The first piece of hardware that I want to discuss is a network adapter. There are many different names for network adapters, including network cards, Network Interface Cards, NICs. These are all generic terms for the same piece of hardware. A network card’s job is to physically attach a computer to a network, so that the computer can participate in network communications.
The first thing that you need to know about network cards is that the network card has to match the network medium. The network medium refers to the type of cabling that is being used on the network. Wireless networks are a science all their own, and I will talk about them in a separate article.
At one time making sure that a network card matched the network medium was a really big deal, because there were a large number of competing standards in existence. For example, before you built a network and started buying network cards and cabling, you had to decide if you were going to use Ethernet, coaxal Ethernet, Token Ring, Arcnet, or one of the other networking standards of the time. Each networking technology had its strengths and weaknesses, and it was important to figu
re out which one was the most appropriate for your organization.
Today, most of the networking technologies that I mentioned above are quickly becoming extinct. Pretty much the only type of wired network used by small and medium sized businesses is Ethernet. You can see an example of an Ethernet network card, shown in Figure A.
re out which one was the most appropriate for your organization.
In the first part of this article series, I talked about some basic networking hardware such as hubs and switches. In this article, I want to continue the discussion of networking hardware by talking about one of the most important networking components; routers.
Even if you are new to networking, you have probably heard of routers. Broadband Internet connections, such as those utilizing a cable modem or a DSL modem, almost always require a router. A router's job isn't to provide Internet connectivity though. A router's job is to move packets of data from one network to another. There are actually many different types of routers ranging from simple, inexpensive routers used for home Internet connectivity to the insanely expensive routers used by giant corporations. Regardless of a router’s cost or complexity, routers all work on the same basic principles.
That being the case, I'm going to focus my discussion around simple, low budget routers that are typically used to connect a PC to a broadband Internet connection. My reason for doing so is that this article series is intended for beginners. In my opinion, it will be a lot easier to teach you the basics if I am referencing something that is at least somewhat familiar to most people, and that is not as complicated as many of the routers used within huge corporations. Besides, the routers used in corporations work on the same basic principles as the routers that I will be discussing in this article. If you are wanting a greater level of knowledge though, don’t worry. I will talk about the science of routing in a whole lot more detail later in this article series.
As I explained earlier, a router's job is to move packets of data from one network to another. This definition might seem strange in the context of a PC that's connected to a broadband Internet connection. If you stop and think about it, the Internet is a network (actually it's a collection of networks, but that's beside the point).
So if a router's job is to move traffic between two networks, and the Internet is one of those networks, where is the other one? In this particular case, the PC that is connected to the router is actually configured as a very simple network.
To get a better idea of what I am talking about, take a look at the pictures shown in Figures A and B. Figure A shows the front of a 3COM broadband router, while Figure B shows the back view of the same router.
Figure B: A broadband Internet router contains a set of RJ-45 ports just like a hub or switch
As you can see in the figures, there is nothing especially remarkable about the front view of the router. I wanted to include this view anyway though, so that those of you who are unfamiliar with routers can see what a router looks like. Figure B is much more interesting.
If you look at Figure B, you’ll see that there are three sets of ports on the back of the router. The port on the far left is where the power supply connects to the router. The middle port is an RJ-45 port used to connect to the remote network. In this particular case, this router is intended to provide Internet connectivity. As such, this middle port would typically be used to connect the router to a cable modem or to a DSL modem. The modem in turn would provide the actual connectivity to the Internet.
If you look at the set of ports on the far right, you’ll see that there are four RJ-45 ports. If you think back to the first part of this article series, you’ll recall that hubs and switches also contained large groups of RJ-45 ports. In the case of a hub or switch, the RJ-45 ports are used to provide connectivity to the computers on the network.
These ports work the exact same way on this router. This particular router has a four port switch built in. Remember earlier when I said that a router’s job was to move packets between one network and another? I explained that in the case of a broadband router, the Internet represents one network, and the PC represents the second network. The reason why a single computer can represent an entire network is because the router does not treat the PC as a standalone device. Routers treat the PC as a node on a network. As you can see from the photo in Figure B, this particular router could actually accommodate a network of four PCs. It’s just that most home users who use this type of configuration only plug one PC into the router. Therefore a more precise explanation would be that this type of network routes packets of data between a small network (even if that network only consists of a single computer) to the Internet (which it treats as a second network).
Networking Basics: Part 3 - DNS Servers
In the last part of this article series, I talked about how all of the computers on a network segment share a common IP address range. I also explained that when a computer needs to access information from a computer on another network or network segment, it’s a router’s job to move the necessary packets of data from the local network to another network (such as the Internet).
If you read that article, you probably noticed that in one of my examples, I made a reference to the IP address that’s associated with my Web site. To be able to access a Web site, your Web browser has to know the Web site’s IP address. Only then can it give that address to the router, which in turn routes the outbound request packets to the appropriate destination. Even though every Web site has an IP address, you probably visit Web sites every day without ever having to know an IP address. In this article, I will show you why this is possible.
I have already explained that IP addresses are similar to street addresses. The network portion of the address defines which network segment the computer exists on, and the computer portion of the address designates a specific computer on that network. Knowing an IP address is a requirement for TCP/IP based communications between two computers.
When you open a Web browser and enter the name of a Web site (which is known as the site’s domain name, URL, or Universal Resource Locator), the Web browser goes straight to the Web site without you ever having to enter an IP address. With that in mind, consider my comparison of IP addresses to postal addresses. You can’t just write someone’s name on an envelope, drop the envelope in the mail, and expect it to be delivered. The post office can’t deliver the letter unless it has an address. The same basic concept applies to visiting Web sites. Your computer cannot communicate with a Web site unless it knows the site’s IP address.
So if your computer needs to know a Web site’s IP address before it can access the site, and you aren’t entering the IP address, where does the IP address come from? Translating domain names into IP addresses is the job of a DNS server.
In the two articles leading up to this one, I talked about several aspects of a computer’s TCP/IP configuration, such as the IP address, subnet mask, and default gateway. If you look at Figure A, you will notice that there is one more configuration option that has been filled in; the Preferred DNS server.
Figure A: The Preferred DNS Server is defined as a part of a computer’s TCP/IP configuration
As you can see in the figure, the preferred DNS server is defined as a part of a computer’s TCP/IP configuration. What this means is that the computer will always know the IP address of a DNS server. This is important because a computer cannot communicate with another computer using the TCP/IP protocol unless an IP address is known.
With that in mind, let’s take a look at what happens when you attempt to visit a Web site. The process begins when you open a Web browser and enter a URL. When you do, the Web browser knows that it can not locate the Web site based on the URL alone. It therefore retrieves the DNS server’s IP address from the computer’s TCP/IP configuration and passes the URL on to the DNS server. The DNS server then looks up the URL on a table which also lists the site’s IP address. The DNS server then returns the IP address to the Web browser, and the browser is then able to communicate with the requested Web site.
Actually, that explanation is a little bit over simplified. DNS name resolution can only work in the way that I just described if the DNS server contains a record that corresponds to the site that’s being requested. If you were to visit a random Web site, there is a really good chance that your DNS server does not contain a record for the site. The reason for this is because the Internet is so big. There are millions of Web sites, and new sites are created every day. There is no way that a single DNS server could possibly keep up with all of those sites and service requests from everyone who is connected to the Internet.
Let’s pretend for a moment that it was possible for a single DNS server to store records for every Web site in existence. Even if the server’s capacity were not an issue, the server would be overwhelmed by the sheer volume of name resolution requests that it would receive from people using the Internet. A centralized DNS server would also be a very popular target for attacks.
Instead, DNS servers are distributed so that a single DNS server does not have to provide name resolutions for the entire Internet. There is an organization named the Internet Corporation for Assigned Names and Numbers, or ICANN for short, that is responsible for all of the registered domain names on the Internet. Because managing all of those domain names is such a huge job, ICANN delegates portions of the domain naming responsibility to various other firms. For example, Network Solutions is responsible for all of the .com domain names. Even so, Network Solutions does not maintain a list of the IP addresses associated with all of the .com domains. In most cases, Network Solution’s DNS servers contain records that point to the DNS server that is considered to be authoritative for each domain.
To see how all this works, imagine that you wanted to visit the website. When you enter the request into your Web browser, your Web browser forwards the URL to the DNS server specified by your computer’s TCP/IP configuration. More than likely, your DNS server is not going to know the IP address of this website. Therefore, it will send the request to the ICANN DNS server. The ICANN DNS server wouldn’t know the IP address for the website that you are trying to visit. It would however know the IP address of the DNS server that is responsible for domain names ending in .COM. It would return this address to your Web browser, which in return would submit the request to the specified DNS server.
The top level DNS server for domains ending in .COM would not know the IP address of the requested Web site either, but it would know the IP address of a DNS server that is authoritative for the brienposey.com domain. It would send this address back to the machine that made the request. The Web browser would then send the DNS query to the DNS server that is authoritative for the requested domain. That DNS server would then return the websites IP address, thus allowing the machine to communicate with the requested website.
As you can see, there are a lot of steps that must be completed in order for a computer to find the IP address of a website. To help reduce the number of DNS queries that must be made, the results of DNS queries are usually cached for either a few hours or a few days, depending on how the machine is configured. Caching IP addresses greatly improves performance and minimizes the amount of bandwidth consumed by DNS queries. Imagine how inefficient Web browsing would be if your computer had to do a full set of DNS queries every time you visit a new page.
Today, most of the networking technologies that I mentioned above are quickly becoming extinct. Pretty much the only type of wired network used by small and medium sized businesses is Ethernet. You can see an example of an Ethernet network card, shown in Figure A.
Modern Ethernet networks use twisted pair cabling containing eight wires. These wires are arranged in a special order, and an RJ-45 connecter is crimped onto the end of the cable. An RJ-45 cable looks like the connector on the end of a phone cord, but it’s bigger. Phone cords use RJ-11 connectors as opposed to the RJ-45 connectors used by Ethernet cable. You can see an example of an Ethernet cable with an RJ-45 connector, shown in Figure B.Figure A: This is what an Ethernet card looks like
Figure B: This is an Ethernet cable with an RJ-45 connector installed
Hubs and Switches
As you can see, computers use network cards to send and receive data. The data is transmitted over Ethernet cables. However, you normally can’t just run an Ethernet cable between two PCs and call it a network.
In this day and age of high speed Internet access being almost universally available, you tend to hear the term broadband thrown around a lot. Broadband is a type of network in which data is sent and received across the same wire. In contrast, Ethernet uses Baseband communications. Baseband uses separate wires for sending and receiving data. What this means is that if one PC is sending data across a particular wire within the Ethernet cable, then the PC that is receiving the data needs to have the wire redirected to its receiving port.
You can actually network two PCs together in this way. You can create what is known as a cross over cable. A cross over cable is simply a network cable that has the sending and receiving wires reversed at one end, so that two PCs can be linked directly together.
The problem with using a cross over cable to build a network is that the network will be limited to using no more and no less than two PCs. Rather than using a cross over cable, most networks use normal Ethernet cables that do not have the sending and receiving wires reversed at one end.
Of course the sending and receiving wires have to be reversed at some point in order for communications to succeed. This is the job of a hub or a switch. Hubs are starting to become extinct, but I want to talk about them any way because it will make it easier to explain switches later on.
There are different types of hubs, but generally speaking a hub is nothing more than a box with a bunch of RJ-45 ports. Each computer on a network would be connected to a hub via an Ethernet cable. You can see a picture of a hub, shown in Figure C.
Figure C: A hub is a device that acts as a central connection point for computers on a network
A hub has two different jobs. Its first job is to provide a central point of connection for all of the computers on the network. Every computer plugs into the hub (multiple hubs can be daisy chained together if necessary in order to accommodate more computers).
The hub’s other job is to arrange the ports in such a way so that if a PC transmits data, the data is sent over the other computer’s receive wires.
Right now you might be wondering how data gets to the correct destination if more than two PCs are connected to a hub. The secret lies in the network card. Each Ethernet card is programmed at the factory with a unique Media Access Control (MAC) address. When a computer on an Ethernet network transmits data across an Ethernet network containing PCs connected to a hub, the data is actually sent to every computer on the network. As each computer receives the data, it compares the destination address to its own MAC address. If the addresses match then the computer knows that it is the intended recipient, otherwise it ignores the data.
As you can see, when computers are connected via a hub, every packet gets sent to every computer on the network. The problem is that any computer can send a transmission at any given time. Have you ever been on a conference call and accidentally started to talk at the same time as someone else? This is the same thing that happens on this type of network.
When a PC needs to transmit data, it checks to make sure that no other computers are sending data at the moment. If the line is clear, it transmits the necessary data. If another computer tries to communicate at the same time though, then the packets of data that are traveling across the wire collide and are destroyed (this is why this type of network is sometimes referred to as a collision domain). Both PCs then have to wait for a random amount of time and attempt to retransmit the packet that was destroyed.
As the number of PCs on a collision domain increases, so does the number of collisions. As the number of collisions increase, network efficiency is decreased. This is why switches have almost completely replaced hubs.
A switch, such as the one shown in Figure D, performs all of the same basic tasks as a hub. The difference is that when a PC on the network needs to communicate with another PC, the switch uses a set of internal logic circuits to establish a dedicated, logical path between the two PCs. What this means is that the two PCs are free to communicate with each other, without having to worry about collisions.
Figure D: A switch looks a lot like a hub, but performs very differently
Switches greatly improve a network’s efficiency. Yes, they eliminate collisions, but there is more to it than that. Because of the way that switches work, they can establish parallel communications paths. For example, just because computer A is communicating with computer B, there is no reason why computer C can’t simultaneously communicate with computer D. In a collision domain, these types of parallel communications would be impossible because they would result in collisions.
Figure A: Selecting the Users container causes the console to display all of the user accounts in the domain.
Now, right click on the Users container and select the New command from the resulting shortcut menu. When you do, you will see a submenu that gives you the choice of many different types of objects that you can create. Technically, the Users container is just a container and you can put pretty much any type of object in it. It is generally considered bad practice though to store objects other than user objects in the Users container. That being the case, select the User command from the submenu. When you do, you will see the dialog box shown in Figure B.
Figure B: The New Object – User dialog box allows you to create a new user account.
As you can see in the figure, Windows initially only requires you to enter some very basic information about the user. Although this screen asks for things like first name and last name, these are not technically required. The only piece of information that is absolutely required is the User Logon Name. Although the other fields are optional, I recommend filling them in anyway.
The reason why I recommend filling in as many fields as you can is because a user account is nothing more than an object that will reside within the Active Directory. Things like first name and last name are attributes of the user object that you are creating. The more attribute information that you fill in, the more useful the information stored in the Active Directory will be. After all, the Active Directory is a database that you can query for information. In fact, many applications work by extracting the various attributes from the Active Directory. When you have filled in the various fields, click the Next button, and you will be taken to the screen shown in Figure C.
Figure C: You will be prompted to assign a password to the new user account.
As you can see in the figure, assigning a password is fairly simple. All you really have to do is type, and retype the password. By default, the user is required to change the password at the next logon. You can prevent this behavior by clearing the User Must Change Password at Next Logon check box. There is another check box allowing you to prevent the user from changing their password at all. You also have the option of setting passwords to never expire, or disabling the account completely.
Although there is nothing overly complex about the password screen, there is one important thing to keep in mind. When you assign a password to a new user account, the password must comply with your corporate security policy. If the password that you use does not meet the requirements dictated by the applicable group policies, then the user account will not be created.
Click next and you will see a screen displaying a summary of the options that you have chosen. Assuming that everything looks good, click Finish and the new user account will be created.
I am not saying that you have to go through the console and populate dozens of attributes for every single user account. There are some attributes that do come in handy. I recommend populating attributes that are related to basic contact information. In fact, some corporations create corporate directories that are based solely on information stored in these Active Directory attributes. Even if you are not interested in building applications that extract information from your Active Directory, it is still a good idea to populate the Active Directory with user contact information. For example, suppose that you need to reboot a server, and a user is still logged into an application that resides on the server. If you have the user's contact information stored in the Active Directory, then you can simply look up the user's phone number, and call the user to ask them to log out.
Before I show you how to populate the various Active Directory attributes, I want to mention that the same technique can also be used for modifying existing attributes. For example, if a female employee were to get married, she might change her last name. You could use the techniques that I am about to show you to modify the contents of the Last Name attribute.
To access the various user account attributes, simply right click on the user account of choice and select the Properties command from the resulting shortcut menu. Upon doing so, Windows will display the screen shown in Figure D.
Figure D: The user's properties sheet is used to store attribute and configuration information for the user account.
As you can see in the figure, the properties sheet's General tab allows you to modify the user’s first name, last name, or display name. You can also fill in (or modify) a few other fields such as Description, Office, Telephone Number, E-mail, or Web Page. If you are interested in storing more detailed information about the user, then check out the Address, Telephones, and Organization tabs. These tabs all contain fields for storing much more detailed information about the user.
If you need to reset a user’s password, then close the user’s properties sheet. After doing so, right click on the user account and select the Reset Password command found on the resulting shortcut menu.
Networking Basics: Part 4 - User Account Management
In the previous part of this article series, I began discussing the Active Directory Users and Computers console. Although that article explained how to connect to the domain of choice using the console, it never actually explained how to use the console for day-to-day management tasks. In this article, I will show you some basic techniques for user account maintenance.Creating a User Account
One of the most common uses for the Active Directory Users in Computers console is to create new user accounts. To do so, expand the container corresponding to the domain that you are attached to, and select the Users container. When you do, the console's details pane will display all of the user accounts that currently exist in the domain, as shown in Figure A.Figure A: Selecting the Users container causes the console to display all of the user accounts in the domain.
Now, right click on the Users container and select the New command from the resulting shortcut menu. When you do, you will see a submenu that gives you the choice of many different types of objects that you can create. Technically, the Users container is just a container and you can put pretty much any type of object in it. It is generally considered bad practice though to store objects other than user objects in the Users container. That being the case, select the User command from the submenu. When you do, you will see the dialog box shown in Figure B.
Figure B: The New Object – User dialog box allows you to create a new user account.
As you can see in the figure, Windows initially only requires you to enter some very basic information about the user. Although this screen asks for things like first name and last name, these are not technically required. The only piece of information that is absolutely required is the User Logon Name. Although the other fields are optional, I recommend filling them in anyway.
The reason why I recommend filling in as many fields as you can is because a user account is nothing more than an object that will reside within the Active Directory. Things like first name and last name are attributes of the user object that you are creating. The more attribute information that you fill in, the more useful the information stored in the Active Directory will be. After all, the Active Directory is a database that you can query for information. In fact, many applications work by extracting the various attributes from the Active Directory. When you have filled in the various fields, click the Next button, and you will be taken to the screen shown in Figure C.
As you can see in the figure, assigning a password is fairly simple. All you really have to do is type, and retype the password. By default, the user is required to change the password at the next logon. You can prevent this behavior by clearing the User Must Change Password at Next Logon check box. There is another check box allowing you to prevent the user from changing their password at all. You also have the option of setting passwords to never expire, or disabling the account completely.
Although there is nothing overly complex about the password screen, there is one important thing to keep in mind. When you assign a password to a new user account, the password must comply with your corporate security policy. If the password that you use does not meet the requirements dictated by the applicable group policies, then the user account will not be created.
Click next and you will see a screen displaying a summary of the options that you have chosen. Assuming that everything looks good, click Finish and the new user account will be created.
Editing User Account Attributes
Earlier, I discussed the importance of filling in the various attributes as you create a new user account. You might have noticed that the screens involved in creating a new user account did not really have many attributes that you were able to fill in. However, the Active Directory contains dozens of built in attributes related to user accounts.I am not saying that you have to go through the console and populate dozens of attributes for every single user account. There are some attributes that do come in handy. I recommend populating attributes that are related to basic contact information. In fact, some corporations create corporate directories that are based solely on information stored in these Active Directory attributes. Even if you are not interested in building applications that extract information from your Active Directory, it is still a good idea to populate the Active Directory with user contact information. For example, suppose that you need to reboot a server, and a user is still logged into an application that resides on the server. If you have the user's contact information stored in the Active Directory, then you can simply look up the user's phone number, and call the user to ask them to log out.
Before I show you how to populate the various Active Directory attributes, I want to mention that the same technique can also be used for modifying existing attributes. For example, if a female employee were to get married, she might change her last name. You could use the techniques that I am about to show you to modify the contents of the Last Name attribute.
To access the various user account attributes, simply right click on the user account of choice and select the Properties command from the resulting shortcut menu. Upon doing so, Windows will display the screen shown in Figure D.
As you can see in the figure, the properties sheet's General tab allows you to modify the user’s first name, last name, or display name. You can also fill in (or modify) a few other fields such as Description, Office, Telephone Number, E-mail, or Web Page. If you are interested in storing more detailed information about the user, then check out the Address, Telephones, and Organization tabs. These tabs all contain fields for storing much more detailed information about the user.
Resetting a User’s Password
You probably noticed in Figure D that there are a lot of different tabs on the user’s properties sheet. Most of these tabs are related to the security and configuration of the user account. One thing that most new administrators seem to notice right away when exploring these tabs is that there is no option on any of the tabs to reset the user’s password.If you need to reset a user’s password, then close the user’s properties sheet. After doing so, right click on the user account and select the Reset Password command found on the resulting shortcut menu.
No comments:
Post a Comment