3.0—Network Implementation
Fault tolerance involves ensuring that when network hardware or software fails, users on the network can still access the data and continue working with little or no disruption of service. One of the most common fault-tolerance solutions is RAID. Table 19 shows various RAID solutions.
| RAID Level | Description | Key Features | Minimum Disks Required |
|---|---|---|---|
| RAID 0 | Disk striping | No fault tolerance; improved I/Operformance | 2 |
| RAID 1 | Disk mirroring | Provides fault tolerance but at 50% disk overhead; can also be used with separate disk controllers, a strategy known as disk duplexing | 2 (2 is also the maximum number of disks used for RAID 1.) |
| RAID 2 | Disk striping with hamming code | Limited use | 3 |
| RAID 3 | Disk striping with single-parity disk | Limited use | 3 |
| RAID 4 | Disk striping with single-parity disk | Limited use | 3 |
| RAID 5 | Disk striping with distributed parity | Widely used RAID solution; uses distributed parity | 3 |
| RAID 10 | Striping with mirrored volumes | Increased performance with striping and offers mirrored fault tolerance | 4 |
Backups
Table 20 describes various backup strategies.
| Method | What Is Backed Up | Restore Procedure | Archive Bit |
|---|---|---|---|
| Full | All data | All data is restored from a single tape | Does not use the archive bit but clears it after files have been copied to tape |
| Incremental | All data changed since the last full or incremental backup | The restore procedure requires several tapes: the latest full backup and all incremental tapes since the last full backup. | Uses the archive bit and clears it after a file is saved to disk |
| Differential | All data changed since the last full backup | The restore procedure requires the latest full backup tape and the latest differential backup tape. | Uses the archive bit but does not clear it |
You should use an off-site tape rotation scheme to store current copies of backups in a secure off-site location.
You should periodically introduce new tapes into the tape rotation and destroy the old tapes.
LANs and NAS
VLANs are used to segment networks. This is often done for organizational or security purposes.
NAS are used to offload data storage from traditional file servers. NAS devices are connected directly to the network and use the SMB and NFS application protocols.
Client Connectivity
At the very minimum, an IP address and a subnet mask are required to connect to a TCP/IP network. With just this minimum configuration, connectivity is limited to the local segment, and DNS and WINS resolution are not possible.
The Client for Microsoft Networks can be installed on a Windows 95, Windows 98, or Windows Me system to facilitate connection to a Windows Server platform such as Windows NT 4 Server or Windows 2000 Server.
To log onto a NetWare server, you might need a username, password, tree, and context.
Unix and Linux utilize the Network File System (NFS) protocol to provide file-sharing capabilities between computers.
Security: Physical, Logical, Passwords, and Firewalls
Physical security refers to the issues related to the physical security of the equipment that composes or is connected to the network.
Logical security is concerned with security of data while it is on the systems that are connected to the network.
Common password policies typically specify a minimum length for passwords, password expiration, prevention of password reuse, and prevention of easy-to-guess passwords.
A password that uses eight case-sensitive characters, with letters, numbers, and special characters, often makes a strong password.
User-level security offers greater security than share-level security.
Table 21 shows file permissions for a Windows 2000 server.
Valid file permissions on a Unix/Linux system include read, write, and execute.
When a user cannot access files that other users can access, you should verify that the correct permissions are set.
A firewall is a system or group of systems that controls the flow of traffic between two networks. A firewall often provides such services as NAT, proxy services, and packet filtering.
The TCP/IP protocol suite uses port numbers to identify what service a certain packet is destined for. By configuring the firewall to allow certain types of traffic, you can control the flow.
Proxy Servers
A proxy server acts as an intermediary between a user on the internal network and a service on the external network such as the Internet.
A proxy server enables a network to appear to external networks as a single IP address—the IP address of the external network interface of the proxy server.
A proxy server allows Internet access to be controlled. Having a centralized point of access allows for a great deal of control over the use of the Internet.
Port Blocking
Port blocking is one of the most widely used security methods on networks. Port blocking is associated with firewalls and proxy servers, although in fact it can be implemented on any system that provides a means to manage network data flow, according to data type.