Telecom OnLine: Lecture Mail
Welcome to Lesson 11,
Day 2- Chapter 10 - Network Administration and Support
Course Notes
Lesson 11 Notes - Cont'd
Managing Network
Data Security
When deciding on a network security
plan, it is important to rememberthat all situations are different and that
the same security measures are not necessary in all instances.
Security Models
- Physical security may be as simple
a installing the servers in a locked room and ensuring that only authorized
personnel have access.
- The data security models roughly
correspond to the network models, i.e., peer-to-peer networks use share-oriented
security whereas server-based networks use user-oriented security. This should
be considered in all phases of network planning. The level of security required
has a large impact on the network operating system chosen.
Implementing Security
Any good security plan must involve
user training. The more a user understands why you have implemented a particular
system, the less likely they are to cause problems. For example, if a user doesn’t
understand that their password has to be changed every 60 days, then, when they
can’t logon because their password has expired, they will become frustrated
and come to the administrator. However, if the user does understand that the
security plan requires them to change their password, when they receive the
message from the server telling them its time, they will do so willingly.
Maintaining Security
In order to maintain security, the
security plan must be reviewed on a regular basis. Necessary changes to the
plan and any additional user orientation or training on new procedures should
be undertaken immediately to "close any holes" that are uncovered.
Avoiding Data Loss
One of the key aspects of networking,
and, indeed, one of the major selling points, is the ability to protect data.
Aspiring network administrators are often able to convince their bosses that
a network is in order by showing them that the chances of losing a document
are greatly reduced when a network is installed.
- Tape Backups - Regular
and Often
- Full backup - copies all selected
files to tape.*
- Incremental backup - copies
only those files changed since the last full or incremental backup.*
- Differential backup - copies
all files changed since the last full backup - does not reset the archive
bit.*
- Copy backup - copies selected
files to tape without resetting the archive bit
- Daily backup - copies all
files changed the day the backup is made
* Most useful
as a part of a regular back-up schedule.
- A backup log is very important
when it comes to disaster recovery. By keeping a log, an administrator
can easily see which tapes contain the data he needs and so he will not
waste time searching through tapes. Many new backup programs, such as
ARCserve, perform this function
automatically.
- Test restorations to ensure
the backups are running properly. It would be of no use to anyone if,
when the hard drive in the server crashed, the data on the full backup
could not be restored.ally.
- It is very important to create
a backup schedule and stick to it. Make sure that everyone responsible
for the backups knows what needs to happen and when. It is often best
to assign this task to one person to ensure it is done the same way every
day.
- Repairing
or Recovering Windows Systems
- Windows NT and Windows 2000
contain repair utilities and features like the Emergency Repair Disk (ERD),
the recovery console, fixmbr, fixboot, and diskpart that are available
for use by network administrators to aid in data recovery.
- Uninterruptible Power
Supply (UPS)
- UPSs can prevent data loss
by ensuring the server has enough power to shutdown gracefully.
- A UPS is also able to condition
the power coming from the wall outlet and provide surge protection.
- Many UPS systems provide connections
for 10BaseT, RJ-45, or RJ-11 connections to prevent surges from damaging
network cards, ISDN interfaces, and modems.
- Fault-Tolerant Systems
- Disk mirroring and duplexing
are two methods often used prevent data loss. With disk mirroring, if
the hard drive controller fails, data is still lost. However, with duplexing,
if the primary controller fails, the secondary drive and controller still
ensure that data is safe.
- Redundant Arrays of Inexpensive
Disks (RAID) - Levels: 0 - 5
- Disk mirroring and disk
duplexing are RAID level one.
- Disk striping with parity
is actually RAID level 5. This system insures data against data loss
by writing parity information for the data written on a different
drive than the data is on. When a drive fails, this parity information
can be used to reconstruct the data. Windows NT and Windows 2000 operating
systems will perform disk striping with parity without extra adapter
cards or software. This is one unique feature of Windows NT.
- When using RAID 5, all
partitions in the stripe set must be the same size, and the equivalent
of one disk is used for parity information. For example, if a stripe
set consists of six 600 MB drives, the total usable space is 3 GB
(5x600) while the parity space will equal 600 MB. Parity information
is not located on a single hard drive.
- Benefits of various fault-tolerant
systems:
- Disk mirroring is less
expensive, but makes less efficient use of the drive space available.
- Disk striping with parity
makes more efficient use of the drives available, but requires many
more resources then mirroring.
- Intellimirror - Intellimirror
is a client/server application that runs on Windows 2000 machines and
creates a “smart back-up copy” of a system on an Intellimirror
server. This application gives users access to all files and settings
regardless of which system they are using to attach to the network.
_______________________________________________________
Lesson 11, Day 2 - Case Assignment
Your network has three
servers and 15 workstations. You have been tasked with implementing a backup
policy that will ensure against data loss, provide a fast backup, and provide
the fastest recovery in the event of a failure. Outline a backup policy to suit
your needs.