Microsoft Windows 2003 server Network Infrastructure pdf

967 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)
(2)

Microsoft Press

A Division of Microsoft Corporation One Microsoft Way

Redmond, Washington 98052-6399

Copyright © 2004 by Microsoft Corporation

All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher.

Library of Congress Cataloging-in-Publication Data Zacker, Craig.

MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure / Craig Zacker with Microsoft Corporation.

p. cm. Includes index. ISBN 0-7356-1893-3

1. Electronic data processing personnel--Certification. 2. Microsoft

software--Examinations--Study guides. 3. Computer networks--Examinations--Study guides. 4. Microsoft Windows server. I. Microsoft Corporation. II. Title.

QA76.3.Z32 2003

004.6--dc21 2003056205

Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3 Distributed in Canada by H.B. Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide. For further informa­ tion about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to tkinput@microsoft.com.

Active Directory, Authenticode, Microsoft, Microsoft Press, NetMeeting, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corpora­ tion in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organiza­ tion, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Acquisitions Editor: Kathy Harding Project Editor: Jean Trenary Technical Editor: Linda Zacker

(3)
(4)
(5)

1

1

2

2

3

3

4

4

5

5

6

6

7

7

8

8

9

9

10

11

12

13

Contents at a Glance

Part 1€

Learn at Your Own Pace

Planning a Network Topology . . . -3€

Planning a TCP/IP Network Infrastructure . . . -1€

Planning Internet Connectivity . . . -1€

Planning a Name Resolution Strategy . . . -1€

Using Routing and Remote Access. . . -1€

Maintaining Server Availability . . . -1€

Clustering Servers. . . -1€

Planning a Secure Baseline Installation . . . -1€

Hardening Servers . . . -1€

Deploying Security Configurations . . . 10-1€

Creating and Managing Digital Certificates . . . 11-1€

Securing Network Communications Using IPSec . . . 12-1€

Designing a Security Infrastructure . . . 13-1€

Part 2

Prepare for the Exam

14

Planning and Implementing Server Roles and Server Security (1.0) . . . 14-3€

15

Planning, Implementing, and Maintaining a €

Network Infrastructure (2.0) . . . 15-1€

16

Planning, Implementing, and Maintaining €

Routing and Remote Access (3.0) . . . 16-1€

17

Planning, Implementing, and Maintaining Server Availability (4.0) . . . . 17-1€

18

Planning and Maintaining Network Security (5.0) . . . 18-1€

19

Planning, Implementing, and Maintaining €

Security Infrastructure (6.0) . . . 19-1€

(6)

Practices

(7)

Tables

Table 1-1: Ethernet Variants . . . 1-21 Table 2-1: IP Address Classes . . . 2-26 Table 6-1: Magnetic Tape Drive Types . . . 6-32 Table 7-1: NLB Configuration Advantages and Disadvantages . . . 7-18 Table 8-1: Windows Server 2003 Versions . . . 8-10 Table 8-2: Default Windows File System Permissions for System Drive. . . 8-20 Table 9-1: Typical Member Server Service Assignments. . . 9-11 Table 11-1: Sample Certificate Plan . . . 11-11 Table 11-2: Advantages and Disadvantages of Internal and External CAs . . . 11-12 Table 12-1: Well-Known Port Numbers . . . 12-4 Table 12-2: Protocol Codes . . . 12-9

Troubleshooting Labs

Chapter 2 . . . . 2-53 Chapter 3 . . . . 3-40 Chapter 4 . . . . 4-65

Chapter 5 . . . . 5-52 Chapter 6 . . . . 6-45 Chapter 7 . . . . 7-48

Chapter 9 . . . . 9-40 Chapter 10 . . . 10-28 Chapter 11 . . . 11-30

Chapter 12 . . . 12-44 Chapter 13 . . . 13-32

Case Scenario Exercises

(8)
(9)

Contents

About This Book . . . xxv

Intended Audience . . . xxv

Prerequisites . . . xxv

About the CD-ROM. . . xxvi

Features of This Book . . . xxvi

Part 1: Learn at Your Own Pace . . . xxvii

Part 2: Prepare for the Exam . . . xxvii

Informational Notes. . . .xxviii

Notational Conventions . . . .xxviii

Keyboard Conventions . . . xxix

Getting Started . . . xxix

Hardware Requirements. . . xxix

Software Requirements . . . xxx

Setup Instructions. . . xxx

The Microsoft Certified Professional Program . . . xxxiv

Certifications . . . xxxiv

Requirements for Becoming a Microsoft Certified Professional . . . xxxv

Technical Support . . . xxxvi

Evaluation Edition Software Support . . . xxxvi

Part 1

Learn at Your Own Pace

1

Planning a Network Topology

1-3

Why This Chapter Matters . . . 1-3 Before You Begin. . . 1-4 Lesson 1: Windows Server 2003 and the Network Infrastructure . . . 1-5 What Is a Network Infrastructure? . . . 1-5 Planning a Network Infrastructure . . . 1-8 Implementing a Network Infrastructure . . . 1-9 Maintaining a Network Infrastructure . . . 1-9 Lesson Review . . . 1-10 Lesson Summary . . . 1-11 Lesson 2: Selecting Data-Link Layer Protocols . . . 1-12 Understanding the OSI Reference Model . . . 1-12 Selecting a Data-Link Layer Protocol . . . 1-14 Practice: Choosing an Ethernet Variant . . . 1-23

(10)

Lesson Review . . . 1-23 Lesson Summary . . . 1-24 Lesson 3: Selecting Network/Transport Layer Protocols . . . 1-25 Using TCP/IP . . . 1-25 Lesson Review . . . 1-29 Lesson Summary . . . 1-29 Lesson 4: Locating Network Resources . . . 1-30 Determining Location Criteria . . . 1-30 Locating Workstations . . . 1-30 Locating Peripherals . . . 1-31 Locating Cables . . . 1-32 Locating Connectivity Devices . . . 1-33 Locating Servers . . . 1-34 Practice: Blueprinting a Network Infrastructure . . . 1-35 Lesson Review . . . 1-36 Lesson Summary . . . 1-36 Case Scenario Exercise . . . 1-37 Chapter Summary . . . 1-39 Exam Highlights . . . 1-40 Key Points . . . 1-40 Key Terms. . . 1-40 Questions and Answers . . . 1-42

2

Planning a TCP/IP Network Infrastructure

2-1

(11)

Lesson Review . . . 2-23 Lesson Summary . . . 2-24 Lesson 3: Planning an IP Addressing and Subnetting Strategy . . . 2-25 Obtaining Network Addresses. . . 2-25 Understanding IP Address Classes . . . 2-26 Understanding Subnetting . . . 2-27 Subnetting Between Bytes . . . 2-29 Practice: Subnetting IP Addresses . . . 2-32 Lesson Review . . . 2-33 Lesson Summary . . . 2-34 Lesson 4: Assigning IP Addresses . . . 2-35 Manually Configuring TCP/IP Clients . . . 2-35 Installing a DHCP Server . . . 2-36 Understanding DHCP Allocation Methods . . . 2-36 Planning a DHCP Deployment . . . 2-37 Practice: Installing and Configuring the DHCP Service . . . 2-38 Lesson Review . . . 2-40 Lesson Summary . . . 2-41 Lesson 5: Troubleshooting TCP/IP Addressing . . . 2-42 Isolating TCP/IP Problems . . . 2-42 Troubleshooting Client Configuration Problems . . . 2-43 Troubleshooting DHCP Problems. . . 2-47 Lesson Review . . . 2-49 Lesson Summary . . . 2-50 Case Scenario Exercise . . . 2-50 Troubleshooting Lab . . . 2-53 Chapter Summary . . . 2-54 Exam Highlights . . . 2-54 Key Points . . . 2-55 Key Terms. . . 2-55 Questions and Answers . . . 2-56

3

Planning Internet Connectivity

3-1

(12)

Lesson 2: Selecting Routers and ISPs . . . 3-15 Choosing A Router Type . . . 3-15 Choosing An ISP . . . 3-17 Practice: Configuring a Windows Server 2003 Router . . . 3-21 Lesson Review . . . 3-22 Lesson Summary . . . 3-23 Lesson 3: Securing and Regulating Internet Access . . . 3-24 Determining Internet Security Requirements . . . 3-24 Using NAT . . . 3-26 Using a Proxy Server . . . 3-29 Selecting an Internet Access Method . . . 3-30 Practice: Configuring a NAT Router . . . 3-31 Lesson Review . . . 3-33 Lesson Summary . . . 3-33 Lesson 4: Troubleshooting Internet Connectivity . . . 3-34 Determining the Scope of the Problem . . . 3-34 Diagnosing Client Configuration Problems . . . 3-35 Diagnosing NAT and Proxy Server Problems . . . 3-36 Diagnosing Internet Connection Problems . . . 3-37 Lesson Review . . . 3-38 Lesson Summary . . . 3-38 Case Scenario Exercise . . . 3-39 Troubleshooting Lab . . . 3-40 Chapter Summary . . . 3-41 Exam Highlights . . . 3-42 Key Points . . . 3-42 Key Terms. . . 3-42 Questions and Answers . . . 3-43

4

Planning a Name Resolution Strategy

4-1

(13)
(14)

Chapter Summary . . . 4-66 Exam Highlights . . . 4-67 Key Points . . . 4-67 Key Terms. . . 4-67 Questions and Answers . . . 4-69

5

Using Routing and Remote Access

5-1

(15)

Exam Highlights . . . 5-53 Key Points . . . 5-53 Key Terms. . . 5-54 Questions and Answers . . . 5-55

6

Maintaining Server Availability

6-1

Why This Chapter Matters . . . 6-1 Before You Begin. . . 6-1 Lesson 1: Monitoring Network Traffic . . . 6-2 Using the Performance Console . . . 6-2 Analyzing Network Traffic with Network Monitor . . . 6-7 Practice: Using Network Monitor . . . 6-13 Lesson Review . . . 6-15 Lesson Summary . . . 6-15 Lesson 2: Monitoring Network Servers . . . 6-16 Monitoring Network Server Services . . . 6-16 Locating System Bottlenecks . . . 6-25 Practice: Establishing a Performance Baseline . . . 6-28 Lesson Review . . . 6-30 Lesson Summary . . . 6-30 Lesson 3: Planning a Backup Strategy . . . 6-31 Understanding Network Backups . . . 6-31 Creating a Backup Plan . . . 6-35 Performing Restores . . . 6-39 Using Volume Shadow Copy . . . 6-40 Practice: Using Windows Server 2003 Backup . . . 6-42 Lesson Review . . . 6-43 Lesson Summary . . . 6-44 Case Scenario Exercise . . . 6-44 Troubleshooting Lab . . . 6-45 Chapter Summary . . . 6-46 Exam Highlights . . . 6-47 Key Points . . . 6-47 Key Terms. . . 6-48 Questions and Answers . . . 6-49

7

Clustering Servers

7-1

(16)

Lesson 1: Understanding Clustering. . . 7-2 Clustering Types . . . 7-2 Designing a Clustering Solution . . . 7-5 Lesson Review . . . 7-12 Lesson Summary . . . 7-13 Lesson 2: Using Network Load Balancing . . . 7-14 Understanding Network Load Balancing . . . 7-14 Planning a Network Load Balancing Deployment . . . 7-15 Deploying a Network Load Balancing Cluster . . . 7-20 Monitoring Network Load Balancing . . . 7-21 Practice: Creating a Network Load Balancing Cluster . . . 7-25 Lesson Review . . . 7-28 Lesson Summary . . . 7-29 Lesson 3: Designing a Server Cluster . . . 7-30 Designing a Server Cluster Deployment . . . 7-30 Planning a Server Cluster Hardware Configuration . . . 7-31 Creating an Application Deployment Plan . . . 7-35 Selecting a Quorum Model . . . 7-38 Creating a Server Cluster . . . 7-39 Configuring Failover Policies . . . 7-41 Practice: Creating a Single Node Cluster . . . 7-42 Lesson Review . . . 7-45 Lesson Summary . . . 7-45 Case Scenario Exercise . . . 7-46 Troubleshooting Lab . . . 7-48 Chapter Summary . . . 7-48 Exam Highlights . . . 7-49 Key Points . . . 7-49 Key Terms. . . 7-50 Questions and Answers . . . 7-51

8

Planning a Secure Baseline Installation

8-1

(17)

Lesson 2: Planning a Security Framework . . . 8-13 High-Level Security Planning . . . 8-13 Creating a Security Design Team . . . 8-13 Mapping Out a Security Life Cycle. . . 8-14 Lesson Review . . . 8-17 Lesson Summary . . . 8-18 Lesson 3: Identifying Client and Server Default Security Settings . . . 8-19 Evaluating Security Settings . . . 8-19 Practice: Modifying Default Security Settings . . . 8-30 Lesson Review . . . 8-32 Lesson Summary . . . 8-33 Case Scenario Exercise . . . 8-34 Chapter Summary . . . 8-35 Exam Highlights . . . 8-36 Key Points . . . 8-36 Key Terms. . . 8-37 Questions and Answers . . . 8-38

9

Hardening Servers

9-1

(18)

Lesson 3: Deploying Role-Specific GPOs. . . 9-31 Combining GPO Policies . . . 9-31 Practice: Deploying Multiple GPOs . . . 9-34 Lesson Review . . . 9-36 Lesson Summary . . . 9-37 Case Scenario Exercise . . . 9-38 Troubleshooting Lab . . . 9-40 Chapter Summary . . . 9-41 Exam Highlights . . . 9-42 Key Points . . . 9-42 Key Terms. . . 9-42 Questions and Answers . . . 9-44

10

Deploying Security Configurations

10-1

(19)

Exam Highlights . . . 10-30 Key Points . . . 10-30 Key Terms. . . 10-31 Questions and Answers . . . 10-32

11

Creating and Managing Digital Certificates

11-1

Why This Chapter Matters . . . 11-1 Before You Begin. . . 11-1 Lesson 1: Introducing Certificates . . . 11-2 Introducing the Public Key Infrastructure . . . 11-2 Understanding PKI Functions . . . 11-6 Practice: Viewing a Certificate . . . 11-7 Lesson Review . . . 11-8 Lesson Summary . . . 11-8 Lesson 2: Designing a Public Key Infrastructure . . . 11-9 Defining Certificate Requirements . . . 11-9 Creating a CA Infrastructure . . . 11-11 Configuring Certificates . . . 11-16 Practice: Installing a Windows Server 2003 Certification Authority . . . 11-16 Lesson Review . . . 11-17 Lesson Summary . . . 11-18 Lesson 3: Managing Certificates . . . 11-19 Understanding Certificate Enrollment and Renewal . . . 11-19 Manually Requesting Certificates . . . 11-21 Revoking Certificates. . . 11-24 Practice: Requesting a Certificate . . . 11-25 Lesson Review . . . 11-28 Lesson Summary . . . 11-29 Case Scenario Exercise . . . 11-29 Troubleshooting Lab . . . 11-30 Chapter Summary . . . 11-31 Exam Highlights . . . 11-32 Key Points . . . 11-32 Key Terms. . . 11-32 Questions and Answers . . . 11-33

(20)

Lesson 1: Securing Internetwork Communications . . . 12-3 Introducing Packet Filtering . . . 12-3 Packet Filtering Criteria . . . 12-5 Windows Server 2003 Packet Filtering . . . 12-8 Practice: Creating Packet Filters in Routing and Remote Access Service . . . 12-9 Lesson Review . . . 12-11 Lesson Summary . . . 12-13 Lesson 2: Planning an IPSec Implementation . . . 12-14 Evaluating Threats. . . 12-14 Introducing IPSec . . . 12-16 IPSec Protocols. . . 12-18 Transport Mode and Tunnel Mode . . . 12-22 Lesson Review . . . 12-23 Lesson Summary . . . 12-24 Lesson 3: Deploying IPSec . . . 12-25 IPSec Components . . . 12-25 Planning an IPSec Deployment . . . 12-26 Working with IPSec Policies . . . 12-26 Practice: Creating an IPSec Policy . . . 12-30 Lesson Review . . . 12-33 Lesson Summary . . . 12-34 Lesson 4: Troubleshooting Data Transmission Security . . . 12-35 Troubleshooting Policy Mismatches. . . 12-35 Examining IPSec Traffic . . . 12-38 Practice: Using Resultant Set of Policy . . . 12-39 Lesson Review . . . 12-42 Lesson Summary . . . 12-42 Case Scenario Exercise . . . 12-43 Troubleshooting Lab . . . 12-44 Chapter Summary . . . 12-44 Exam Highlights . . . 12-45 Key Points . . . 12-45 Key Terms. . . 12-46 Questions and Answers . . . 12-47

13

Designing a Security Infrastructure

13-1

(21)

Lesson 1: Planning a Security Update Infrastructure . . . 13-2 Understanding Software Update Practices . . . 13-2 Using Windows Update . . . 13-3 Updating a Network . . . 13-4 Practice: Using Microsoft Baseline Security Analyzer . . . 13-8 Lesson Review . . . 13-10 Lesson Summary . . . 13-11 Lesson 2: Securing a Wireless Network . . . 13-12 Understanding Wireless Networking Standards . . . 13-12 Wireless Networking Topologies . . . 13-13 Understanding Wireless Network Security . . . 13-15 Controlling Wireless Access Using Group Policies . . . 13-15 Authenticating Users . . . 13-17 Encrypting Wireless Traffic . . . 13-19 Lesson Review . . . 13-19 Lesson Summary . . . 13-20 Lesson 3: Providing Secure Network Administration . . . 13-21 Using Remote Assistance . . . 13-21 Using Remote Desktop . . . 13-25 Practice: Configuring Remote Assistance . . . 13-27 Lesson Review . . . 13-29 Lesson Summary . . . 13-30 Case Scenario Exercise . . . 13-31 Troubleshooting Lab . . . 13-32 Chapter Summary . . . 13-32 Exam Highlights . . . 13-33 Key Points . . . 13-33 Key Terms. . . 13-34 Questions and Answers . . . 13-35

Part 2

Prepare for the Exam �

(22)

Plan a Secure Baseline Installation. . . 14-10 Objective 1.2 Questions . . . 14-12 Objective 1.2 Answers . . . 14-14 Plan Security for Servers That Are Assigned Specific Roles. . . 14-16 Objective 1.3 Questions . . . 14-18 Objective 1.3 Answers . . . 14-20 Evaluate and Select the Operating System to Install on

Computers in an Enterprise . . . 14-22 Objective 1.4 Questions . . . 14-23 Objective 1.4 Answers . . . 14-25

(23)

16

Planning, Implementing, and Maintaining

Routing and Remote Access (3.0)

16-1

Tested Skills and Suggested Practices . . . 16-1 Further Reading . . . 16-2 Plan a Routing Strategy . . . 16-4 Objective 3.1 Questions . . . 16-6 Objective 3.1 Answers . . . 16-8 Plan Security for Remote Access Users. . . 16-10 Objective 3.2 Questions . . . 16-13 Objective 3.2 Answers . . . 16-15 Implement Secure Access Between Private Networks. . . 16-17 Objective 3.3 Questions . . . 16-19 Objective 3.3 Answers . . . 16-21 Troubleshoot TCP/IP Routing . . . 16-23 Objective 3.4 Questions . . . 16-25 Objective 3.4 Answers . . . 16-27

17

Planning, Implementing, and Maintaining Server Availability (4.0)

17-1

Tested Skills and Suggested Practices . . . 17-1 Further Reading . . . 17-3 Plan Services for High Availability . . . 17-5 Objective 4.1 Questions . . . 17-6 Objective 4.1 Answers . . . 17-7 Identify System Bottlenecks . . . 17-9 Objective 4.2 Questions . . . 17-11 Objective 4.2 Answers . . . 17-13 Implement a Cluster Server . . . 17-15 Objective 4.3 Questions . . . 17-18 Objective 4.3 Answers . . . 17-21 Manage Network Load Balancing . . . 17-24 Objective 4.4 Questions . . . 17-25 Objective 4.4 Answers . . . 17-26 Plan a Backup and Recovery Strategy . . . 17-27 Objective 4.5 Questions . . . 17-29 Objective 4.5 Answers . . . 17-31

(24)

Configure Network Protocol Security . . . 18-5 Objective 5.1 Questions . . . 18-7 Objective 5.1 Answers . . . 18-9 Configure Security for Data Transmission . . . 18-11 Objective 5.2 Questions . . . 18-13 Objective 5.2 Answers . . . 18-15 Plan for Network Protocol Security . . . 18-17 Objective 5.3 Questions . . . 18-19 Objective 5.3 Answers . . . 18-21 Plan Secure Network Administration Methods . . . 18-23 Objective 5.4 Questions . . . 18-25 Objective 5.4 Answers . . . 18-27 Plan Security for Wireless Networks . . . 18-29 Objective 5.5 Questions . . . 18-31 Objective 5.5 Answers . . . 18-33 Plan Security for Data Transmission . . . 18-35 Objective 5.6 Questions . . . 18-36 Objective 5.6 Answers . . . 18-38 Troubleshoot Security for Data Transmission . . . 18-40 Objective 5.7 Questions . . . 18-42 Objective 5.7 Answers . . . 18-43

19

Planning, Implementing, and Maintaining Security Infrastructure (6.0) 19-1

Tested Skills and Suggested Practices . . . 19-1 Further Reading . . . 19-2 Configure Active Directory Directory Service for Certificate Publication. . . 19-4 Objective 6.1 Questions . . . 19-5 Objective 6.1 Answers . . . 19-7 Plan a Public Key Infrastructure (PKI) That Uses Certificate Services . . . 19-9 Objective 6.2 Questions . . . 19-11 Objective 6.2 Answers . . . 19-13 Plan a Framework for Planning and Implementing Security . . . 19-15 Objective 6.3 Questions . . . 19-17 Objective 6.3 Answers . . . 19-18 Plan a Security Update Infrastructure . . . 19-20 Objective 6.4 Questions . . . 19-22 Objective 6.4 Answers . . . 19-23

Glossary. . . G-1

(25)
(26)

About This Book

Welcome to MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. In this book, you study some of the more advanced applications, protocols, and services included with Windows Server 2003 and learn how to use them to create a network that is both efficient and secure. For many of these applications, protocols, and services, implementing them on a network consists of a good deal more than just running an installation program or configuring a few parameters; many of them require careful planning and continual maintenance once you have completed the initial implementation. This book covers all these phases of the implementation process, so you learn all the relevant information about each service.

Note For more information about becoming a Microsoft Certified Professional, see the sec­ tion titled “The Microsoft Certified Professional Program” later in this introduction.

Intended Audience

This book was developed for information technology (IT) professionals who plan to take the related Microsoft Certified Professional exam 70-293, Planning and Maintain­ ing a Microsoft Windows Server 2003 Network Infrastructure, as well as IT profession­ als who design, implement, and maintain networks based on Microsoft Windows Server 2003 and its related technologies.

Note Exam skills are subject to change without prior notice and at the sole discretion of Microsoft.

Prerequisites

The MCSE 70-293 exam and this training kit do not have any official prerequisites, but students should have the following qualifications:

■ At least one year of experience implementing and administering a Microsoft Windows network with the following characteristics: 250 to 5,000 or more users, at least three physical locations, a minimum of three Active Directory domain controllers, and a variety of network services and resources, such as file and print servers, client/server applications, Internet access, and remote access

■ At least one year of experience, implementing and maintaining desktop operating systems

■ Experience planning and designing networks

(27)

About the CD-ROM

For your use, this book includes a Supplemental Materials CD-ROM. This CD-ROM contains a variety of informational aids to complement the book content:

■ The Microsoft Press Readiness Review Suite, powered by MeasureUp. This suite of practice tests and objective reviews contains questions of varying degrees of com­ plexity and offers multiple testing modes. You can assess your understanding of the concepts presented in this book and use the results to develop a learning plan that meets your needs.

■ An electronic version of this book (eBook). For information about using the eBook, see the section “The eBooks” later in this introduction.

■ An eBook of the Microsoft Encyclopedia of Networking, Second Edition, and of the Microsoft Encyclopedia of Security provide complete and up-to-date reference materials for networking and security.

■ Sample chapters from several Microsoft Press books give you additional informa­ tion about Windows Server 2003 and introduce you to other resources that are available from Microsoft Press.

A second CD-ROM contains a 180-day evaluation edition of Microsoft Windows Server 2003, Enterprise Edition.

Caution The 180-day Evaluation Edition provided with this training kit is not the full retail product and is provided only for the purposes of training and evaluation. Microsoft Technical Support does not support this evaluation edition.

For additional support information regarding this book and the CD-ROM (including answers to commonly asked questions about installation and use), visit the Microsoft Press Technical Support Web site at http://www.microsoft.com/mspress/support/. You can also email tkinput@microsoft.com or send a letter to Microsoft Press, Attention: Microsoft Press Technical Support, One Microsoft Way, Redmond, WA 98052-6399.

Features of This Book

(28)

Part 1: Learn at Your Own Pace

Each chapter identifies the exam objectives that are covered in the chapter, provides an overview of why the topics matter by explaining how the information applies in the real world, and lists any prerequisites that must be met to complete the lessons pre­ sented in the chapter.

The chapters contain a set of lessons. Lessons contain practices that include one or more hands-on exercises. These exercises give you an opportunity to use the skills being presented or explore the part of the application being described. Each lesson also has a set of review questions to test your knowledge of the material covered in that lesson.

After the lessons, you are given an opportunity to apply what you’ve learned in a case scenario exercise. In this exercise, you work through a multistep solution for a realistic case scenario. You are also given an opportunity to work through a troubleshooting lab that explores difficulties you might encounter when applying what you’ve learned on the job.

Each chapter ends with a summary of key concepts and a short section listing key top­ ics and terms that you need to know before taking the exam, summarizing the key learnings with a focus on the exam.

Real World

Helpful Real World Information

You will find sidebars like this one, which contain related information you might find helpful. “Real World” sidebars contain specific information gained through the experience of IT professionals just like you.

Part 2: Prepare for the Exam

Part 2 helps to familiarize you with the types of questions that you will encounter on the MCP exam. By reviewing the objectives and the sample questions, you can focus on the specific skills that you need to improve before taking the exam.

See Also For a complete list of MCP exams and their related objectives, go to http://www.microsoft.com/traincert/mcp.

(29)

Within each Objective Domain, you will find the related objectives that are covered on the exam. Each objective provides you with several practice exam questions. The answers are accompanied by explanations of each correct and incorrect answer.

Note These questions are also available on the companion CD as a practice test.

Informational Notes

Several types of reader aids appear throughout the training kit.

Tip contains methods of performing a task more quickly or in a not-so-obvious way.

Important contains information that is essential to completing a task.

Note contains supplemental information.

Caution contains valuable information about possible loss of data; be sure to read this information carefully.

Warning contains critical information about possible physical injury; be sure to read this information carefully.

See also contains references to other sources of information.

Planning contains hints and useful information that should help you plan the implementation.

Security Alert highlights information you need to know to maximize security in your work environment.

Exam Tip flags information you should know before taking the certification exam.

Off the Record contains practical advice about the real-world implications of information presented in the lesson.

Notational Conventions

The following conventions are used throughout this book.

■ Characters or commands that you type appear in bold type.

Italic in syntax statements indicates placeholders for variable information. Italic is also used for newly introduced terms and book titles.

■ Names of files and folders appear in Title caps, except when you are to type them directly. Unless otherwise indicated, you can use all lowercase letters when you type a file name in a dialog box or at a command prompt.

■ File name extensions appear in all lowercase.

(30)

■ Monospace type represents code samples, examples of screen text, or entries that you might type at a command prompt or in initialization files.

■ Square brackets [ ] are used in syntax statements to enclose optional items. For example, [filename] in command syntax indicates that you can choose to type a file name with the command. Type only the information within the brackets, not the brackets themselves.

■ Braces { } are used in syntax statements to enclose required items. Type only the information within the braces, not the braces themselves.

Keyboard Conventions

■ A plus sign (+) between two key names means that you must press those keys at the same time. For example, “Press ALT+TAB” means that you hold down ALT while you press TAB.

■ A comma ( , ) between two or more key names means that you must press each of the keys consecutively, not together. For example, “Press ALT, F, X” means that you press and release each key in sequence. “Press ALT+W, L” means that you first press ALT and W at the same time, and then release them and press L.

Getting Started

This training kit contains hands-on exercises to help you learn about the networking features of Windows Server 2003. Use this section to prepare your self-paced training environment. Most of the exercises require a computer running Windows Server 2003, and some of them require the Enterprise Edition.

Caution Several exercises require you to make changes to the computer running Windows Server 2003, which can have undesirable results if the system is used for other purposes or is connected to a production network. It is strongly recommended that you create a new Windows Server 2003 installation on your computer using the 180-day Evaluation Edition of the operating system provided on the CD-ROM. If the computer is connected to a network, check with your network administrator before attempting these exercises.

Hardware Requirements

(31)

■ Minimum CPU: 133 MHz for x86-based computers

■ Minimum RAM: 128 MB (256 MB is recommended)

■ Disk space for setup: 1.5 GB for x86-based computers

■ Display monitor capable of 800 x 600 resolution or higher

■ CD-ROM or DVD drive

■ Microsoft Mouse or compatible pointing device

■ Network interface adapter (optional)

Software Requirements

The following software is required to complete the procedures in this training kit:

■ Windows Server 2003, Enterprise Edition (A 180-day evaluation edition of Windows Server 2003, Enterprise Edition, is included on the CD-ROM.)

Caution The 180-day Evaluation Edition provided with this training is not the full retail product and is provided only for the purposes of training and evaluation. Microsoft Technical Support does not support these evaluation editions. For additional support information regarding this book and the CD-ROMs (including answers to commonly asked questions about installation and use), visit the Microsoft Press Technical Support Web site at http://www.microsoft.com/mspress/support/. You can also e-mail tkinput@microsoft.com or send a letter to Microsoft Press, Attn: Microsoft Press Technical Support, One Microsoft Way, Redmond, WA 98502-6399.

Setup Instructions

Set up your computer according to the manufacturer’s instructions. Then install Windows Server 2003, Enterprise Edition according to the instructions provided on the installation CD-ROM. Use the following table during installation to help you configure the Windows Setup parameters.

(32)

Windows Setup Wizard page Settings

Regional And Language Options Default (English)

Personalize Your Software Enter your name and organization.

Your Product Key Enter the product key provided with the Windows Server 2003 CD-ROM.

Licensing Modes Default

Computer Name And Computer Name: Server01

Administrator Password Administrator Password: [enter a strong password of your choice]

Modem Dialing Information Default

Date And Time Settings Your date, time, and time zone.

Networking Settings Custom Settings IP Address: 10.0.0.1 Subnet Mask: 255.0.0.0 Preferred DNS Server: 10.0.0.1

Workgroup Or Computer Domain Default (Workgroup named “WORKGROUP”)

Setup for Practice Exercises

After you complete the Windows Server 2003 installation, complete the following con-figuration steps to prepare your computer for the practice exercises in the lessons.

1.Create a folder called Windist on your computer’s system drive. Then, copy the con-tents of the I386 folder on the Windows Server 2003 CD-ROM to the Windist folder.

2.Use the Manage Your Server page (which appears by default after you log on to the computer for the first time) to add the domain controller role to the server. This installs the Active Directory, DHCP, and DNS services on the computer. The procedure is as follows:

a.On the Manage Your Server page, click the Add Or Remove A Role hyperlink. The Preliminary Steps page appears.

b.Click Next. The Configure Your Server Wizard analyzes the computer. When the analysis completes, the Configuration Options page appears.

c.Click the Typical Configuration For A First Server option button, and then click Next. The Active Directory Domain Name page appears.

(33)

e.Click Next to accept the default DNS and NetBIOS domain names. The For-warding DNS Queries page appears.

f.Click No, Do Not Forward Queries, and then click Next. The Summary Of Selections page appears.

g.Click Next to accept your selections. A Configure Your Server Wizard mes­ sage box appears.

h.Click OK to begin the installation process. After a few minutes, the computer restarts.

i.Log on as Administrator. The Server Configuration Progress page appears to continue the installation process.

j.When the installation is complete, click Next, and then click Finish in the This Server Is Now Configured page.

k. Close the Manage Your Server window.

3.Install the Microsoft Loopback Adapter (a virtual network interface adapter) using the following procedure:

a. From the Control Panel, display the Add Hardware Wizard.

b.Click Next to begin the search for new hardware. The Is The Hardware Con­ nected? page appears.

c.Click Yes, I Have Already Connected The Hardware, and then click Next. The Following Hardware Is Already Installed On Your Computer page appears.

d.Scroll down in the Installed Hardware list, select Add A New Hardware Device, and then click Next. The Wizard Can Help You Install Other Hard-ware page appears.

e.Select the Install The Hardware That I Manually Select From A List (Advanced) option button, and then click Next. The From The List Below, Select The Type Of Hardware You Are Installing page appears.

f.Scroll down in the Common Hardware Types list, Select Network Adapters, and then click Next. The Select Network Adapter page appears.

g.Select Microsoft in the Manufacturer list and Microsoft Loopback Adapter in the Network Adapter list, and then click Next. The Wizard Is Ready To Install Your Hardware page appears.

h. Click Next again to install the adapter driver.

(34)

4. Rename the icons in the Network Connections window, using the following procedure:

a.Right-click the Local Area Connection icon (corresponding to the network interface adapter in the computer), select Rename from the shortcut menu, and rename it to LAN Connection.

b.Right-click the Local Area Connection 2 icon (corresponding to the Microsoft Loopback Adapter you just installed), select Rename from the shortcut menu, and rename it to WAN Connection.

See Also If you do not have a network interface adapter installed in your computer, you can repeat the procedure in Step 3 twice to install two Microsoft Loopback Adapters, and then rename the two Local Area Connection icons as described here.

The Readiness Review Suite

The CD-ROM includes a practice test consisting of 300 sample exam questions and an objec­ tive review with an additional 125 questions. Use these tools to reinforce your learning and identify any areas where you need to gain more experience before taking the exam.

To install the practice test and objective review

1. Insert the Supplemental Materials CD-ROM into your CD-ROM drive.

Note If AutoRun is disabled on your machine, refer to the Readme.txt file on the CD-ROM.

2. Click Readiness Review Suite on the user interface menu and follow the prompts.

The eBooks

The CD-ROM includes an electronic version of this training kit, as well as eBooks for both the Microsoft Encyclopedia of Security and the Microsoft Encyclopedia of Networking, Second Edition. The eBooks are in portable document format (PDF) and can be viewed using Adobe Acrobat Reader.

To use the eBooks

1. Insert the Supplemental Materials CD-ROM into your CD-ROM drive.

Note If AutoRun is disabled on your machine, refer to the Readme.txt file on the CD-ROM.

(35)

The Microsoft Certified Professional Program

The Microsoft Certified Professional (MCP) program provides the best method for prov­ ing your command of current Microsoft products and technologies. The exams and corresponding certifications are developed to validate your mastery of critical compe­ tencies as you design and develop, or implement and support, solutions with Microsoft products and technologies. Computer professionals who become Microsoft certified are recognized as experts and are sought after industrywide. Certification brings a vari­ ety of benefits to the individual and to employers and organizations.

See Also For a full list of MCP benefits, go to http://www.microsoft.com/traincert/start/ itpro.asp.

Certifications

The Microsoft Certified Professional program offers multiple certifications, based on specific areas of technical expertise:

Microsoft Certified Professional (MCP). Demonstrated in-depth knowledge of at least one Microsoft Windows operating system or architecturally significant plat-form. An MCP is qualified to implement a Microsoft product or technology as part of a business solution for an organization.

Microsoft Certified Solution Developer (MCSD). Professional developers qualified to analyze, design, and develop enterprise business solutions with Microsoft development tools and technologies including the Microsoft .NET Framework.

Microsoft Certified Application Developer (MCAD). Professional developers qualified to develop, test, deploy, and maintain powerful applications using Microsoft tools and technologies including Microsoft Visual Studio .NET and XML Web services.

Microsoft Certified Systems Engineer (MCSE). Qualified to effectively analyze the business requirements, and design and implement the infrastructure for business solutions based on the Microsoft Windows and Microsoft Windows Server 2003 operating system.

Microsoft Certified Systems Administrator (MCSA). Individuals with the skills to manage and troubleshoot existing network and system environments based on the Microsoft Windows and Microsoft Windows Server 2003 operating systems.

Microsoft Certified Database Administrator (MCDBA). Individuals who design, implement, and administer Microsoft SQL Server databases.

(36)

Requirements for Becoming a Microsoft Certified Professional

The certification requirements differ for each certification and are specific to the prod­ ucts and job functions addressed by the certification.

To become a Microsoft Certified Professional, you must pass rigorous certification exams that provide a valid and reliable measure of technical proficiency and expertise. These exams are designed to test your expertise and ability to perform a role or task with a product, and are developed with the input of professionals in the industry. Questions in the exams reflect how Microsoft products are used in actual organiza­ tions, giving them “real-world” relevance.

■ Microsoft Certified Professional (MCPs) candidates are required to pass one cur-rent Microsoft certification exam. Candidates can pass additional Microsoft certifi­ cation exams to further qualify their skills with other Microsoft products, development tools, or desktop applications.

■ Microsoft Certified Solution Developers (MCSDs) are required to pass three core exams and one elective exam. (MCSD for Microsoft .NET candidates are required to pass four core exams and one elective.)

■ Microsoft Certified Application Developers (MCADs) are required to pass two core exams and one elective exam in an area of specialization.

■ Microsoft Certified Systems Engineers (MCSEs) are required to pass five core exams and two elective exams.

■ Microsoft Certified Systems Administrators (MCSAs) are required to pass three core exams and one elective exam that provide a valid and reliable measure of techni­ cal proficiency and expertise.

■ Microsoft Certified Database Administrators (MCDBAs) are required to pass three core exams and one elective exam that provide a valid and reliable measure of technical proficiency and expertise.

(37)

Technical Support

Every effort has been made to ensure the accuracy of this book and the contents of the companion disc. If you have comments, questions, or ideas regarding this book or the companion disc, please send them to Microsoft Press using either of the following methods:

E-mail: tkinput@microsoft.com Postal Mail: Microsoft Press

Attn: MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Editor One Microsoft Way

Redmond, WA 98052-6399

For additional support information regarding this book and the CD-ROM (including answers to commonly asked questions about installation and use), visit the Microsoft Press Technical Support Web site at http://www.microsoft.com/mspress/support/. To connect directly to the Microsoft Press Knowledge Base and enter a query, visit http://www.microsoft.com/mspress/support/search.asp. For support information regard­ ing Microsoft software, please connect to http://support.microsoft.com/.

Evaluation Edition Software Support

The 180-day Evaluation Edition provided with this training is not the full retail product and is provided only for the purposes of training and evaluation. Microsoft and Microsoft Technical Support do not support this evaluation edition.

Caution The Evaluation Edition of Windows Server 2003, Enterprise Edition included with this book should not be used on a primary work computer. The evaluation edition is unsup0 ported. For online support information relating to the full version of Windows Server 2003, Enterprise Edition, that might also apply to the Evaluation Edition, you can connect to http://support.microsoft.com/.

(38)
(39)

Part 1

(40)
(41)

1�

Planning a Network

Topology

Exam Objectives in this Chapter:

■ Plan and modify a network topology

■ Plan the physical placement of network resources

■ Identify network protocols to be used

Why This Chapter Matters

This chapter introduces some of the most basic decisions you must make when designing a network for a particular organization at a particular site. As a network designer, you are responsible for determining the requirements of the network’s users, administrators, and owners, and then for creating a network plan that attempts to fulfill them all. This chapter is by no means a complete survey of the network design process, but it does demonstrate how certain design decisions have profound repercussions for network planning, implementation, and maintenance.

For example, understanding the properties of the various network media in use today, as summarized in this chapter, helps you understand which medium is best suited to a particular network installation. The choice of medium can be based on the physical nature of the site where the network will be installed, or on the requirements of the network users, or more likely both.

When creating a network design, comprehensive documentation is vital, both for the benefit of the people who will install the network and for those who will maintain it later. This chapter specifies some of the most important information you should include in a network blueprint and indicates how the networking components you choose affect what information you should provide.

Lessons in this Chapter:

■ Lesson 1: Windows Server 2003 and the Network Infrastructure . . . 1-5

■ Lesson 2: Selecting Data-Link Layer Protocols . . . 1-12

■ Lesson 3: Selecting Network/Transport Layer Protocols . . . 1-25

■ Lesson 4: Locating Network Resources. . . 1-30

(42)

Before You Begin

(43)

Lesson 1: Windows Server 2003 and the Network

Infrastructure

A network infrastructure is a set of physical and logical components that provide con­ nectivity, security, routing, management, access, and other integral features on a net-work. During a network’s planning phase, engineers select the hardware and software components that will compose the network infrastructure and specify the particular location, installation, and configuration of those components.

After this lesson, you will be able to

■ Understand the difference between a network’s physical infrastructure and its logical infrastructure

■ Describe the network infrastructure planning process

■ Understand the process of implementing a network infrastructure plan

■ List the tasks involved in maintaining a network infrastructure

Estimated lesson time: 15 minutes

What Is a Network Infrastructure?

In most cases, the elements of a network infrastructure are both inherited and designed. If you are building a network that will be connected to the Internet, for example, certain aspects of the network, such as the use of the TCP/IP protocol suite, are inherited from the Internet. Other network elements, such as the physical layout of basic network compo­ nents, are chosen by design when the network is first conceived and are then inherited by later versions of the network as it evolves. It is rare for an engineer to have the opportunity to design a network from scratch, with no pre-existing influences. Nearly always, the engi­ neer must incorporate some existing elements into the network design, such as specific applications, operating systems, protocols, or hardware components.

Implementing a network infrastructure is the process of evaluating, purchasing, and assembling the specified components, and installing them in the manner prescribed by the design plan. The implementation process begins with engineers installing the net-work’s hardware infrastructure, including computers, cables, and connectivity devices such as hubs, switches, and routers, as well as printers and other peripherals. Once the hardware is in place, the engineers install and configure the operating systems, appli­ cations, and other software.

(44)

Server 2003 family also includes a collection of applications and services that imple­ ment important security and special communications capabilities on the network.

The significance of the network infrastructure does not end when the construction of the network is complete, however. The personnel responsible for maintaining the net-work must have an intimate knowledge of the netnet-work’s infrastructure to expand the network, perform upgrades, and troubleshoot problems. The 70-293 exam tests your knowledge of how the infrastructure affects the planning, implementation, and main­ tenance of a medium-to-large network, and of how Windows Server 2003 functions as a part of that infrastructure.

Physical Infrastructure

A network’s physical infrastructure is its topology—the physical design of the network— along with hardware components such as cabling, routers, switches, hubs, servers, and workstations. The hardware you select when planning the network’s physical infra­ structure is frequently dependent on elements of the network’s logical infrastructure. For example, if you decide to use Ethernet for your network’s data-link layer protocol, you are limited to certain specific cable types supported by Ethernet, and the network’s connectivity components—hubs, routers, and switches— must be designed for use with Ethernet as well.

For a small network, the physical infrastructure can be very simple—computers, a hub, and a few cables are generally all you need. For medium-to-large networks, however, the physical infrastructure can be extraordinarily complex. In addition to a large fleet of computers, a vast system of cables, and multiple interconnected hubs, the network might require routers or switches to connect segments, plus the additional components needed to support Internet connections, remote client access, wide area connections to other sites, or wireless connectivity.

The hardware used to implement these additional technologies is various and always relates to the network’s logical infrastructure. For example, to connect the Ethernet local area network (LAN) in the company headquarters to the Ethernet LAN in a branch office, you must choose a different data-link layer protocol for the wide area network (WAN) connection (such as Point-to-Point Protocol), as well as a different network medium (such as a dial-up or a T-1 connection), and you must be sure that the hard-ware and softhard-ware on both LANs support the WAN technology you choose.

(45)

Exam Tip Familiarity with the physical infrastructure of a network is prerequisite knowledge for the 70-293 exam. You should be familiar with the functions of all the basic hardware com­ ponents and how to connect them to construct a network.

!

Logical Infrastructure

A network’s logical infrastructure comprises the many software elements that connect, manage, and secure hosts on the network. The logical infrastructure allows communi­ cation between computers over the pathways described in the physical topology. The logical infrastructure of a network consists of both abstract software elements, such as networking protocols, and concrete elements, such as specific software products.

For example, when designing the infrastructure for a medium-to-large network, you will probably decide to use the TCP/IP protocols for network and transport-layer com­ munications. At this stage of planning, TCP/IP is considered to be an abstract element because you can implement the protocols using any one of several software products. After deciding on the abstract element, you must also select the concrete element you will use to implement that abstract element. After deciding to use TCP/IP, for example, you might then select the TCP/IP implementation found in the Microsoft Windows operating systems.

In addition to basic communication protocols such as TCP/IP, the abstract elements of the logical infrastructure can include security technologies such as digital certificates and the IP Security (IPSec) protocols. Various types of concrete elements can imple­ ment these abstract elements.

Planning For a network based on Windows Server 2003, most concrete elements needed in a typical infrastructure are realized in the operating system itself. In other cases, you might need to implement protocols and abstract security components as separate software products.

(46)

Planning a Network Infrastructure

Planning the infrastructure is by far the most complicated part of building a network because during this phase you create the blueprint you will use to implement the network and maintain it later. A complete network infrastructure plan consists of a great deal more than a physical infrastructure layout and a list of hardware and soft-ware products. To plan the infrastructure properly, a network designer must con­ sider the requirements of the network’s users, its owners, and its hardware and software components.

A basic question the network designer has to ask is: What tasks do the network users have to accomplish? Answering this question requires the designer to define the types of communications the users need and the software they need to accomplish their tasks. However, the process is not as simple as selecting an application. The users’ needs can affect many aspects of the network infrastructure.

For example, if the network has users who must be able to view video streamed from the Internet in real time, the ramifications for the network infrastructure design go well beyond the selection of an application that can display a video stream. The designer must also consider other elements, such as the bandwidth that streaming video con­ sumes on the local network and the speed of the Internet connection needed to sup-port the application.

In addition to selecting applications, a network designer must also be conscious of the services the network’s users need for their computers to function properly.

Exam Tip A large part of the 70-293 exam is devoted to the planning, implementation, and maintenance of Windows Server 2003 services, such as the DHCP Server service, the DNS Server service, and the Windows Internet Name Service (WINS) service. The planning process for services like these involves not only determining whether to use them, but also designing an IP addressing strategy and a Domain Name System (DNS) namespace, both of which are complex issues covered in depth in Chapter 2, “Planning a TCP/IP Network Infrastructure,” and Chapter 4, “Planning a Name Resolution Strategy,” respectively.

!

(47)

Implementing a Network Infrastructure

The process of implementing the technologies outlined in a network infrastructure plan typically involves a number of disciplines. Tasks such as the installation of net-work cables, for example, are frequently delegated to outside contractors that special­ ize in that type of work. The installation of operating systems and other software components is also part of the implementation process, but this is not a primary focus of the 70-293 exam.

The elements of the implementation process that are covered in the 70-293 exam focus largely on the selection of protocols, operating systems, applications, and security mech­ anisms that satisfy the requirements of a network’s owners, administrators, and users, as determined in the planning process. The exam also covers the process of deploying tech­ nologies such as the TCP/IP protocols, the DNS and WINS name-resolution mechanisms, and the IPSec protocol extensions. These deployments include tasks such as selecting the IP addresses and subnet mask that the computers on a network will use, designing a DNS namespace, and creating IPsec policies that ensure the security of communications between specific users or systems.

As a rule, the 70-293 exam focuses on the deployment of these technologies on a medium-to-large network, and it concentrates more on the organizational elements of the deployment than on the process of configuring an individual computer. For exam­ ple, the exam is more concerned with the process of creating a DNS namespace suit-able for a large organization than the installation and configuration of the DNS server application on a single computer running Windows Server 2003.

Maintaining a Network Infrastructure

The completion of the network planning and implementation processes is not the end of the professional’s concern for the network infrastructure. To maintain the network properly, administrators must have an intimate knowledge of the infrastructure and the technologies used to implement it. Network infrastructure maintenance includes such tasks as updating operating systems and applications, monitoring ongoing processes, and troubleshooting problems.

(48)

Administrators must monitor many services that are essential to a large network at reg­ ular intervals to ensure they are operating properly. This monitoring can include regu­ lar examination of logs, function testing, and network traffic analysis. The network administrator must be capable of configuring these services to log the appropriate information and of using Windows Server 2003 tools such as Network Monitor and the Performance console. However, an administrator who is familiar with the use of these tools does not necessarily know what elements to monitor, what performance levels to expect, and how to interpret the log entries. To know how to do these things, the administrator must be familiar with the network infrastructure and with the normal operations of the network so that any deviation from the baseline is apparent.

Troubleshooting is one of the primary maintenance functions of a network administra­ tor. Although much of the infrastructure design and implementation process revolves around the creation of a robust network, problems do occur, and in a large organiza­ tion, network failures can mean reduced productivity and loss of revenue. To deter-mine the location of a problem and decide on a course of action to remedy it, an administrator must be closely acquainted with the network infrastructure.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.

1. Which of the following statements about a network’s infrastructure is true?

a. A network infrastructure includes hardware products only.

b. A network infrastructure includes software products only.

c. A network infrastructure includes both hardware and software products.

d. A network infrastructure is a design that does not include specific hardware or software products.

(49)

3. Maintaining a network infrastructure includes which of the following processes? (Choose three.)

a. Updating the network

b. Troubleshooting the network

c. Implementing the network

d. Monitoring the network

Lesson Summary

■ A network infrastructure is a set of components that provide connectivity, secu­ rity, routing, management, access, and other integral features on a network. A network’s physical infrastructure is the physical design of the network, consist­ ing of hardware components such as cabling, routers, switches, hubs, servers, and workstations.

■ A network’s logical infrastructure comprises the many software elements that con­ nect, manage, and secure hosts on the network.

■ When planning a network infrastructure, you must determine the requirements of the network’s users, administrators, and owners, and then design a configuration of selected physical and logical components that satisfies those requirements.

■ When implementing a network infrastructure, it is important to understand the organizational aspects of the product deployment, such as the allocation of IP addresses and designing a DNS namespace.

(50)

Lesson 2: Selecting Data-Link Layer Protocols

Connecting a group of computers to the same physical network gives them a medium for communication, but unless the computers can speak the same language, no mean­ ingful exchanges are possible. The languages the computers speak are called proto­ cols; if the computers on a network are to interact, every computer must be configured to use the same protocols. Selecting the appropriate protocols for the network is an important part of the network infrastructure planning process.

After this lesson, you will be able to

■ List the seven layers of the Open Systems Interconnection (OSI) reference model and their functions

■ List the types of media typically used to construct data networks

■ Understand the differences between the various data-link layer protocols and their variants

■ Select the appropriate data-link layer protocol for a given environment

Estimated lesson time: 30 minutes

Understanding the OSI Reference Model

In 1984, the International Organization for Standardization (ISO) and what is now the Tele­ communication Standardization Sector of the International Telecommunications Union (ITU-T) published a document that divides the functions of a data network into seven layers, as shown in Figure 1-1. “The Basic Reference Model for Open Systems Interconnection,” now commonly known as the OSI reference model (ISO/IEC 7498-1:1994 and ITU-T Rec­ ommendation X.200), has become an industry standard for teaching and referring to net-working functions.

Application

Presentation

Session

Transport

Network

Data-link

Physical

(51)

The seven layers of the OSI model define functions that are implemented in various networking protocols, such as Ethernet and TCP/IP. The functions corresponding to the layers are as follows:

Physical The physical layer defines the nature of the network medium—the actual fabric of the network that joins all the computers together—and the nature of the signals transmitted over the medium. In most cases, the network medium is a form of copper cable that uses electric currents for signaling, but fiber-optic and wireless media are becoming increasingly prevalent.

Data-Link The data-link layer defines the interface between the network medium and the software running on the computer. Among the data-link layer functions are packet addressing (which allows computers to direct traffic to spe­ cific destinations on the local network); media access control (which allows mul­ tiple computers to share a single network medium without conflicting); and formatting the frame used to encapsulate data for transmission over the network. The data-link layer divides into two sublayers. The logical link control (LLC) sub-layer controls elements such as error checking from node to node on the same LAN, frame synchronization, and flow control. The media access control (MAC) sublayer controls the movement of data packets to and from one network inter-face card (NIC) to another across a shared channel.

Network The network layer defines the functions that provide end-to-end com­ munications between computers on different networks. Chief among these func­ tions is routing, which enables computers to relay traffic through intermediate networks to a destination on a remote network any distance away. Other func­ tions include packet sequencing, end-to-end error detection from the sender to the recipient, congestion control, and addressing. While the data-link layer is responsible for local traffic on a single network, the network layer is responsible for directing traffic to its ultimate destination.

Transport The transport layer provides functions that complement those of the network layer, including guaranteed delivery (which uses packet acknowledg­ ments to ensure data is received), flow control (which regulates transmission speed to avoid dropped packets), and end-to-end error detection (which enables the receiving system to detect damaged packets).

Session The session layer provides many functions involved in the regulation of the dialog between two computers communicating over the network. For exam­ ple, the session layer sets up, regulates, and terminates exchanges between the applications at each end of the communication.

(52)

Application The application layer provides the interface between the network­ ing protocol stack and the software running on the computer. For example, this layer provides the interface for e-mail, file transfers, Telnet and File Transfer Pro­ tocol (FTP) applications. Applications use the services provided by application-layer protocols, which in turn use the services provided by the other application-layers beneath them.

It is important to understand that the protocols that implement the functions of the OSI model do not correspond exactly to the individual layers. A computer on a network does not necessarily run seven different protocols, with one corresponding to each layer. Generally speaking, the designer of a network infrastructure selects a data-link layer protocol, such as Ethernet or Token Ring, which actually encompasses both the physical and data-link layers in its functions, and a protocol suite, such as TCP/IP, which implements the functions of the network and transport layers. The session, pre­ sentation, and application-layer functions are sometimes provided by a protocol in the suite or by a separate application-layer protocol.

Selecting a Data-Link Layer Protocol

The selection of a data-link layer protocol is the most important decision in the design of the network’s physical infrastructure. The data-link layer protocol is not only respon­ sible for strictly data-link layer functions, such as media access control, but also for the network’s physical layer implementation. Currently, the most commonly used data-link layer protocol on networks is Ethernet, with Token Ring running a distant second. However, there are several Ethernet variations that provide various levels of perfor­ mance, and selecting the correct one is crucial.

You need to consider a number of criteria when selecting the data-link layer protocol for use on a network. Because the data-link layer protocol dictates the nature of the network’s physical infrastructure, you must consider design elements such as the dis­ tance between workstations and the transmission speed you require. You must also consider the nature of the traffic the network will carry and its amount. Additionally, your budget is always an important consideration.

Selecting a Media Type

(53)

Unshielded Twisted Pair UTP is a type of copper cable that consists of four pairs of wires, each of which is twisted together and contained inside a protective sheath. The quality of a particular UTP cable is specified by its category rating. Category 5 (or CAT5) UTP is the most commonly used today, although there are higher grades avail-able for special applications (such as 1000Base-T Gigabit Ethernet networks). The con­ nectors on UTP cables are called RJ-45 and are similar in appearance to telephone cable connectors, except that they have eight pins instead of four.

UTP is one of the cable types supported by all forms of Ethernet and by Token Ring as well. As a network medium, it is the most cost-efficient selection because it is the same type of cable used by telephone networks. In new construction, it is common for the same contractor to install both the telephone and data network cables at the same time.

You install UTP cable using a star topology, in which you connect each workstation on the network to a central hub (or repeater), as shown in Figure 1-2. You can then con­ nect hubs to create a larger and more complex network. On an Ethernet network, UTP cable supports distances of up to 100 meters between each workstation and the hub. For most LAN installations, this is more than enough. If greater distances are required, you can modify the location of the hub in your network design or consider using fiber-optic cable, which can span longer distances.

Hub

Figure 1-2 A star topology

(54)

F01pm03

Figure 1-3 A four-hub Ethernet network

Off the Record When designing an Ethernet network, most network engineers use a basic set of cabling guidelines specified by the Ethernet standards. For example, the 10 Mbps Ethernet standard uses the 5-4-3 rule, which says that a network can consist of no more than five network segments, connected by four repeaters, with no more than three of those seg-ments being mixing segseg-ments. There are, however, more exacting formulae in the Ethernet standards that add the lengths of the individual cable segments and a coefficient for each hub to arrive at a more precise configuration for the network. In other words, using the more complex formula, you might discover that you are able to exceed the number of hubs speci-fied in the basic Ethernet guidelines if the lengths of your cables are short enough. When designing a complex Ethernet network, you should consult the Ethernet standards and use the more precise formula to ensure that your design falls within the specified requirements.

Fiber Optic Although it can use the same topology and many of the same data-link layer protocols support it, fiber-optic cable operates on a different principle than UTP and all other copper-based cables. The actual network medium in a fiber-optic cable is a strand of plastic or glass that carries signals in the form of light pulses. Because the signals are not electric, they are immune to electromagnetic interference. In an envi-ronment where interference levels are high, such as a factory floor, fiber-optic cable can eliminate the performance degradation that the interference causes on copper cable. Even in a normal office environment, you can install fiber-optic cable near fluo-rescent light fixtures or electric motors without any difficulties. When using UTP, your network design should keep the copper cables a safe distance away from these possi-ble sources of interference.

Hub

Hub Hub

Figure

Figure 1-1 The OSI reference model
Figure 1 1 The OSI reference model . View in document p.50
Figure 1-2 A star topology
Figure 1 2 A star topology . View in document p.53
Table 1-1 Ethernet Variants
Table 1 1 Ethernet Variants . View in document p.59
Figure 1-7 Three horizontal networks connected by a backbone network
Figure 1 7 Three horizontal networks connected by a backbone network . View in document p.72
Figure 2-1 Computers with registered IP addresses located in a perimeter network
Figure 2 1 Computers with registered IP addresses located in a perimeter network . View in document p.90
Figure 2-7 The Network Connections control panel’s Advanced Settings dialog box
Figure 2 7 The Network Connections control panel s Advanced Settings dialog box . View in document p.127
Figure 2-8 The Internet Protocol (TCP/IP) Properties dialog box
Figure 2 8 The Internet Protocol TCP IP Properties dialog box . View in document p.129
Figure 2-9 The WINS tab of the Advanced TCP/IP Settings dialog box
Figure 2 9 The WINS tab of the Advanced TCP IP Settings dialog box . View in document p.130
Figure 3-1 A leased line connection
Figure 3 1 A leased line connection . View in document p.159
Figure 3-2 A frame relay connection
Figure 3 2 A frame relay connection . View in document p.160
Figure 3-3 A network connection to the Internet
Figure 3 3 A network connection to the Internet . View in document p.165
Figure 4-2 The DNS name resolution process
Figure 4 2 The DNS name resolution process . View in document p.204
Figure 4-3 The DNS reverse lookup domain
Figure 4 3 The DNS reverse lookup domain . View in document p.205
Figure 4-5 The Forwarders tab in a DNS server’s Properties dialog box
Figure 4 5 The Forwarders tab in a DNS server s Properties dialog box . View in document p.226
Figure 4-6 Using a forwarder to reroute DNS traffic
Figure 4 6 Using a forwarder to reroute DNS traffic . View in document p.227
Figure 4-7 Valid zones must consist of contiguous domains
Figure 4 7 Valid zones must consist of contiguous domains . View in document p.229
Figure 4-9 The WINS tab in the Advanced TCP/IP Settings dialog box
Figure 4 9 The WINS tab in the Advanced TCP IP Settings dialog box . View in document p.238
Figure 4-10 The Advanced tab in a WINS replication partner’s Properties dialog box
Figure 4 10 The Advanced tab in a WINS replication partner s Properties dialog box . View in document p.241
Figure 4-12 A WINS double ring replication topology
Figure 4 12 A WINS double ring replication topology . View in document p.242
Figure 4-11 A WINS ring replication topology
Figure 4 11 A WINS ring replication topology . View in document p.242
Figure 4-14 The Interfaces tab in a DNS server’s Properties dialog box
Figure 4 14 The Interfaces tab in a DNS server s Properties dialog box . View in document p.248
Figure 4-16 The Advanced tab in a DNS server’s Properties dialog box
Figure 4 16 The Advanced tab in a DNS server s Properties dialog box . View in document p.250
Figure 4-17 The General tab in a DNS zone’s Properties dialog box
Figure 4 17 The General tab in a DNS zone s Properties dialog box . View in document p.251
Figure 4-18The Root Hints tab in a DNS server’s Properties dialog box
Figure 4 18The Root Hints tab in a DNS server s Properties dialog box. View in document p.257
Figure 5-1 Two networks connected with a WAN link
Figure 5 1 Two networks connected with a WAN link . View in document p.278
Figure 5-3 Five network sites connected by WAN links in a ring topology
Figure 5 3 Five network sites connected by WAN links in a ring topology . View in document p.279
Figure 5-5 Five network sites connected to a single frame relay cloud
Figure 5 5 Five network sites connected to a single frame relay cloud . View in document p.283
Figure 5-6 The Dial-In tab in a user account’s Properties dialog box
Figure 5 6 The Dial In tab in a user account s Properties dialog box . View in document p.300
Figure 5-7 The Security tab in a Routing and Remote Access server’s Properties dialog box
Figure 5 7 The Security tab in a Routing and Remote Access server s Properties dialog box . View in document p.302
Figure 5-8 The RRAS Authentication Methods dialog box
Figure 5 8 The RRAS Authentication Methods dialog box . View in document p.303

References

Updating...