter the IP address of the proxy server in the Address box and enter 80 in the Port box.

  7. Click OK to close the dialog box.

    Proxy server settings for Internet Explorer

    Figure 5-18. Proxy server settings for Internet Explorer

Security settings for Internet Explorer can be configured as shown in the following steps:

  1. Open Internet Explorer.

  2. Click Tools → Internet Options.

  3. Click the Security tab.

  4. Choose a Security Zone from the options: Internet, Local Intranet, Trusted Sites, and Restricted Sites.

  5. For each zone, add or remove web sites using the Sites button, as required.

  6. Use the slider bar in the bottom half of the window to set the security level for the selected zone.

  7. You can use the Custom Level button to configure advanced security settings or click the Default Level to apply preconfigured settings.

  8. Click OK to close the Internet Options dialog box.

Troubleshooting Network Problems

In addition to installation, configuration, and upgrading computer-related hardware and software, troubleshooting network problems is an on-going task for most support technicians. This includes attending to regular support calls, problems caused by equipment failure, improper configuration of devices, user mistakes, and lack of preventive maintenance. This section covers identification and resolution of network problems using common diagnostic tools and utilities.

Most network equipment, operating systems, and software applications come with built-in diagnostic tools to help technicians and administrators diagnose and resolve problems. As far as networks are concerned, there are some diagnostic tools that are available on most operating systems as well as on network equipment. This section covers troubleshooting network problems using some of these common tools and utilities.

ipconfig is a command-line utility used on Microsoft Windows operating systems to diagnose TCP/IP configuration problems. It can be used to display, release, and renew the IP address configuration of Windows computers. In Windows 2000, Windows XP, and Windows Server 2003 operating systems, this utility can also release and renew a computer's IP configuration with the domain name system (DNS) servers.

The ipconfig utility is commonly used with the /all parameter to display complete TCP/IP configuration of all network adapters installed on a computer. You can also select a particular adapter to view its configuration. It can reveal one or more configuration problems, and an administrator can take necessary corrective action to resolve the problem.

Table 5-18 lists the parameters and their functions available with the ipconfig command.

Table 5-18. ipconfig command parameters

Parameter

Function

/all

Displays the TCP/IP configuration of all network adapters on the local host.

/release

Used to release the IP address of specified adapter.

/renew

Used to renew the IP address of specified adapter.

On Windows XP, Windows 2000, and Windows Server 2003 operating systems, the ipconfig utility also includes the following parameters:

/flushdns

Used to clear the DNS cache on the local host.

/displaydns

Used to display the entries in the local DNS cache.

/registerdns

Used to register the name of the local host with the DNS server.

When troubleshooting a TCP/IP problem on a particular computer, you may verify the configuration parameters using the ipconfig /all command. For example, if the output shows the IP address and the subnet mask as 0.0.0.0, you can be sure that the TCP/IP configuration of the computer is invalid. In this case, you can use the following two commands to renew the TCP/IP configuration with a DHCP server:

C:\;>ipconfig /release
C:\;>ipconfig /renew

If a computer is not able to connect to any remote hosts, the default gateway address should be checked in the output of the ipconfig command. The default gateway enables a computer to connect to other hosts located in other network segments. This address is usually the IP address of a router interface connected to the local network segment. Similarly, on a Windows XP/2000/2003 system, if the host is unable to resolve DNS names, the ipconfig /flushdns command can be used to clear the DNS cache.

Tip

On Unix/Linux and MAC OS operating systems, you can use the ifconfig command to display the TCP/IP configuration of a host. This command is an equivalent of the ipconfig command on Windows operating systems. Unlike the limited features of the ipconfig, this command has much more advanced diagnostic features. Typing ifconfig help at a Unix host command prompt gets you all the parameters and other information about how this command could be used. Similarly, you can use the winipcfg command on older Windows desktop operating systems, such as Windows 98 and Windows Me.

ping is a cross-platform command-line utility used to troubleshoot end-to-end connectivity problems on network hosts. It sends ICMP echo requests to the destination host and waits for a response. This utility is a part of the TCP/IP protocol suite and is installed by default on all TCP/IP devices. ping can quickly determine whether the host is connected or not, and how long it takes for the request to make the round trip. You can use the ping utility with the IP address of the remote host or with its IP address.

Besides testing connectivity, the ping command can also be used to test whether the name resolution is working or not. For example, if you are able to ping a remote host successfully using its IP address but not using its hostname, there could be a problem with the name resolution.

When you use the ping utility for diagnosing network problems, you must be able to interpret the output correctly in order to find out the exact cause of the problem. The following are some of the common output messages:

Request Timed Out

This indicates that the echo request message did not get any response from the destination host.

Destination Host Unreachable

This appears in the ping output when the host you are trying to ping is not found.

Unknown Host

This means that the specified hostname could not be resolved.

TTL Expired

This means that the echo message sent to the destination could not get a response, and the TTL value has reduced to 0.

The tracert or traceroute utility is used to trace the route from one host to another in a TCP/IP network. All major operating systems and network devices support this utility in one form or another. The output format of this utility differs from one operating system to the next. It uses the Internet Control Message Protocol (ICMP) echo packets to trace the route to a specific destination host and reports back the results at every hop on the path.

The syntax of the traceroute command in different operating systems is as follows:

Windows
tracert <Hostname> or tracert <IPAddress>
Unix/Linux and MAC OS
traceroute <Hostname> or traceroute <IPAddress>
NetWare
iptrace

The traceroute utility provides very useful information when diagnosing connectivity problems. It provides the IP address of every router (hop) that it passes through and reports the time it takes from one hop to another. This is helpful in diagnosing the exact location of the network bottleneck or congestion.

It is easy to interpret the results of the tracert utility. The first column shows the hop number, which is the network device that responds to the ICMP echo request. The next three columns show the roundtrip time in milliseconds that the packet takes. The next column shows the hostname and the IP address of the responding device.

In some situations, the network is congested. This is shown as "Request Timed Out" in the output. This may be due to a misconfigured router at the seventh hop. But the trace continues to the next hop until it reaches the destination. Once the problem device is identified, you may use some other utility such as ping to pinpoint the source of the problem.

The nslookup utility is used to diagnose problems related to the domain name system (DNS) services. In other words, it is used to resolve name resolution problems. This utility can be used to perform name resolution queries against specified DNS servers or display information about currently configured DNS servers on a local host.

The nslookup utility can be executed in either noninteractive mode or interactive mode.

Noninteractive mode

This is useful when you need to run the command with one or two pieces of information. For example, you can use the following command to resolve a specific hostname:

nslookup hostname
Interactive mode

In this mode, you just type nslookup and press the Enter key. The command will display the information about the current hostname and the IP address of the configured DNS server, and it also displays a prompt. You can then type other nslookup subcommands on this prompt. To exit the interactive mode, type Exit and press the Enter key. On Windows systems, you can type ? at the interactive prompt to get more information on the syntax and usage of available subcommands.

In order to resolve a hostname using a specific DNS server, you can use the following command instead:

C:\; >nslookup www.oreilly.com 192.168.1.5

You can also use nslookup to resolve IP addresses to hostnames as shown in the following example.

C:\; >nslookup 208.201.239.36

Tip

The commands and parameters used in the nslookup utility are case-sensitive and must be typed in lowercase characters.

Cable-testing devices, or cable testers, are used to test whether the cable is working properly. Several different types of methods exist for testing cables. A small multimeter is perhaps the simplest tool for testing continuity in cables. Cable continuity verifies that wires are not broken. Copper-based media testers rely on electrical signals to test the cables. If the electrical current passes through the cable without a break, the cable is considered to be good. Electrical signals are very helpful in testing the continuity of a coaxial cable. For a UTP cable, you will need to test continuity for each individual wire.

A special tester called the Optical Time Domain Reflectometer (OTDR) is used to pinpoint the correct location of the break-in fiber optical cables. OTDR is an expensive instrument and is mostly used by professional fiber optic network installers. Fiber optic cables are tested using optical cable testers. These testers use light signals to test the cable instead of using electrical signals. Optical cables are prone to breakages that can prevent light signals from reaching the other end. A break in an optical cable is easy to determine but very hard to find.

Tone generators and tone locators are devices that help find cable faults by means of audio signals. This device generates an audio tone (beep) and sends it over the cable. A tone locator is attached to the other end of the cable to check whether the tone reaches there. Using a tone generator is a time-consuming process, and it takes two persons to use the device. Testing cables with a tone generator is also known as the fox and hound method. The tone generator must be attached to each individual wire separately.

Loopback connectors or adapters are hardware devices that work with special test software to verify the functionality of a network port such as RJ-45, and serial and parallel ports. These are small connectors that are wired so that the outgoing transmission pins are connected back to the incoming receiving pins. The test software accompanying the loopback connectors sends and receives data signals to verify that the port being tested is correctly transmitting and receiving data.

Network problems often result due to improper configuration of network adapters, drivers, and protocols. When all of these are correctly configured, the problem may further be attributed to permissions assigned to shared network resources. Improperly configured port and protocol settings on security devices such as firewalls or proxy servers may also cause problems related to access of external networks such as the Internet. This section discusses some common issues that may cause network problems.

Every network adapter comes with a software component that provides an interface for the operating system and applications to interact with the network. While most network adapters are PnP devices, older network adapters must be correctly configured in order to enable them to interact with the system and the network. Like other devices on the computer, network adapters also use system resources such as Interrupt Request (IRQ), Input/Output Address (I/O Address), and Direct Memory Access (DMA). Older network adapters had to be manually configured to use these resources. It was not uncommon to see a large number of problems occurring due to resource conflicts. When two or more devices try to use the same resource, it results in system problems with one or both devices not able to function as expected.

If you are tasked with resolving a network problem in a system that has an old network adapter installed on it, make sure that it is correctly configured to use only free system resources. In most new computers, the PnP functionality takes care of dynamic allocation and sharing of system resources. When in doubt, you may verify resource conflicts in a system by using some built-in utility. For example, on Windows XP computers, you can use the System Information utility to detect problems caused by resource conflicts. This utility is located in the System Tools folder under Accessories. Figure 5-19 shows a sample output of the System Information utility.

System Information utility in Windows XP

Figure 5-19. System Information utility in Windows XP

If you suspect a network adapter or driver problem, you can check the Device Manager utility in Windows XP. This utility is provided as a snap-in under the Computer Management console. It makes it easy to view whether the device is functioning or not and allows you to view driver details, and update or uninstall a network driver. In case a network driver has been replaced with an incompatible driver, you can use the Roll Back Driver option to replace the driver with the one that was previously working properly. Figure 5-20 shows the Driver tab of the Network Adapter properties.

Properties of the Network Adapter Driver

Figure 5-20. Properties of the Network Adapter Driver

An incorrect network driver can also cause connectivity problems in a computer. Make sure that only network drivers that are fully supported by the vendor are installed. You must also verify that the operating system you are using supports the network adapter and the driver. In case the vendor updates the network adapter driver, you must first test the new version of the driver before installing it on any production server or desktop computer.

TCP/IP is the most widely used networking protocol to date. TCP/IP is in fact a suite of protocols that work together to provide connectivity solutions in most medium- to large-scale networks. If TCP/IP is the protocol used on your network, you must understand how the network adapters should be correctly configured to connect to the network and successfully access network resources.

Computers or hosts in a TCP/IP network connect to each other using IP addresses. Each network host is assigned an IP address, which should be unique in the entire network. The allocation of IP addresses can be done either statically (manually) or dynamically. Static IP address assignment is suitable only for a small network of about 10 computers. When manually assigning IP addresses, the following addresses must be configured correctly:

IP address

The unique address of a host in a network.

Subnet mask

Another IP address that helps identify the network and host part of the IP address.

Default gateway

The IP address of the local network interface of the router. The default gateway helps the host connect to hosts on remote network segments.

If any of the preceding addresses are incorrect, the computer will not be able to communicate to other computers. An incorrect or missing IP address will completely isolate the computer in the network. A missing subnet mask will not allow the computer to communicate to other computers, even in the same network segment. If the default gateway is missing or incorrect, the computer will not be able to communicate to other computers located on remote network segments.

In addition to the TCP/IP configuration settings just described, the computers must also be configured correctly for IP addresses of DNS servers and WINS servers. If the DNS server is not configured correctly or is missing, the computer will not be able to resolve hostnames to IP addresses. Figure 5-21 shows the manual TCP/IP configuration on a Windows XP computer.

Manually configured TCP/IP properties

Figure 5-21. Manually configured TCP/IP properties

The TCP/IP configuration can also be assigned automatically or dynamically using a Dynamic Host Configuration Protocol (DHCP) server. The DHCP server is configured with a pool of IP addresses called the DHCP scope. The DHCP server assigns IP addresses and other TCP/IP parameters to DHCP-enabled hosts for a limited period of time, called a lease. The DHCP clients must renew the lease before it expires. On Windows-based computers, the DHCP clients must try to renew the TCP/IP configuration with a DHCP server when 50 percent of the lease period expires. The default configuration of most Windows operating systems is to obtain TCP/IP configuration automatically from any available DHCP server.

Since the DHCP servers can be configured to service multiple network segments, it is possible that one or more DHCP scopes contain duplicate or overlapping IP address ranges. This causes the DHCP server to allocate duplicate IP addresses to network clients, which results in connectivity issues. DHCP scopes must be properly configured with the correct address scopes and correct addresses of DNS and WINS servers.

If you are tasked with resolving a TCP/IP configuration problem, you may use any of the built-in TCP/IP diagnostic utilities such as ipconfig (Windows NT/2000/XP/2003), winipcfg (Windows 95/98/Me), and ifconfig (Unix/Linux/MAC OS). These utilities are very helpful in locating the cause of the problem. A simple ping to the loopback address 127.0.0.1 also verifies that the TCP/IP protocol is correctly installed on the local computer.

As with the TCP/IP protocol, incorrectly configured network adapters are the main causes of network problems in a NetWare IPX/SPX network. It is essential to verify that all adapters are installed with correct settings and without hardware or software conflicts. The IPX/SPX configuration includes the following parameters:

Internal network number

This number uniquely identifies the IPX/SPX host on a NetWare network. It must not be duplicated on any host.

Network number

This number is a hexadecimal number that identifies a single network segment. Every host on the same LAN segment must have an identical network number.

Frame type

A correct Ethernet frame type must be configured for the adapter to function properly. Newer versions of NetWare operating systems support automatic detection of frame type when the network adapter driver is installed. While most versions of NetWare support 802.2 frames with 802.2 headers, versions 2.x and 3.x supported the 802.3 frame type.

If your network has a mix of NetWare and Windows servers, you might want to verify that Windows clients who wish to connect to NetWare servers have the NWLink IPX/SPX NetBIOS Compatible Transport Protocol installed. This protocol allows Windows clients to connect to NetWare servers. In Windows NT and older operating systems, the Gateway Service for NetWare (GSNW) is required to be installed on Windows servers to allow client access to Network servers. Besides this, Windows clients can directly communicate to NetWare servers using the Client Service for NetWare (CSNW).

When network connectivity is not an issue, resource access permissions can cause a number of service calls. Users who wish to access particular files, folders, or printers but do not have sufficient permissions will ultimately call helpdesk technicians to resolve the access problems. Assignment of resource access problems is mainly the responsibility of system administrators. In certain smaller networks, the network technicians may also be tasked with assigning and managing permissions to network resources such as a user's home directory.

Any user who needs to save files on a folder must have at least Write permissions on the folder. If this permission is missing or only a Read or Execute permission is assigned, the user might not be able to save her work to the designated folder.

On Windows server operating systems, administrators put users in groups and assign permissions to groups. A user can be a member of more than one group, with each group having a different level of access permissions. In such cases, user permissions are clubbed together and the highest level of permissions is granted. Similarly, share permissions and NTFS permissions can be assigned to resources. When there is a conflict between share and NTFS permissions, the most restrictive permissions are applied to a user.

Warning

Troubleshooting permission problems could be a time-consuming task. You will need to act with patience and not try to grant the user the highest level of permissions in order to save time or to get rid of the problem. Doing this might put you in trouble because certain documents may be confidential, and you might need to get permission from your supervisors before granting access permissions to any user. It is always better to check with your seniors when modifying permissions on shared resources. The same rule applies when a user asks you to share a particular folder for him but he is not authorized to have access for it.

Firewall protects a network from unauthorized internal and external access. It can either be a dedicated hardware device or can be running as a software application on one of the network servers. If your organization has an Internet presence, it is quite possible that the internal network of the organization is protected by firewalls.

Firewall settings mainly affect the users trying to access the network from outside. For example, a remote access user must be properly authenticated before he/she can log onto and access network resources. Firewalls function using rules and these rules can be configured to allow or deny access based on source and destination TCP/IP protocols, ports, or IP addresses.

If a user is having difficulty accessing the network from outside, firewalls settings have to be checked to verify that the user is connecting using a correct protocol, port, and IP address. The protocol, port, or IP address must be allowed through the firewall to let the user successfully connect to the network.

Electrical interferences degrade signal quality as the signal travels down the length of network cables. This interference can be caused by either crosstalk among cables or by power equipment located close to network cables. Similarly, wireless signals can be affected by both electrical interference as well as radio frequency signals. UTP cables should not be run in areas of high EMI such as near transformers and besides high-voltage electric cables.

Wireless networks are susceptible to electromagnetic and radio frequency interferences (EMI and RFI). Wireless access points should not be located near areas of high interference. Wireless signals degrade as they travel away from a wireless signal-generating device such as the access point. This degradation or attenuation of signals is caused by several environmental factors such as EMI, RFI, walls, etc. Weakening of wireless signals can be prevented to some extent by careful location of a wireless antenna, use of signal boosters, and the correct placement of wireless access points. It is good to know the maximum range of the wireless access points used in the network.

Preventive maintenance of networks is performed to ensure that every component of the network works per expectations. Network administrators take all possible steps to prevent a breakdown of the network. This includes securing network connections, providing redundancy for network servers and services, restricting unauthorized access to network equipment, implementing a data backup plan, and keeping software updated with the latest service packs. The main purpose of preventive maintenance is to provide maximum uptime. This section explains the key factors behind preventive maintenance of networks.

Loose connections cause a majority of network connectivity problems. They are also the most frustrating when it comes to locating and troubleshooting problems. Network administrators and technicians must ensure that all cables, connectors, patch panels, and patch cables are of correct specifications. These must also be firmly attached to servers, workstations, printers, network hubs, switches, and routers. Cables must not be loosely attached to connectors, and the correct type of cables should be in use.

Cables are run from network hubs, switches, or routers to end stations. It is important to label each end of the cable, which makes it easy to locate a faulty cable and replace it if necessary. It is not possible to trace a faulty cable from a workstation to a hub or switch in a large network if there is no labeling system in place. If the cables are labeled, you can easily find out which cable needs to be replaced. Cables must be periodically checked for loose connectivity or wear-and-tear, and worn out cables should be replaced with new ones.

Another important aspect of securing network cables is the routing of cables. Improper routing of cables results in damaged or broken cables. Network cables should always be run in designated areas. Cables should not be running in areas where people usually walk. People can get trapped in loose cables on the floor and may fall down and get injured besides causing connectivity problems. Make sure that all cables are securely and firmly attached to computers, printers, and network devices.

Documentation always helps. A layout diagram of the network cabling is very helpful in troubleshooting network connectivity problems. It is also helpful if you need to expand the network due to the growing business requirements of the organization. It is easy to help new network technicians understand the network layout if you have appropriate network documentation.

Physical access to core network equipment such as critical servers, network hubs, switches, and routers should be restricted to authorized personnel only. It must be ensured that only designated administrators are allowed to install, configure, and maintain this equipment. Improper configuration changes in network equipment can cause network problems and can also render the equipment vulnerable to hackers.

The network operating systems on servers and desktop operating systems on workstations should be regularly updated with the latest service packs, hotfixes, and security patches. Similarly, application software should also be updated as and when the vendors release updates. Updates are meant to remove bugs in operating systems and application software. It is important to test updates in a test environment before installing them on production equipment.

All servers and workstations should have virus-scanning software to help detect and remove malicious software. Antivirus applications should be regularly run on servers and workstations. Virus-scanning software depends on a database called virus signatures, which should be regularly updated to detect and remove newer virus applications.

Every computer should be locked when not in use. It is not uncommon to notice people leaving their workstations unlocked. A password policy ensures that employees use strong passwords and change them regularly. This helps prevent external attacks on the network using hacked usernames and passwords.

A backup and recovery plan helps restore critical data in case of a disaster. Disasters can come in any form: fire, storm, flood, and earthquake are all different forms of disaster and cause significant damage to businesses. A properly planned, implemented, and documented disaster recovery plan is crucial to the functioning of any network—small or large. Data backups also help restore files and folders that are accidentally deleted or modified by users. Regular backups must be supported by test restores to ensure that the data can be restored successfully in the event of a disaster.

Fault-tolerant or redundant power supplies help reduce the chances of a system going down due to unexpected power failure. Most network servers come equipped with redundant power supplies. UPS systems not only ensure clean power to servers and network equipment, but also ensure that sufficient time is available to save your work in case the power goes out. They help prevent system damage caused by power spikes, surges, sags, brownouts, and blackouts.

Link redundancy refers to providing secondary connections to critical network equipment. It ensures that if the primary connection fails due to some reason, a secondary connection is available to prevent downtime and keep the essential network services running. Some servers come with multiple network adapters that provide fault tolerance as well as efficient utilization of network bandwidth.

Server clustering is the process of providing fault tolerance and load balancing for critical servers in the network. Critical servers such as domain controllers, DNS servers, web servers, and mail servers, can be configured in clusters so that these services are not affected when one of the servers experiences a breakdown.

Hot, warm, and cold sites are part of the disaster recovery plan for those businesses that are heavily dependent on computers for conducting their everyday business. These sites are usually separate locations equipped with necessary hardware and network connections. Depending on the type of site, network and business operations can be resumed with minimal efforts in case the primary site is destroyed by a disaster. The following is a brief description of hot, warm, and cold sites:

Hot site

Allows organizations to resume business activities almost immediately. It is equipped with fully configured hardware, software, network devices, and telephone lines. The data is replicated to servers at hot sites.

Warm site

Normally is equipped with necessary hardware, software, network devices, and telephone lines. Hardware and software must be configured, and data must be restored from backup tape sets.

Cold site

Requires the maximum amount of time to be set up and made functional. It contains only partial hardware, software, and network devices that are not configured.

Hot spares and cold spares are used for critical servers and network equipment to ensure maximum uptime. They are helpful in minimizing the time it takes to restore failed network equipment. Hot and cold spares are closely related to hot swapping and cold swapping. The following is a brief description of each of these terms:

Hot spares

Spare components that are installed inside critical servers and readily take over a failed component.

Cold spares

Spare components that are installed inside a critical server but must be configured manually by an administrator.

Hot swapping

The ability of a server to allow replacement of a failed component (usually a hard disk in the disk array) while the server is powered on.

Cold swapping

The process of fully powering down a server before a failed component can be replaced.