Ch6: Models of network and system administration

Introduction to Network and System Administration

  • System Interaction:

    • Systems consist of interacting components that have mutual dependencies.

    • Ignoring these dependencies results in management errors and false assumptions.

    • Systems operate as complex cause-and-effect relationships, comparable to ecological webs.

  • Adaptability:

    • An adaptable system is defined by its ability to cope with unexpected changes.

    • If original assumptions about a system fail, they can be modified in an adaptable system.

    • Adaptability enhances predictability during changes and facilitates recovery from failures.

  • The Role of System Management:

    • The primary role of management is to secure the conditions required for system components to perform their specific functions.

    • Management should avoid controlling every minor detail; the focus must remain on securing necessary conditions.

    • Systems are first designed to function, and then management discusses attributes based on three key themes:

      1. Resource Management: Managing consumables and reusables.

      2. Scheduling: Managing time and queues.

      3. Strategy.

6.1 Information Models and Directory Services

  • Definition and Function:

    • A directory service is a software application designed to manage information regarding network resources.

    • It acts as a centralized database to organize and store data about computers, users, printers, and various network devices.

    • Access is restricted to authorized applications and users.

  • Utility in Enterprise Networks:

    • Widely utilized for authentication, authorization, and general resource management.

    • Enables Single Sign-On (SSO) capabilities, allowing users to log in once and access resources across multiple systems without repeated authentication.

    • Named Examples:

      • Active Directory (Microsoft)

      • OpenLDAP (The OpenLDAP Project)

      • Novell eDirectory (Micro Focus)

  • Usage Models:

    • White Pages: A lookup performed when the user starts with a specific key for a specific resource (e.g., looking up a specific number in a telephone book).

    • Yellow Pages: A browsing-based service used when the exact resource is unknown, requiring a list of categories to match services or users.

  • Technical Infrastructure:

    • Maps network resources to their respective physical network addresses.

    • Provides a shared infrastructure for organizing and administering resources such as volumes, files, folders, groups, users, devices, and telephone numbers.

    • In a directory server (or name server), every network resource is treated as an object.

    • Information about resources is stored as a collection of attributes associated with that object.

  • Namespace and Identification:

    • Directory services define a network namespace and assign a unique identifier (name) to every object.

    • Namespace rules ensure names are unique and unambiguous.

    • Allows users to locate resources by name instead of physical address.

    • Access control provisions may limit information availability to authorized users.

X.500 Standards and Protocols

  • Overview:

    • X.500 refers to a set of ITU-T standards defining protocols for global directory services.

    • It uses a hierarchical directory structure for organizing network resource information.

    • While widely used in enterprises for auth/auth and resource management, it has largely been superseded by the simpler Lightweight Directory Access Protocol (LDAP).

  • Protocol Suite:

    1. Directory Access Protocol (DAP)

    2. Lightweight Directory Access Protocol (LDAP) (Note: DAP and LDAP constitute Group 1; they differ in description and complexity)

    3. Directory System Protocol (DSP)

    4. Directory Information Shadowing Protocol (DISP): Used as a replication protocol.

    5. Directory Operational Bindings Management Protocol (DOP)

    6. Certificate Authority Subscription Protocol (CASP)

    7. Authorization Validation Management Protocol (AVMP)

    8. Trust Broker Protocol (TBP)

  • Object Classes:

    • Abstract: Located at the upper levels of the hierarchy. Entries are only populated if inherited by a structural class. Examples include ‘top’, ‘Country’, ‘Device’, ‘Organizational-Person’, and ‘Security-Object’.

    • Structural: The primary content or ‘meat’ of an object class used for actual entries. Examples include ‘person’ and ‘organization’. The attribute ‘objectClass’ declares the entry type (e.g., ‘Computer’ or ‘Configuration’).

    • Auxiliary: Defines special-case attributes added to specific entries as hints. For instance, both a person and an organization might need a telephone number or web page, even if it is not a requirement of their structural class.

  • Distributed Directory Partitioning:

    • As shown in Figure 6.1, a distributed directory can be partitioned into distinct areas, each handled by a separate server (indicated by dotted areas in the visualization).

6.2 System Infrastructure Organization

  • Economic Balance: Administrators must find the equilibrium between spending money effectively and saving money where appropriate.

  • Team Work and Communication:

    • Bi-directional communication is essential in several forms:

      • Computer programs and their data.

      • Computers and devices.

      • Collaborating humans in teams.

      • Clients and servers.

      • Users and systems.

      • Policy decision-makers and policy enforcers.

      • Computers and the environment (indicated by physical hazards like spilled coffee).

  • Communication Noise and Errors:

    • Environmental noise can interfere with communication in two ways:

      1. Faulty Communication/External Interference: Information is distorted, omitted, or inserted.

      2. Incorrect Interpretation: Symbols are incorrectly identified due to external interference or imprecision.

  • System Administration as a Meta-Program:

    • System administration is viewed as a meta-program executed by both machines and humans to manage system evolution. It involves:

      • Configuring systems within policy.

      • Maintaining machine operation within policy.

      • Managing user activity within policy.

  • The Development Loop (Figure 6.2):

    • Visualizes system development over time based on a set of rules.

    • Components: Rule, Message, Noise, Computer, and Users.

    • Users influence the system by altering rules, changing the conditions for rules, or directly touching/configuring the computer.

Homogeneity and Delegation

  • 6.2.2 Homogeneity (Uniformity):

    • Refers to making all hosts identical or similar in software and hardware configuration.

    • Advantages: Increased system predictability, easier management for administrators, and the ability to reuse hardware during emergencies.

    • Disadvantages: Specialized hardware may offer superior performance for specific applications (e.g., high-availability servers requiring multiple processors, high memory, and high bandwidth) that homogeneous systems lack.

  • Delegation II:

    • Assigns responsibilities to local administrators who understand local host usage patterns.

    • Minimizes the distance between the administrative center and the zone of responsibility.

    • Types of Delegation:

      1. Administrative: Assigning specific tasks to a subordinate.

      2. Project: Responsibility for a specific project/set of tasks.

      3. Resource: Access to budget or equipment.

      4. Authority: Delegating the power to make decisions on behalf of a superior.

      5. Policy: Responsibility for creating, implementing, and enforcing policies.

      6. Functional: Delegating specific functions (e.g., HR or marketing).

6.2.4 Mobile and Ad Hoc Networks

  • Definition: An Ad Hoc Network (AHN) is a collection of mobile objects capable of transmitting information.

  • Characteristics:

    • Forms an arbitrary graph that evolves over time.

    • Nodes (humans and devices) move randomly, leading to rapid and unpredictable changes in network topology.

    • Important for intermittent connectivity and describing high-level associations (who is in contact with whom; information flow paths).

  • Study Importance:

    • Flexibility: Adapts to changing topologies; ideal for military operations, emergency response, or remote locations.

    • Resource Efficiency: No need for pre-existing infrastructure; cost-effective and quick to deploy.

    • Scalability: Can scale from small personal networks to large industrial ones.

    • Research & Development: A fresh field leading to new technological advancements.

6.2.5 Peer-to-Peer (P2P) Services

  • Definition: Applications where each node chooses whether to participate in or abstain from data exchange with others over a common channel.

  • Key Concepts:

    • Platforms connect parties directly without a third-party intermediary.

    • Technology is used to overcome traditional transaction costs related to trust, enforcement, and information asymmetries.

    • Services provided include payment processing, quality assurance, and information about buyers/sellers.

  • Examples:

    • Open-source Software.

    • Filesharing.

    • Online Marketplaces.

    • Cryptocurrency and Blockchain.