RESTRICTED

AT - 01- 12
STUDENTS’ TEXT

COMPUTER TECHNOLOGY
(OPERATING SYSTEM)
(Comn Tech)
MAR 2022
IPT / TERM-III

INDEX NO : COMN TECH/COMP-OS

As Per Syllabus Approved By: AIR HQ/18910/4/TRGGII BM-II dated 15 Jun 21.

COMMUNICATION TRAINING INSTITUTE

DESIGNED FOR TRAINING COURSE USE - DO NOT QUOTE AS AUTHORITY

RESTRICTED
 RESTRICTED
2

Compiled by : Sgt Jitendra Kumar

Edited by : WO D Singh

Edition : Jun 2021

Checked by : Sqn Ldr RS Girish

RESTRICTED
 RESTRICTED
3
AT-01-12

COMPUTER TECHNOLOGY (OPERATING SYSTEM)

CONTENTS
Chap Subject Syllabus Index Pg
No. No.
TERM-III
12 Server Operating System COMN TECH/CT-OS-12 5
13 Server Class Machine in IAF COMN TECH/CT-OS-13 91
14 Virtualization COMN TECH/CT-OS-14 110
15 PC Audit Tools COMN TECH/CT-OS-15 156
16 Remote Audit Tool COMN TECH/CT-OS-16 164
17 IAP 3903 (Revised) COMN TECH/CT-OS-17 172
18 Revision COMN TECH/CT-OS-18 190

RESTRICTED
 RESTRICTED
4
Due for Revision on: Jun 2024

AMENDMENT RECORD

Sl No. Date Amendment Details Authority

RESTRICTED
 RESTRICTED
5
COMTECH/COMP/OS-III/12

CHAPTER-12
MICROSOFT WINDOWS SERVER 2019

Objective

 At the end of the lesson, trainees will learn about:-

 Definition Operating Systems.

 Classification, uses of OS, Installation procedure
 Client-Server, N-Tier Architucture, common data protocol
 Server roles, services overview, DNS, Active directory
 Introduction, installation, configuration of DHCP
 File server, Mail server & Introduction, Installation &
configuration of IIS
 Web server maintenance, introduction to windows powershell
 Hosting of website and backup of server

12.1

1. Definition. An operating system (OS) is a set of programs that

manage computer hardware resources and provide common services for
application software. The operating system is the most important type of system
software in a computer system. A user cannot run an application program on the
computer without an operating system, unless the application program is self
booting.

2. Classification of Operating System.

(a) Real-Time. A real-time operating system is a multitasking

operating system that aims at executing real-time applications. Real-time
operating systems often use specialized scheduling algorithms so that they
can achieve a deterministic nature of behavior. The main objective of real-
time operating systems is their quick and predictable response to events.
They have an event-driven or time-sharing design and often aspects of

RESTRICTED
 RESTRICTED
6
both. An event-driven system switches between tasks based on their
priorities or external events while time-sharing operating systems switch
tasks based on clock interrupts.

(b) Multi-User vs Single-User. Multi-user operating system allows

multiple users to access a computer system concurrently. Time-sharing
system can be classified as multi-user systems as they enable a multiple
user access to a computer through the sharing of time. Single-user
operating systems, as opposed to a multi-user operating system, are
usable by a single user at a time. Being able to have multiple accounts on
a Windows operating system does not make it a multi-user system. Rather,
only the network administrator is the real user. But for a Unix-like operating
system, it is possible for two users to login at a time and this capability of
the OS makes it a multi-user operating system.

(c) Multi-Tasking vs Single-Tasking. When only a single program is

allowed to run at a time, the system is grouped under a single-tasking
system. However, when the operating system allows the execution of
multiple tasks at one time, it is classified as a multi-tasking operating
system. Multi-tasking can be of two types: pre-emptive or co-operative. In
pre-emptive multitasking, the operating system slices the CPU time and
dedicates one slot to each of the programs. Unix-like operating systems
such as Solaris and Linux support pre-emptive multitasking. Cooperative
multitasking is achieved by relying on each process to give time to the
other processes in a defined manner. MS Windows prior to Windows 2000
and Mac OS prior to OS X used to support cooperative multitasking.

(d) Distribute. A distributed operating system manages a group of

independent computers and makes them appear to be a single computer.
The development of networked computers that could be linked and
communicate with each other gave rise to distributed computing.
Distributed computations are carried out on more than one machine. When
computers in a group work in cooperation, they make a distributed system.

(e) Embedded. Embedded operating systems are designed to be

used in embedded computer systems. They are designed to operate on
small machines like PDAs with less autonomy. They are able to operate
with a limited number of resources. They are very compact and extremely
efficient by design. Windows CE and Minix 3 are some examples of
embedded operating systems.

RESTRICTED
 RESTRICTED
7

3. Uses of Operating System. There are many uses those are performed
by the operating system but the main goal of operating system is to provide the
interface between the user and the hardware means provides the interface for
working on the system by the user.

4. The various uses those are performed by the operating system are as
explained below:

(a) Resource Manager. Operating system also known as the resource

manager means operating system will manages all the resources those are
attached to the system means all the resource like memory and processor
and all the input output devices those are attached to the system are
known as the resources of the computer system and the operating system
will manage all the resources of the system.

(b) Storage Management. Operating system also controls the all the
storage operation means how the data or files will be stored into the
computers and how the files will be accessed by the users etc. All the
operations those are responsible for storing and accessing the files is
determined by the operating system. Operating system also allows us
creation of files, creation of directories and reading and writing the data of
files and directories and also copies the contents of the files and the
directories from one place to another place.

(c) Process Management. The operating system also treats the

process management means all the processes those are given by the user
or the process those are system’s own process are handled by the
operating system.

(d) Memory Management. Operating system also manages the

memory of the computer system means provide the memory to the process
and also de-allocate the memory from the process. And also defines that if
a process gets completed then this will de-allocate the memory from the
processes.

(e) Extended Machine. Operating system also behaves like an

extended machine means operating system also provides us sharing of
files between multiple users, also provides some graphical environments
and also provides various languages for communications and also
provides many complex operations like using many hardware’s and
software’s.

RESTRICTED
 RESTRICTED
8
(f) Networking. Most current OS has a built in support for TCP/IP
networking protocols. This means that computers running dissimilar
operating systems can participate in a common network for sharing
resources such as computing, files, printers, and scanners using either
wired or wireless connections.

(g) Security. All current OS provide some or other form of security level.
They provide mechanism to protect your computer as well as the data
stored in the computer. They provide password protection to keep
unauthorized user from accessing your system. Some operating system
also maintains activity logs and accounting of the user’s time for billing
purposes. An OS also provide backup and recovery utilities to use the
system in case of system failures.

(h) Mastermind. Operating system also performs many functions and

for those reasons we can say that operating system is a mastermind. It
provides booting without an operating system and provides facility to
increase the logical memory of the computer system by using the physical
memory of the computer system and also provides various types of
formats like NTFS and fat file systems.

12.2

5. A server is a running instance of an application (Software) capable of

accepting requests form the client and giving responses accordingly. Before you
start make sure you have the minimum requirements to install Windows Server:

Processor Minimum 1.4 GHz

64-bit processor
RAM Minimum 1 GB
Disk Space Minimum 32 GB

6. Other Requirements.

(a) DVD drive.

(b) Super VGA (800 x 600) or higher-resolution monitor.

(c) Keyboard and Microsoft® mouse (or other compatible pointing

device).

(d) Internet access.

RESTRICTED
 RESTRICTED
9
7. Before Installing Window Server 2019.

(a) Verify that your hardware is compatible with the operating system in
consideration for server class machine.

(b) Determine how the system will be configured as per role and features
of server.

(c) Decide how partition you require and what file system to be used.

8. Installing Windows Server 2019 (Step by Step).

(a) Insert the Windows Server 2019 DVD, and once you get the following
message press Enter to boot from the setup. See Fig 12.1

Fig 12.1 : Boot from CD/DVD

(b) Wait for a while till the setup loads all necessary files (Depending on
your machine, it will take couple of minutes. See Fig 12.2

Fig 12.2 : Loading setup

RESTRICTED
 RESTRICTED
10
(c) Once the setup files are loaded, the setup will start with the following
screen. You can change these to meet your needs (the default values
should be fine for now. See Fig 12.3

Fig 12.3 : Select Language /Time

(d) Once you click “Next”, you can start the installation, click "Install now".
See Fig 12.4

Fig 12.4 : Installation screen

RESTRICTED
 RESTRICTED
11
(e) You will see the following screen, wait until it finishes loading. See Fig
12.5

Fig 12.5 : Setup Started

(f) In the following setup screen, you will see four options. Select
Windows Server 2019 Data Center Evaluation. (Desktop Experience). See
Fig 12.6

Fig 12.6: Select Operating System

RESTRICTED
 RESTRICTED
12
(g) After you click Next from previous screen, Read the License terms,
tick the "I accept the license terms" and click Next. See Fig 12.7

Fig 12.7 : Window Setup

(h) Now It will ask you for the drive (or partition) you want to install
Windows on. Here I'm installing it on the one partition I have here. NOTE:
This will remove the content of the partition. Either you create a partition to
install windows on, or you can test this on a testing machine. See Fig 12.8

Fig 12.8: Disk partation

RESTRICTED
 RESTRICTED
13
(j) Now once we picked our partition, clicking on next from previous
screen will start the setup. This process might take a while. See Fig 12.9

Fig 12.9 : Installing Window

(k) Once the setup is done, it will restart and start your Windows Server
2012 for the first time. It will ask you then to set up a password for the
Administrator user. See Fig 12.10

Fig 12.10: Setting

RESTRICTED
 RESTRICTED
14
(l) The setup will finalize your settings, might take a couple of minutes.
See Fig 12.11

Fig 12.11 : Setting

(m) Once the setup is done, you can log in for the first time to your
Windows Server, as the screen says, press Ctrl+Alt+Delete to log in, and
use the password you set in the setup process. See Fig 12.12

Fig 11.12 : Login Window

RESTRICTED
 RESTRICTED
15
(n) Once you Log in, Windows Server 2019 will show the Server
Manager. See Fig 12.13

Fig 12.13 : Server Manager

(p) Congratulations! you have now Windows server 2019 Installed with
Datacenter.

12.3

Client Server Architecture.

9. CLIENT /SERVER COMPUTING. According to MIS terminology, Client

/Server computing is new technology that yields solutions to many data
management problems faced by modern organizations. The term Client /Server
is used to describe a computing model for the development of computerized
systems. This model is based on distribution of functions between two types of
independent and autonomous processes: Server and Client. A Client is any
process that requests specific services from the server process. A Server is a
process that provides requested services for the Client. Client and Server
processes can reside in same computer or in different computers linked by a
network. When Client and Server processes reside on two or more independent
computers on a network, the Server can provide services for more than one
Client. In addition, a client can request services from several servers on the
network without regard to the location or the physical characteristics of the

RESTRICTED
 RESTRICTED
16
computer in which the Server process resides. The network ties the server and
client together, providing the medium through which the clients and the server
communicate. The Fig. 12.14 given below shows a basic Client /Server
computing model.

Fig.12.14 : Basic Client/Server Computing Model

From the Fig. 12.14 it is clear that services can be provided by variety of
computers in the network. The key point to Client /Server power is where the
request processing takes place. For example: Client /Server Database. In case
of Client /Server database system, the functionality is split between the server
system and multiple clients such that networking of computers allows some
tasks to be executed on the client system.

10. Client /Server: Fat or Thin A Client or a Server is so named

depending on the extent to which the processing is shared between the client
and server. A thin client is one that conducts a minimum of processing on the
client side while a fat client is one that carries a relatively larger proportion of
processing load. The concept of Fat Clients or Fat Servers is given by one of the
important criterion, that is, how much of an application is placed at the client end
vs. the server end.

(a) Fat Clients This architecture places more application

functionality on the client machine(s). They are used in traditional of Client
/Server models. Their use can be a maintenance headache for Client
/Server systems.

(b) Fat Servers This architecture places more application

functionality on the server machine(s). Typically, the server provides more
abstract, higher level services. The current trend is more towards fat
servers in Client /Server Systems. In that case, the client is often found
using a fast web browser. The biggest advantage of using the fat server is
that it is easier to manage because only the software on the servers needs
to be changed, whereas updating potentially thousands of client machines
is a real headache.

RESTRICTED
 RESTRICTED
17
11. Client /Server: Stateless or Stateful

(a) Stateless Server A stateless server is a server that treats each

request as an independent transaction that is unrelated to any previous
request. The biggest advantage of stateless is that it simplifies the server
design because it does not need to dynamically allocate storage to deal
with conversations in progress or worry about freeing it if a client dies in
mid-transaction. There is also one disadvantage that it may be necessary
to include more information in each request and this extra information will
need to be interpreted by the server each time. An example of a stateless
server is a World Wide Web server. With the exception of cookies, these
take in requests (URLs) which completely specify the required document
and do not require any context or memory of previous requests contrast
this with a traditional FTP server which conducts an interactive session
with the user. A request to the server for a file can assume that the user
has been authenticated and that the current directory and file transfer
mode have been set. The Gopher protocol and Gopher+ are both
designed to be stateless.

(b) Stateful Server Client data (state) information are maintained

by server on status of ongoing interaction with clients and the server
remembers what client requested previously and at last maintains the
information as an incremental reply for each request. The advantages of
stateful server is that requests are more efficiently handled and are of
smaller in size. Some disadvantages are their like state information
becomes invalid when messages are unreliable. Another disadvantage is
that if clients crash (or reboot) frequently, state information may exhaust
server’s memory. The best example of stateful server is remote file server.

12. Client /Server Functions

(a) The main operations of the client system are listed below:

(i) Managing the user interface.

(ii) Accepts and checks the syntax of user inputs.

(ii) Processes application logic.

(iv) Generates database request and transmits to server.

(v) Passes response back to server.

(b) The main operations of the server are listed below:

RESTRICTED
 RESTRICTED
18

(i) Accepts and processes database requests from client.

(ii) Checks authorization.

(iii) Ensures that integrity constraints are not violated.

(iv) Performs query/update processing and transmits responses to

client.

(v) Maintains system catalogue.

(vi) Provide concurrent database access.

(vii) Provides recovery control.

13. Client/Server Topologies A Client /Server topology refers to the

physical layout of the Client /Server network in which all the clients and servers
are connected to each other. This includes all the workstations (clients) and the
servers. The possible Client /Server topological design and strategies used are
as follows:

(a) Single client, single server

(b) Multiple clients, single server

(c) Multiple clients, multiple servers

(i) Single client, single server: This topology is shown in the

Fig. 12.15 given below. In this topology, one client is directly
connected to one server.

Fig.12.15 : Single Client, Single Server

RESTRICTED
 RESTRICTED
19
(ii) Multiple clients, single server: This topology is shown in the
Fig. 12.16 given below. In this topology, several clients are directly
connected to only one server.

Fig.12.16 : Multiple Clients, Single Server

(iii) Multiple clients, multiple servers: This topology is shown in

the following Fig. 12.17 In this topology several clients are connected
to several servers.

Fig.12.17 : Multiple Clients, Multiple Servers

14. CLIENTS /SERVER—ADVANTAGES AND DISADVANTAGES There

are various advantages associated with Client /Server computing model.

(a) Performance and reduced workload. Processing is distributed

among the client and server unlike the traditional PC database, the speed
of DBMS is not tied to the speed of the workstation as the bulk of the
database processing is done at the back-end. The workstation only has to
be capable of running the front-end software, which extends the usable
lifetime of older PC’s. This also has the effect of reducing the load on the
network that connects the workstation; instead of sending the entire
database file back and forth on the wire, the network traffic is reduced to
queries to and responses from the database server. Some database
servers can even store and run procedures and queries on the server
itself, reducing the traffic even more.

RESTRICTED
 RESTRICTED
20
(b) Workstation independence. Users are not limited to one type of
system or platform. In an ORACLE-based Client/Server system the
workstations can be IBM – compatible PCs, Macintoshes, UNIX
workstations, or any combinations of the three. In addition, they can run
any of a number of operating systems such as MS-DOS, Windows, IBM’s
OS/2, Apple’s System 7 etc. That is, application independence is achieved
as the workstations don’t all need to use the same DBMS application
software. Users can continue to use familiar software to access the
database, and developers can design front-ends tailored to the workstation
on which the software will run, or to the needs of the users running them.

(c) System interoperability. Client/Server computing not only allows

one component to be changed, it also makes it is possible for different type
of components systems (client, network or server) to work together.

(d) Scalability. The modular nature of the Client/Server system may

be replaced without adversely affecting the rest of the system. For
example, it is possible to upgrade the server to a more powerful machine
with no visible changes to the end user. This ability to change component
system makes Client/Server systems especially receptive to new
technologies in both hardware and software.

(e) Data integrity. Client/Server system preserves the data integrity,

DBMS can provide number of services that protect data like, encrypted file
storage, real time backup (while the database is being accessed), disk
mirroring (where the data is automatically written to duplicate database on
another partition of same hard disk drive), disk duplexing (where the data
is automatically written to a duplicate database on a different hard disk
drive), transaction processing that keeps the track changes made to the
database and corrects problems in case the server crashes. (Transaction
processing is a method by which the DBMS keeps a running log of all the
modifications made to the database over a period of time).

(f) Data accessibility (enhanced data sharing). Since the server

component holds most of data in a centralized location, multiple users can
access and work on the data simultaneously.

(g) System administration (centralized management). Client/Server

environment is very manageable. Since data is centralized, data
management can be centralized. Some of the system administration
functions are security, data integrity and back up recovery.

RESTRICTED
 RESTRICTED
21
(h) Integrated services. In Client/Server model all information that the
client is entitled to use is available at the desktop, through desktop
interface, there is no need to change into a terminal mode or to logon into
another processor to access information. The desktop tools – e-mail,
spread sheet, presentation graphics, and word processing are available
and can be used to deal with the information provided by application and
database server’s resident on the network. Desktop user can use their
desktop tools in conjunction with information made available from the
corporate systems to produce new and useful information using the
facilities DDE/OLE, Object-oriented design.

(j) Sharing resources among diverse platforms. Client/Server model

provides opportunities to achieve open system computing. Applications
can be created and implemented without much conversance with hardware
and software. Thus, users may obtain client services and transparent
access to the services provided by database, communications, and
application servers. There are two ways for Client/ Server application
operation:

(i) They can provide data entry, storage, and reporting by using a
distributed set of clients and servers.

(ii) The existence of a mainframe host is totally masked from the

workstation developer by the use of standard interface such as SQL.

(k) Masked physical data access. SQL is used for data access from
database stored anywhere in the network, from the local PC, local server
or WAN server, support with the developer and user using the same data
request. The only noticeable difference may be performance degradation if
the network bandwidth is inadequate. Data may be accessed from CD-
ROM, HDD, Magnetic disk, and optical disk with same SQL statements.
Logical tables can be accessed without any knowledge of the ordering of
column. Several tables may be joined to create a new logical table for
application program manipulation without regard to its physical storage
format.

(l) Location independence of data processing. Users log into an

application from the desktop with no concern for the location or technology
of the processors involved. In the current user centered word, the desktop
provides the point of access to the workgroup and enterprise services
without regard to the platform of application execution. Standard services
such as login, security, navigation, help, and error recovery are provided
consistently amongst all applications. Developers today are provided with
considerable independence. Data is accessed through SQL without regard

RESTRICTED
 RESTRICTED
22
to the hardware or OS location providing the data. The developer of
business logic deals with a standard process logic syntax without
considering the physical platform.

(m) Reduced operating cost. Computer hardware and software costs

are on a continually downward spiral, which means that computing value is
ever increasing. Client/Server computing offers a way to cash in on this
bonanza by replacing expensive large systems with less expensive smaller
ones networked together.

(n) Reduced hardware cost. Hardware costs may be reduced, as it is

only the server that requires storage and processing power sufficient to
store and manage the application.

(p) Communication costs are reduced: Applications carry out part of

the operations on the client and send only request for database access
across the network, resulting in less data being sent across the network.

15. There are various disadvantages associated with the Client/Server

computing model.

(a) Maintenance cost: Major disadvantages of Client/Server

computing is the increased cost of administrative and support personnel to
maintain the database server. In the case of a small network, the network
administrator can usually handle the duties of maintaining the database
server, controlling the user access to it, and supporting the front-end
applications. However, the number of database server users rises, or as
the database itself grows in size, it usually becomes necessary to hire a
database administrator just to run the DBMS and support the front-ends.

(b) Training cost. Training can also add to the start-up costs as the
DBMS may run on an operating system that the support personnel are
unfamiliar with.

(c) Hardware cost. There is also an increase in hardware costs.

While many of the Client/Server database run under the common
operating systems (Netware, OS/2 and Unix) and most of the vendors
claim that the DBMS can run on the same hardware side by side with the
file server software. It usually makes sense from the performance and data
integrity aspects to have the database server running on its own dedicated
machine. This usually means purchasing a high-powered platform with a
large amount of RAM and hard disk space.

RESTRICTED
 RESTRICTED
23
(d) Software cost. The overall cost of the software is usually
higher than that of traditional PC based multi-user DBMS.

(e) Complexity. With so many different parts comprising the entire

Client/Server, i.e.,the more are the pieces, which comprise the system the
more things that can go wrong or fail. It is also harder to pinpoint problems
when the worst does occur and the system crashes. It can take longer to
get everything set up and working in the first place. This is compounded by
the general lack of experience and expertise of potential support personnel
and programmers, due to the relative newness of the technology.

16. CLIENT /SERVER SECURITY. A security threat is defined as

circumstance, condition, or event with the potential to cause economic hardship
to data or network resources in the form of destruction. Disclosure, modification
of data, denial of service, and/or fraud, waist and abuse. Client/ Server security
issues deal with various authorization methods related to access control. Such
mechanisms include password protection, encrypted smart cards. Biometrics
and firewalls. Client/Server security problems can be due to following:

(a) Physical security holes: These results when any individual gains
unauthorized access to a computer by getting some user’s password.

(b) Software security holes: These result due to some bug in the
software, due to which the system may be compromised into giving wrong
performance.

(c) Inconsistent usage holes: These may result when two different
usages of a systems contradict over a security point.

17. Of the above three, software security holes and inconsistent usage holes
can be eliminated by careful design and implementation. For the physical
security holes, we can employ various protection methods. These security
methods can be classified into following categories:

(a) Trust-based security.

(b) Security through obscurity.

(c) Password scheme.

(d) Biometric system.

RESTRICTED
 RESTRICTED
24
18. Development Tools In today’s rapid changing environment, choosing the
right tools to develop Client/Server applications is one of the most critical
decisions. As a rule of thumb, managers tend to choose a tool that has a long-
term survival potential. However, the selection of a design or application
development tool must also be driven by system development requirements.
Once such requirements have been delineated, it is appropriate to determine
the characteristics of the tool that you would like to have. Client/Server tools
include:

(a) GUI-based development.

(b) A GUI builder that supports multiple interfaces (Windows, OS/2,

Motif, Macintosh, and so on).

(c) Object-oriented development with a central repository for data and

applications.

(d) Support for multiple database (flat file, hierarchical, networked,

relational).

(e) Data access regardless of data model (using SQL or native

navigational access).

(f) Seamless access to multiple databases.

(g) Complete SDLC (System Development Life Cycle) support from

planning to implementation and maintenance.

(h) Team development support.

(j) Support for third party development tools (CASE, libraries, and so on)

(k) Prototyping and Rapid Application Development (RAD) capabilities.

(l) Support for multiple platforms (OS, Hardware, and GUIs).

(m) Support for middle ware protocols (ODBC, IDAPI, APPC, and so on).

(n) Multiple network protocol support (TCP/IP, IXP/SPX, NetBIOS, and

so on).

RESTRICTED
 RESTRICTED
25
19. There is no single best choice for any application development tool. For
one thing, not all tools will support all the GUI’s, operating system, middleware,
and databases. Managers must choose a tool that fits the application
development requirements and that matches the available human resources, as
well as the hardware infrastructure. Chances are that the system will require
multiple tools to make sure that all or most of the requirements are met.
Selecting the development tools is just one step. Making sure that the system
meets its objectives at the client, server, and network level is another issue

12.4

N-Tier Architecture

20. 2-Tier Architecture. 2-tier architecture is used to describe client/server

systems where the client requests resources and the server responds directly to
the request, using its own resources. This means that the server does not call
on another application in order to provide part of the service. See Fig 12.18

Fig 12.18 : 2-Tier Architecture

21. 3-Tier Architecture. In 3-tier architecture, there is an intermediary level,

meaning the architecture is generally split up between:

(a) A client, i.e. the computer, which requests the resources, equipped
with a user interface (usually a web browser) for presentation purposes

RESTRICTED
 RESTRICTED
26
(b) The application server (also called middleware), whose task it is to
provide the requested resources, but by calling on another server

(c) The data server, which provides the application server with the data it
requires.

Fig 12.19 : 3-Tier Architecture

Multi-Tiered Architecture.

22. In 3-tier architecture, each server (tier 2 and 3) performs a specialized task
(a service). A server can therefore use services from other servers in order to
provide its own service. As a result, 3-tier architecture is potentially an n-tiered
architecture.

23. Technology that separates computers and application software into two
categories clients, and servers tobetter employ available computing resources
and share data processing loads. A client computer provides the user
interaction-facility (interface) and some or all application processing, while the a
server computer might provide high-volume storage capacity, heavy data
crunching, and / or high resolution graphics. Typically, several client computers
are connected through a network (or networks) to a server which could be a
large PC, minicomputer, or a mainframe computer. Every computer connected
to a website acts as a client while the website's computer acts as a server. Also
called client-server environment.

RESTRICTED
 RESTRICTED
27
Comparison Between Architecture.

24. 2-tier architecture is therefore a client-server architecture where the server

is versatile, i.e. it is capable of directly responding to all of the client's resource
requests.

25. In 3-tier architecture however, the server-level applications are remote

from one another, i.e. each server is specialized with a certain task (for example:
web server/database server).

(a) A greater degree of flexibility.

(b) Increased security, as security can be defined for each service, and
at each level.

(c) Increased performance, as tasks are shared between servers.

12.5

TCP/IP.

26. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic

communication language or protocol of the Internet. It can also be used as a
communications protocol in a private network (either an intranet or an extranet).
When you are set up with direct access to the Internet, your computer is
provided with a copy of the TCP/IP program just as every other computer that
you may send messages to or get information from also has a copy of TCP/IP.

27. TCP/IP is a two-layer program. The higher layer, Transmission Control

Protocol, manages the assembling of a message or file into smaller packets that
are transmitted over the Internet and received by a TCP layer that reassembles
the packets into the original message. The lower layer, Internet Protocol,
handles the address part of each packet so that it gets to the right destination.

28. TCP/IP uses the client /server model of communication in which a

computer user (a client) requests and is provided a service (such as sending a
Web page) by another computer (a server) in the network. TCP/IP
communication is primarily point-to-point, meaning each communication is from
one point (or host computer) in the network to another point or host computer.
TCP/IP and the higher-level applications that use it are collectively said to be
"stateless" because each client request is considered a new request unrelated
to any previous one (unlike ordinary phone conversations that require a

RESTRICTED
 RESTRICTED
28
dedicated connection for the call duration). Being stateless frees network paths
so that everyone can use them continuously. (Note that the TCP layer itself is
not stateless as far as any one message is concerned. Its connection remains in
place until all packets in a message have been received.)

29. Many Internet users are familiar with the even higher layer application
protocols that use TCP/IP to get to the Internet. These include the World Wide
Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP),
Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail
Transfer Protocol (SMTP). These and other protocols are often packaged
together with TCP/IP as a "suite."

30. Personal computer users with an analog phone modem connection to the
Internet usually get to the Internet through the Serial Line Internet Protocol
(SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP
packets so that they can be sent over the dial-up phone connection to an access
provider's modem.

31. Protocols related to TCP/IP include the User Datagram Protocol (UDP),
which is used instead of TCP for special purposes. Other protocols are used by
network host computers for exchanging router information. These include the
Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP),
the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).

FTP.

32. File Transfer Protocol (FTP) is a standard Internet protocol for transmitting
files between computers on the Internet. Like the Hypertext Transfer Protocol
(HTTP), which transfers displayable Web pages and related files, and the
Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an
application protocol that uses the Internet's TCP/IP protocols. FTP is commonly
used to transfer Web page files from their creator to the computer that acts as
their server for everyone on the Internet. It's also commonly used to download
programs and other files to your computer from other servers.

33. As a user, you can use FTP with a simple command line interface (for
example, from the Windows MS-DOS Prompt window) or with a commercial
program that offers a graphical user interface. Your Web browser can also make
FTP requests to download programs you select from a Web page. Using FTP,
you can also update (delete, rename, move, and copy) files at a server. You
need to logon to an FTP server. However, publicly available files are easily
accessed using anonymous FTP.

RESTRICTED
 RESTRICTED
29
34. Basic FTP support is usually provided as part of a suite of programs that
come with TCP/IP. However, any FTP client program with a graphical user
interface usually must be downloaded from the company that makes it.

HTTP.

35. Short for HyperText Transfer Protocol, the underlying protocol used by the
World Wide Web. HTTP defines how messages are formatted and transmitted,
and what actions Web servers and browsers should take in response to various
commands. For example, when you enter a URL in your browser, this actually
sends an HTTP command to the Web server directing it to fetch and transmit the
requested Web page.

36. The other main standard that controls how the World Wide Web works is
HTML, which covers how Web pages are formatted and displayed. HTTP is
called a stateless protocol because each command is executed independently,
without any knowledge of the commands that came before it. This is the main
reason that it is difficult to implement Web sites that react intelligently to user
input. This shortcoming of HTTP is being addressed in a number of new
technologies, including ActiveX, Java, JavaScript and cookies.

HTTPS.

37. If you're going to run an online store or ecommerce Web site, you should
be aware of HTTPS or HyperText Transfer Protocol with Secure Sockets Layer.
HTTPS is a protocol to transfer encrypted data over the Web. There are two
primary differences between an HTTPS and an HTTP connection work:

(a) HTTPS connects on port 443, while HTTP is on port 80

(b) HTTPS encrypts the data sent and received with SSL, while HTTP
sends it all as plain text

38. Most Web customers know that they should look for the https in the URL
and the lock icon in their browser when they are making a transaction. So if your
storefront is not using HTTPS, you will lose customers. But even still, it is
common to find Web sites that collect money including credit card data over a
plain HTTP connection.

39. As said above, HTTP sends the data collected over the Internet in plain
text. This means that if you have a form asking for a credit card number, that
credit card number can be intercepted by anyone with a packet sniffer. Since
there are many free sniffer software tools, this could be anyone at all. By

RESTRICTED
 RESTRICTED
30
collecting credit card information over an HTTP (not HTTPS) connection, you
are broadcasting that credit card information to the world. And the only way your
customer will learn it was stolen is when it's maxed out by a thief.

SMTP.

40. Pronounced as separate letters Short for Simple Mail Transfer Protocol, a
protocol for sending e-mail messages betweenservers. Most e-mail systems that
send mail over the Internet use SMTP to send messages from one server to
another; the messages can then be retrieved with an e-mail client using either
POP or IMAP. In addition, SMTP is generally used to send messages from a
mail client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e-mail application.

12.6

Role of server

41. Window server can be designed to play many roles and each role is having
some important features to perform the specific task as per configuration of
server role.

42. Roles.

(a) Active directory.

(i) Active directory certificate services.

(ii) Active directory domain services.

(iii) Active directory federation services.

(iv) Active directory lightweight directory services.

(v) Active directory rights management services.

(vi) Application server.

(b) DHCP Server.

(c) DNS Server.

RESTRICTED
 RESTRICTED
31
(d) Fax Server.

(e) File Server.

(f) File and Storage Services.

(g) File and ISCSI Services.

(h) DFS Replication.

(j) Server for NFS.

(k) Storage Services.

(l) Network Policy and Access Services.

(m) Print and Document Services.

(n) Remote Access/terminal server.

(p) Volume Activation Services.

(q) Web Server (IIS).

(r) Mail server.

43. The Active Directory Domain Services role enables the server to be
configured as a domain controller to centrally manage, authenticate, and
authorize users, groups, and computers on the network.

44. The Application Server role supports hosting and managing high-
performance distributed business applications through the .NET Framework,
web services, and application communications services.

45. The DHCP Server role allows the server to provide IP addresses and other
settings to network clients.

46. The DNS Server role allows the server to provide host name to IP address
resolution for Internet names, as well as hosting name resolution for local
domains.

47. The File Services role supports file sharing, DFS, NFS, and SMB.

RESTRICTED
 RESTRICTED
32
48. The Hyper-V role supports hosting and managing virtual machines,
including both Windows and non-Windows guests.

49. The Network Policy and Access Services role supports RADIUS
authentication, routing, and remote access through VPNs.

50. The Print Services role supports printer sharing.

51. The Terminal Services role supports access to remote desktop services,
remote applications, and may function as a gateway to remote clients.

52. The Web Server role allows the server to host HTTP, HTTPS, and FTP
sites.

53. The Windows Deployment Services role supports network-based

installation of Windows and other operating systems through PXE boot.

54. The Group Policy Management feature allows administration of Group

Policy objects through the Group Policy Management Console.

55. The .NET Framework 3.5.1 feature installs support for .NET 2.0 and .NET
3.0 applications through the .NET Framework.

56. The Remote Assistance feature supports requesting and offering GUI-
based remote assistance.

57. The Remote Server Administration Tools feature supports remote

administration of Windows servers from another server.

58. The Telnet Client feature installs a Telnet client, useful for both connecting
to Telnet servers (including routers and switches), and testing text-based
network services such as HTTP and SMTP.

59. The Windows PowerShell Integrated Scripting Environment feature installs

a GUI for developing, testing, and running PowerShell scripts.

60. The Windows Server Backup feature installs a Microsoft Management

Console snap-in, comnand-line tools, and PowerShell cmdlets to support
backup and recovery of Windows servers.

RESTRICTED
 RESTRICTED
33

12.7

DNS

61. Domain Name Servers (DNS) are the Internet's equivalent of a phone
book. They maintain a directory of domain names and translate them to Internet
Protocol (IP) addresses.This is necessary because, although domain names are
easy for people to remember, computers or machines, access websites based
on IP addresses.

62. Information from all the domain name servers across the Internet are
gathered together and housed at the Central Registry. Host companies and
Internet Service Providers interact with the Central Registry on a regular
schedule to get updated DNS information.

63. When you type in a web address, e.g., www.jimsbikes.com, your Internet
Service Provider views the DNS associated with the domain name, translates it
into a machine friendly IP address (for example 216.168.224.70 is the IP for
jimsbikes.com) and directs your Internet connection to the correct website.

64. After you register a new domain name or when you update the DNS
servers on your domain name, it usually takes about 12-36 hours for the domain
name servers world-wide to be updated and able to access the information. This
36-hour period is referred to as propagation.

(a) A group of computers and devices on a network that are

administered as a unit with common rules and procedures. Within the
Internet, domains are defined by the IP address. All devices sharing a
common part of the IP address are said to be in the same domain.

(b) In database technology, domain refers to the description of an

attribute's allowed values. The physical description is a set of values the
attribute can have, and the semantic, or logical, description is the meaning
of the attribute.

Domain controller.

65. On Microsoft Servers, a domain controller (DC) is a server computer that

responds to security authentication requests (logging in, checking permissions,
etc.) within a Windows domain. A domain is a concept introduced in Windows
NT whereby a user may be granted access to a number of computer resources
with the use of a single username and password combination.

RESTRICTED
 RESTRICTED
34

66. With Windows NT 4 Server, one domain controller per domain was
configured as the primary domain controller (PDC); all other domain controllers
were backup domain controllers (BDC).

67. Because of the critical nature of the PDC, best practices dictated that the
PDC should be dedicated solely to domain services, and not used for file, print
or application services that could slow down or crash the system. Some network
administrators took the additional step of having a dedicated BDC online for the
express purpose of being available for promotion if the PDC failed.

68. A BDC could authenticate the users in a domain, but all updates to the
domain (new users, changed passwords, group membership, etc.) could only be
made via the PDC, which would then propagate these changes to all BDCs in
the domain. If the PDC was unavailable (or unable to communicate with the user
requesting the change), the update would fail. If the PDC was permanently
unavailable (e.g. if the machine failed), an existing BDC could be promoted to
be a PDC.

69. Windows 2000 and later versions introduced Active Directory ("AD"), which
largely eliminated the concept of PDC and BDC in favor of multi-master
replication. However, there are still several roles that only one domain controller
can perform, called the Flexible single master operation roles. Some of these
roles must be filled by one DC per domain, while others only require one DC per
AD forest. If the server performing one of these roles is lost, the domain can still
function, and if the server will not be available again, an administrator can
designate an alternate DC to assume the role in a process known as "seizing"
the role.

70. Windows NT 4, one DC serves as the primary domain controller (PDC).

Others, if they exist, are usually a backup domain controller (BDC). The PDC is
typically designated as the "first". The "User Manager for Domains" is a utility for
maintaining user/group information. It uses the domain security database on the
primary controller. The PDC has the master copy of the user accounts database
which it can access and modify. The BDC computers have a copy of this
database, but these copies are read-only. The PDC will replicate its account
database to the BDCs on a regular basis. The BDCs exist in order to provide a
backup to the PDC, and can also be used to authenticate users logging on to
the network. If a PDC should fail, one of the BDCs can then be promoted to take
its place. The PDC will usually be the first domain controller that was created
unless it was replaced by a promoted BDC.

RESTRICTED
 RESTRICTED
35

12.8

Active Directory

71. Active Directory is a directory service. The term directory service refers to
two things — a directory where information about users and resources is stored
and a service or services that let you access and manipulate those resources.
Active Directory is a way to manage all elements of your network, including
computers, groups, users, domains, security policies, and any type of user-
defined objects. It melds several NT services and tools that have functioned
separately so far — User Manager for Domains, Server Manager, Domain
Name Server — and provides additional functions beyond these services and
tools.

72. Active Directory is built around Domain Name System (DNS) and
lightweight directory access protocol (LDAP). DNS because it is the standard on
the Internet and is familiar, LDAP because most vendors support it. Active
Directory clients use DNS and LDAP to locate and access any type of resource
on the network. Because these are platform-independent protocols, Unix,
Macintosh, and other clients can access resources in the same fashion as
Windows clients.

Importance of Active Directory for an Organization.

73. Windows Active Directory is a brilliantly devised product from Microsoft.

The software facilitates organizations for effectively manage software resources,
hardware resources, users’ account and password, network shares, servers,
printers, etc. Listed below are the features of AD that illustrates its importance:

(a) Scalability and Extensibility. With organizational requirements, an

application may need to be extended for its support. This is where AD
stands prolific. With the increasing IT resources, Active Directory can be
functionality gets extended to manage 100 to 1000s of computers in a
domain.

(b) Comprehensive Network Management. Windows Active Directory

is superb in terms of managing network related tasks. The Group Policy
function of AD allows the system administrator to configure tough security
policies to manage network resources. Windows Active Directory is
designed to help management large networks in an easiest and time-
saving manner. While using it to manage organizational resources, you can
create as many user groups, computer groups, etc. in it to reduce the

RESTRICTED
 RESTRICTED
36
number of domains.

(c) Full Support for Long Queries. With AD, you do not need to know
which resource is available at which server. In order words, you do not
need to go in depth of topology know-how. You have to type your query to
get and manage the relevant information.

(d) Effective Organization of IT Resources. Windows Active Directory

offers a place for flawless and systematic organization of organization’s IT
resources, which means less hard work but prolific output.

Fundamentals of Active Directory.

74. In the world of Active Directory, clients and servers interact in the following
manner:

(a) If a client wants to access a service or a resource, it does so using the

resource’s Active Directory name. To locate the resource, the client sends
a standard DNS query to a dynamic DNS server by parsing the Active
Directory name and sending the DNS part of the name as a query to the
dynamic DNS server.

(b) The dynamic DNS server provides the network address of the domain
controller responsible for the name. This is similar to the way static DNS
currently operates — it provides an IP address in response to a name
query.

(c) The client receives the domain controller’s address and uses it to
make an LDAP query to the domain controller. The LDAP query finds the
address of the system that has the resource or service that the client
requires.

(d) The domain controller responds with the requested information. The
client accepts this information.

(e) The client uses the protocols and standards that the resource or
service requires and interacts with the server providing the resource.

Active Directory Components.

75. Physical Components of AD. Active Directory is the core component

and the central data base of the network based on Microsoft Windows Domain
System. Active Directory is the central supervisor of the network objects and
security for the Windows Domain System. In a Microsoft Windows Domain

RESTRICTED
 RESTRICTED
37
environment based on Active Directory, we can find several classifications of its
components. Here we discuss the physical components of Active Directory in a
domain. Active Directory comprises of two physical components. They are
Domain Controllers and Sites.

(a) Domain Controllers. Domain Controllers or DCs are Physical

Server Machines running Windows Server 2019 (or older versions
Windows Server 2016 or Windows 2012 Server), and it contains the Active
Directory Database. There can be several Domain controllers in a
Microsoft Active Directory based Domain depending on the span of the
organization. The primary or first domain controller of the Domain is just
called DCs and every added domain controllers are called ADCs or
Additional Domain Controllers.

(b) Sites. Sites are the second major physical component of Active
Directory, which organises the network into different physical or
geographical locations. If your network span is only within a single building,
Active Directory can work with a Single Site. But if your organization spans
into multiple buildings or geographical locations, it’s required to split the
Active Directory into multiple sites. It mainly helps reducing high network
utilization during replication across WAN links.

76. Logical Components of AD. The logical components of active directory

include forest, domains, tree, OUs and global catalogs.

(a) Domain. A group of computer and other resources that are part of a
windows server2008 network and share a common directory database.

(b) Global Catalog. Global catalog used to catch information about

all object in a forest ,the global catalog enables users and applications to
find object in an active directory domain tree if the user or application
knows one or more attributes of the target object.

(c) Tree Tree as is collection of Active directory Domain, that

means the trust relationship can be used by all other domain in the forest
as a means to access the domain.

(d) Organization Unit. Organization Unit is a Active directory container

into which object can be grouped for permission management.

(e) Forest. Active directory forest as due to represents the external

boundary of the directory service. These are two types of active directory
forest:
(i) Single Forest.

RESTRICTED
 RESTRICTED
38
(ii) Multiple Forest

77. Trust. To allow users in one domain to access resources in another,

Active Directory uses trusts. Trusts inside a forest are automatically created
when domains are created. The forest sets the default boundaries of trust, and
implicit, transitive trust is automatic for all domains within a forest.

Types Of Trust.

(a) One-Way Trust. One domain allows access to users on another

domain, but the other domain does not allow access to users on the first
domain.

(b) Two-Way Trust. Two domains allow access to users on both

domains.

(c) Trusting Domain. The domain that allows access to users from a
trusted domain.

(d) Trusted Domain. The domain that is trusted; whose users have
access to the trusting domain.

(e) Transitive Trust. A trust that can extend beyond two domains to
other trusted domains in the forest.

(f) Intransitive Trust. A one way trust that does not extend beyond
two domains.

(g) Explicit Trust A trust that an admin creates. It is not transitive and
is one way only.

(h) Cross-Link Trust. An explicit trust between domains in different

trees or in the same tree when a descendant/ancestor (child/parent)
relationship does not exist between the two domains.

(j) Shortcut. Joins two domains in different trees, transitive, one- or

two-way.

(k) Forest. Applies to the entire forest. Transitive, one- or two-way.

(l) Realm. Can be transitive or nontransitive, one- or two-way

(m) External. Connect to other forests or non-AD domains Nontransitive,

one- or two-way.

RESTRICTED
 RESTRICTED
39

78. Domain Joining. A Windows domain is a form of a computer network

in which all user accounts, computers, printers and other security principals, are
registered with a central database located on one or more clusters of central
computers known as domain controllers. Authentication takes place on domain
controllers. Each person who uses computers within a domain receives a unique
user account that can then be assigned access to resources within the domain.
Starting with Windows 2000, Active Directory is the Windows component in
charge of maintaining that central database.[1] The concept of Windows domain
is in contrast with that of a workgroup in which each computer maintains its own
database of security principals.

79. Domain controller. In a Windows domain, the directory resides on

computers that are configured as "domain controllers." A domain controller is a
Windows or Samba server that manages all security-related aspects between
user and domain interactions, centralizing security and administration. A domain
controller is generally suitable for networks with more than 10 PCs. A domain is
logical grouping of computers. The computers in a domain can share physical
proximity on a small LAN or they can be located in different parts of the world.
As long as they can communicate, their physical location is irrelevant.

80. Windows Domain Join is a feature that lets users establish a remote and
secure connection to a work domain using credentials from the enterprise,
allowing them to effectively "join" that domain.

81. Windows Domain Join was introduced in Windows 7 and can still work
even if there is no immediate connection. The offline domain join feature eases
the deployment of desktops in large enterprises.In Windows Server 2008 R2, a
command called Djoin.exe was introduced so administrators could have an
easier time running Windows Domain Join. The Windows Domain Join feature
received an upgrade with release of Windows Server 2019 R2. The upgrade is
called Workplace Join.

(a) Click Start.

(b) Right-click Computer.

(c) Click Properties.

(d) Under Computer name, domain and workgroup settings, click change
settings. You need the administrator password to be able to do this.

(e) Click the Computer name tab, then click Change.

RESTRICTED
 RESTRICTED
40

(f) Under Member of, click Domain.

(g) Type in the name of the Domain you want to join, then click OK.

(h) You will now need to enter your username and password for the
domain.

(j) Restart your computer.

82. A Domain-based network provides centralized administration of an entire

network from a single computer called a server. Domains provide single user log
on from any networked computer within the network perimeter. Users are able to
access resources for which they have appropriate permission. While I do not
want to go into the complexities of Domain networks, you can find out more by
contacting your Network Administrator if you have difficulties connecting to your
workplace domain.

83. Group Policy. Group Policy is a feature of the Microsoft Windows NT

family of operating systems that controls the working environment of user
accounts and computer accounts. Group Policy provides centralized
management and configuration of operating systems, applications, and users'
settings in an Active Directory environment. A version of Group Policy called
Local Group Policy ("LGPO" or "Local GPO") also allows Group Policy Object
management on standalone and non-domain computers.

84. Group Policy, in part, controls what users can and cannot do on a
computer system: for example, to enforce a password complexity policy that
prevents users from choosing an overly simple password, to allow or prevent
unidentified users from remote computers to connect to a network share, to
block access to the Windows Task Manager or to restrict access to certain
folders. A set of such configurations is called a Group Policy Object (GPO).

85. As part of Microsoft's IntelliMirror technologies, Group Policy aims to

reduce the cost of supporting users. IntelliMirror technologies relate to the
management of disconnected machines or roaming users and include roaming
user profiles, folder redirection, and offline files.

86. To accomplish the goal of central management of a group of computers,

machines should receive and enforce GPOs. A GPO that resides on a single
machine only applies to that computer. To apply a GPO to a group of
computers, Group Policy relies on Active Directory (or on third-party products

RESTRICTED
 RESTRICTED
41
like ZENworks Desktop Management) for distribution. Active Directory can
distribute GPOs to computers which belong to a Windows domain.

87. By default, Microsoft Windows refreshes its policy settings every 90

minutes with a random 30 minutes offset. On Domain controllers, Microsoft
Windows does so every five minutes. During the refresh, it discovers, fetches
and applies all GPOs that apply to the machine and to logged-on users. Some
settings - such as those for automated software installation, drive mappings,
startup scripts or logon scripts - only apply during startup or user logon. Since
Windows XP, users can manually initiate a refresh of the group policy by using
the gpupdate command from a command prompt.

88. Group Policy Objects are processed in the following order (from top to
bottom):

(a) Local. Any settings in the computer's local policy. Prior to

Windows Vista, there was only one local group policy stored per computer.
Windows Vista and later Windows versions allow individual group policies
per user accounts.

(b) Site. Any Group Policies associated with the Active Directory site in
which the computer resides. (An Active Directory site is a logical grouping
of computers, intended to facilitate management of those computers based
on their physical proximity.) If multiple policies are linked to a site, they are
processed in the order set by the administrator.

(c) Domain. Any Group Policies associated with the Windows domain
in which the computer resides. If multiple policies are linked to a domain,
they are processed in the order set by the administrator.

(d) Organizational Unit. Group policies assigned to the Active Directory

organizational unit (OU) in which the computer or user are placed. (OUs
are logical units that help organizing and managing a group of users,
computers or other Active Directory objects.) If multiple policies are linked
to an OU, they are processed in the order set by the administrator.

89. The resulting Group Policy settings applied to a given computer or user are
known as the Resultant Set of Policy (RSoP). RSoP information may be
displayed for both computers and users using the gpresult command.

90. A policy setting inside a hierarchical structure is ordinarily passed from

parent to children and from children to grandchildren, and so forth. This is
termed inheritance. It can be blocked or enforced to control what policies are
applied at each level. If a higher level administrator (enterprise administrator)

RESTRICTED
 RESTRICTED
42
creates a policy that has inheritance blocked by a lower level administrator
(domain administrator), this policy will still be processed.

91. Where a Group Policy Preference Settings is configured and there is also
a uivalent Group Policy Setting configured, then the value of the Group Policy
Setting will take precedence.

12.9

DHCP

92. DHCP (Dynamic Host Configuration Protocol) is a protocol used by DHCP

servers in wired/wireless IP networks to dynamically allocate a variety of
network configuration data, such as a user IP address, subnet mask, default
gateway IP address, DNS server IP address, lease time and so on, to client
devices (DHCP clients). The DHCP protocol enables DHCP clients to
dynamically configure such network configuration data without any manual
setup process, which makes network management much easier. This document
provides fundamentals of basic DHCP operation in relation to IP address
allocation, IP address lease renewal and IP address release procedures based
on the DHCP protocol in detail.

Introduction

93. As we need a phone number to make a call to someone, we need an

address to communicate with a network host over the Internet. This address is
called an "Internet Protocol (IP) address". Generally, IP addresses are
dynamically allocated to clients accessing the Internet, through Dynamic Host
Configuration Protocol (DHCP), a protocol designed for dynamic allocation of IP
addresses.

94. DHCP adopts the concept of a “lease” in IP allocation. This means, a

DHCP server does not allocate an IP address to a client permanently. What it
does instead is set “lease duration” and allow the client to use the allocated IP
address only during the set lease duration. If the client wishes to use the
allocated IP address for longer than the lease duration, it should request the
DHCP server for renewal of the lease. If not, it performs an IP address release
procedure instead.

95. This document is organized as follows: Chapter II will explain the

procedure for allocating/leasing IP addresses, and Chapter III and Chapter IV
will describe the procedure for extending the lease time of, and releasing
allocated IP addresses, respectively.

RESTRICTED
 RESTRICTED
43

IP Address Allocation/Lease Procedure.

96. The following four basic phases are required in DHCP operations between
a DHCP server and DHCP client (e.g. a PC) in order for the client to get/lease
network configuration data, such as IP address from the DHCP server.

(a) DHCP Discover. When a client (PC) is booted, it broadcasts a

DHCP Discover message over the Ethernet network to locate all available
DHCP servers on the same subnet network (by setting the destination
MAC address in the Ethernet header as Broadcast
MAC=FF:FF:FF:FF:FF:FF), reaching all the DHCP servers on the same
subnet network.

(b) DHCP Offer. When a DHCP server receives the DHCP Discover
message from the client, it also broadcasts a DHCP Offer message over
the Ethernet network (because the client IP address has not been
allocated yet), informing the client that it is available. This message
contains the network information, such as client IP address, subnet mask,
default gateway IP address, DNS IP address, IP lease time and DHCP
server IP address. The DHCP Offer message broadcasted is delivered to
all the clients on the same subnet network, including the one that sent the
DHCP Discover message.

(c) DHCP Request. The client, having received the DHCP Offer
message, recognizes there is a DHCP server available on the same
subnet. Then it broadcasts a DHCP Request message to the server over
the Ethernet network, requesting network configuration data including an
IP address for itself. If more than one DHCP server responds on the same
subnet and hence the client receives multiple DHCP Offer messages, it
selects one of the DHCP servers, and enters the IP address of the
selected DHCP server in the DHCP Server Identifier (option 54) field of the
DHCP Request message. Then it informs all the DHCP servers on the
subnet network about such selection by broadcasting the DHCP Request
message. Typically, all DHCP servers internally store the network
configuration data (i.e. IP address for the client and other information)
when they send a DHCP Offer message. So, the client broadcasts the
DHCP Request message to all the DHCP servers, so that those not
selected can also receive the message and delete the stored network
configuration data from their memory.

(d) DHCP Ack. The DHCP server which received the DHCP
Request message from the client checks if the IP address shown in the
DHCP Server Identifier (option 54) field matches its own. If it does, it

RESTRICTED
 RESTRICTED
44
broadcasts a DHCP Ack message ensuring the client can receive the
message (Note: the client has NOT been allocated an IP address yet).

(e) At this time, the DHCP server transfers all the network configuration
data including the client IP address – the same data sent along with the
DHCP Offer message - to the client. Then the client configures a network
interface using the transferred data, finally connecting to the Internet. The
typical network configuration data includes:

(i) IP address

(ii) Subnet mask

(iii) Default gateway IP address

(iv) DNS server IP address

(v) Lease time (during which a client can use the IP address
allocated/leased by a DHCP server)

IP Address Renewal Procedure.

97. A DHCP Ack message is the last message sent in the “IP address
allocation/lease” procedure. It contains the IP Lease Time (option 51)
parameter, and a client can use an allocated IP address only for the time period
(lease duration) specified in the option parameter. Thus, to use the IP address
beyond the lease duration, the client has to request approval from the DHCP
server to renew the IP address.

(a) DHCP Request. The lease time is given as 1 hour. When half of
it has passed (i.e. 1,800 seconds/30 minutes in Figure 3), the client sends
a DHCP Request message to the DHCP server to renew its lease time
(Note: In case of IP renewal, no DHCP Discover/Offer process is required).
Unlike in the IP address allocation/lease procedure, the client does not
broadcast the DHCP Request message (Destination MAC=FF:
FF:FF:FF:FF:FF, Destination IP=255.255.255.255), but unicasts it
(Destination MAC=DHCP Server MAC (m2), Destination IP=DHCP Server
IP (1.1.1.254)). That is because the DHCP server and client have already
known each other’s IP address. The DHCP Request message for IP
address renewal should include the IP address of the client requesting the
renewal in the “Client IP Address (ciaddr)” field, but should exclude
Requested IP Address (option 50) and DHCP Sever Identifier (option 54)
fields.

RESTRICTED
 RESTRICTED
45
(b) DHCP Ack. Upon accepting the DHCP Request message (for IP
address renewal) received from the client, the DHCP server also unicasts,
and does not broadcast, a DHCP Ack message (Destination MAC=PC
MAC (m1), Destination IP=PC IP (1.1.1.10)), including network
configuration data such as the client IP address, subnet mask, default
gateway IP address, DNS IP address and lease time, to the client. Once
this process is completed, the client can keep its current IP address for the
extended lease time as specified in the DHCP Ack message.

IP Address Release Procedure

98. When a client is shut down gracefully,1 or ‘ipconfig/release’ command is

entered in the DOS command window of Windows, the client unicasts a DHCP
Request message to the DHCP server in order to return its allocated IP address,
as seen in Figure 4. Then it releases the network configuration data (i.e. client
IP address, subnet mask, default gateway IP address, DNS IP address, etc.),
consequently having no access to the Internet any more.

(a) DHCP Release. If the client does not need its allocated IP address
any longer, it unicasts a DHCP Release message (Destination
MAC=DHCP Server MAC (m2), Destination IP=DHCP Server IP
(1.1.1.254)) to the DHCP server. The server then releases the client IP
address (1.1.1.10) listed in the Client IP field of the received message.

(b) IP address allocation/lease: Once a DHCP client is booted up, it

broadcasts a DHCP Discover message, and in respond to the message, a
DHCP server broadcasts a DHCP Offer message. In case there is more
than one DHCP server on the subnet, the client selects one of the servers,
and broadcasts a DHCP Request message with the information of the
selected server entered in the DHCP Server Identifier (option 54) field.
Finally, the client receives network configuration data such as client IP
address, subnet mask, default gateway IP address, DNS IP address, IP
lease time from the server, and configures its network interfaces using the
data.

(c) IP address renewal: When half of the lease time set through “IP
address allocation/lease” procedure has passed, it unicasts a DHCP
Request message to the DHCP server for renewal of its IP address. The
DHCP server, upon receiving the DHCP Request message, accepts the
request by responding with a unicast DHCP Ack message.
IP address release: Once the client is logged-off, it returns the allocated IP
address to the DHCP server by unicasting a DHCP Release message to
the DHCP server.

RESTRICTED
 RESTRICTED
46
Installation and configuration of DHCP

99. Dynamic Host Configuration Protocol (DHCP) is commonly implemented

network servicesin today’s network environments. DHCP is primarily used to
automatically distribute IP configuration settings to network clients, eliminating
manually configuring hosts on TCP /IP-based networks.

To Install DHCP role, you will have to follow the steps given below.

Step 1 − Go to “Server Manager” → Manage → Add Roles and Features. See

Fig 12.20

Fig 12.20 : Server manager

Step 2 − Click Next. See Fig 12.21

Fig 12.21 : Add Role and Features Wizards

RESTRICTED
 RESTRICTED
47
Step 3 − Select the Role-based or feature-based installation option → click
Next. See Fig 12.22

Fig 12.22 : Add Role and Features Wizards

Step 4 − We will install a Local DHCP Role as it will Select a server from the
Server Pool → then click Next See Fig 12.23

Fig 12.23 : Add Role and Features Wizards

RESTRICTED
 RESTRICTED
48

Step 5 − From the Roles lists, check the DHCP Server role → click Add
Features See Fig 12.24 & 12.25

Fig 12.24 : Add Role and Features Wizards

Fig 12.25 : Add Role and Features Wizards

RESTRICTED
 RESTRICTED
49

Step 6 − Click Next. See Fig 12.26

Fig 12.26 : Add Role and Features Wizards

Step 7 − Click Next. See Fig 12.27

Fig 12.27 : Add Role and Features Wizards

RESTRICTED
 RESTRICTED
50

Step 8 − Click Install. See Fig 12.28

Fig 12.28 : Add Role and Features Wizards

Step 9 − Click Close. See Fig 12.29

Fig 12.29 : Add Role and Features Wizards

RESTRICTED
 RESTRICTED
51

Post-deployment Configuration

100. In this section, we will see how to do the post-deployment configuration of

the DHCP. Please follow the steps
given below.

Step 1 − Click on the warning icon and then click on “Complete DHCP
Configuration”. See Fig 12.30

Fig 12.30 : Server Manager

Step 2 − Click Next. See Fig 12.31

Fig 12.31 : Post install

RESTRICTED
 RESTRICTED
52
Step 3 − Select a domain user account that has permissions to create objects in
the Net Services container in Active directory or a domain admin account →
click Next. See Fig 12.32

Fig 12.32 : Post install

Step 4 − Click Close. See Fig 12.33

Fig 12.33: Post install

RESTRICTED
 RESTRICTED
53

12.10

File server

101. File servers function primarily to provide a location to store shared files to a
given client within a network. These files could be virtually anything, multimedia
from text documents to sound files to photographs, as long as it is stored in a
file. The clients typically consist of individual workstations, often as employees in
a business or students at a school.

102. File servers will often double as other types of servers as well, such as
print servers or other types of peripheral servers. File servers are also a type of
server computer, that is, where the entire computer is dedicated to the operation
of a server, as opposed to the server-client relation being relatively “macro" or
“micro" in nature.

103. File servers tend to have large hard drives to store all of these files,
especially in large file server systems as may be encountered in a business.A
file server may be either dedicated or non-dedicated.

(i) A dedicated file server means that there may be a specific computer
server that fulfills this function, typically for a larger network, and has
specialized hardware and software to handle the greater workload. This
may include more hard drive memory storage, better cooling systems,
better security such as limited physical access, and specialized software
contained within special server operating systems.

(ii) A non-dedicated file server just means that the computer functioning
as a file server isn't used exclusively as such, and may also be used for
other purposes, such as a workstation. This is more typical of small-scale
systems, such as at home or in a small business.

104. In computing, a file server (or fileserver) is a computer attached to a

network that provides a location for shared disk access, i.e. shared storage of
computer files (such as text, image, sound, video) that can be accessed by the
workstations that are able to reach the computer that shares the access through
a computer network. The term server highlights the role of the machine in the
client–server scheme, where the clients are the workstations using the storage.
It is common that a file server does not perform computational tasks, and does
not run programs on behalf of its clients. It is designed primarily to enable the
storage and retrieval of data while the computation is carried out by the
workstations.File servers are commonly found in schools and offices, where
users use a LAN to connect their client computers.

RESTRICTED
 RESTRICTED
54

Features of file servers

105. A file server may be dedicated or non-dedicated. A dedicated server is

designed specifically for use as a file server, with workstations attached for
reading and writing files and databases.

(i) Remote Access. When you have access to a dedicated File

Server, you can easily access all information remotely. Remote access of
information can be critical in many scenarios. One example can be
extraction of data from a remote branch. Even if an employee is not
present in the company you can still access their data via File Server.
However, if you have the files you need locked in that employee’s PC, you
would have to wait for that employee to come and send them to you. Or
ask someone to extract those files and send to the office.

(ii) Centralized Management of Permissions when you use a File

Server, you can easily access all your files from one central location. On
the other hand, imagine if you hard all your company’s data spread on
different PCs. It would have become impossible to control permissions for
confidential files. The File Server lets you control access so that there is
minimal chance of your business information getting leaked to competitors.
Therefore, File Server is also important to ensure that your business data
is saved.
(iii) Data Security & Backup Most of the small sized business
organizations are managing peer to peer network. In this case the files are
only stored on local drives. However, if the hard disk of that particular PC
fails, it would be a big disaster to deal with. This would mean losing
everything, even critical business information which may be worth a lot of
money. One example can be losing a database of customers built over the
years. This is one example of the terrible scenarios you may come across
without a dedicated File Server. A File Server creates backups so you do
not have any problems saving the data.

(iv) Monitor Your Employees Dedicated File Servers also offer support
through which you can monitor your employees. It means tracking the
users’ activities. This means protecting vital files and monitoring any data
which is sent into or from your organization. You would also be able to
have a look at the websites which your network users are accessing to
protect from malicious file downloads that may create a lot of havoc.

RESTRICTED
 RESTRICTED
55
(v) Increase User Control The File Server ensures management of
all passwords from central location. You would be able to create new users
within no time. Similarly deleting a user form the system would ensure
access denied to the entire system of files. So if you have fired a
disgruntled employee, you do not need to worry about unauthorized
access. The employee would not be able to do any harm to your business.

12.11

Exchange (mail) Server

106. Exchange Server provides the underlying infrastructure necessary to run a

messaging system. Exchange Server provides the database to store email data,
the transport infrastructure to move the email data from one place to another,
and the access points to access email data via a number of different
clients.However, Exchange Server, when used with other clients such as
Outlook or Outlook on the web, turns the “mailbox” into a point of storage for
personal information management such as your calendar, contacts, task lists,
and any file type. Users can share some or all of this information in their own
mailbox with other users on the message system and start to collaborate.

107. The Outlook and Outlook on the web clients also provide access to public
folders. Public folders look like regular mail folders in your mailbox, except that
they are in an area where they can be shared by all users within the
organization. A folder can have specialized forms associated with it to allow the
sharing of contacts, calendar entries, or even other specialized forms. Further,
each public folder can be secured so that only certain users can view or modify
data in that folder.

108. How Messaging Servers Work At the core of any messaging

system, a common set of basic functions that may be implemented in different
ways depending on the vendor or even the version of the product. Common
components of most messaging systems include the following:

(a) A message transport system that moves messages from one place to
another. Examples include the Simple Mail Transport Protocol (SMTP).

(b) A message storage system that stores messages until a user can
read or retrieve them. Messages may be stored in a client/server
database, a shared file database,or even in individual files.

RESTRICTED
 RESTRICTED
56
(c) A directory service that allows a user to look up information about the
mail system's users, such as a user's email address.

(d) A client access interface on the server that allows the clients to get to
their stored messages. This might include a web interface, a client/server
interface, or the Post Office Protocol (POP).

(e) The client program that allows users to read their mail, send mail,
and access the directory. This may include Outlook, Outlook on the web,
and a mobile device

109. Extensible Storage Engine The Exchange Server database uses a

highly specialized database engine called the Extensible Storage Engine (ESE).
Generically, it is almost like SQL Server, but this is technically not true. It is a
client/server database and is somewhat relational in nature, but it is designed to
be a single-user database (the Exchange server itself is the only component that
directly accesses the data). Further, the database has been highly tuned to
store hierarchical data, such as mailboxes, folders, messages, and attachments.
Figure 12.34 shows conceptually what is happening with the ESE database as
data is sent to the database.In step 1, an Outlook client sends data to the
Exchange server (the Information Store service); the Information Store service
places this data in memory and then immediately writes the data out to the
transaction log files associated with that database.

Fig 12.34 : Exchange data and transaction logs

110. The transaction log that is always written to is the current transaction log
for that particular database (e00.log, for example). Each transaction log file is
exactly 1 MB insize, so when the transaction log is filled up, it is renamed to the
next sequential number. For example, an old transaction log file might be named
like this: e000004032.log. The actual period that data is retained in memory will
depend on how much cache memory is available, what types of operations are
happening in the data, and how busy the server is.

RESTRICTED
 RESTRICTED
57
111. The important operation, though, is to make sure that as soon as the data
is sent to the Exchange server, it is immediately flushed to the transaction log
files. If the server crashes before the data is written to the database file, the
database engine (the store process) will automatically read the transaction log
files once the server is brought back up and compare them to the data that's
stored in the corresponding mailbox databases. Any inconsistency is resolved
by replaying the missing data operations from the transaction logs back into the
database, assuming that the entire transaction is present; if it's not, the
operations are not written. This helps ensure that the integrity of the mailbox
database is preserved and that half-completed data operations aren't written
back into the database and allowed to corrupt good data. The transaction log
files are important for a number of reasons. They are used by Microsoft
replication technologies, but they can also be used in disaster recovery.

112. The transaction logs are not purged off the log disk until a full backup is
run; therefore, every transaction that occurred to a database (new data,
modifications, moves, deletes) is stored in the logs. If you restore the last good
backup to the server, Exchange Server can replay and rebuild all the missing
transactions back into the database—provided you have all the transactions
since the last full backup.In early versions of Exchange Server, it had two
separate mail store objects: the storage group, which was a logical container
that held an associated set of transaction logs, and the mailbox database, a set
of files that held the actual permanent copies of user mailboxes. Multiple
mailbox databases per storage group, meaning that one set of transaction logs
contained interwoven transaction data for multiple databases (which could have
detrimental effects on performance, space, and backups).

Exchange and Active Directory

113. Exchange Server relies on Active Directory for information about its own
configuration, user authentication, and email-specific properties for mail-enabled
objects such as users, contacts, groups, and public folders. Look at Figure
12.35 to see some of the different types of interactions that occur between
Exchange Server and Active Directory. Because most of the Exchange Server
configuration data for an Exchange server is stored in Active Directory, all
Exchange Server roles must contact a domain controller to request its
configuration data; this information is stored in a special partition of Active
Directory database called the configuration partition.

RESTRICTED
 RESTRICTED
58

Fig 12.35 : Active Directory and Exchange Server

114. The configuration partition is replicated to all domain controllers in the

entire Active Directory forest.Note that you can have only a single Exchange
organization per Active Directory forest. Each of the Exchange Server
components uses Active Directory for different things. Some of those functions
include:

12.12

IIS

115. Web server can refer to either the hardware (the computer) or the software
(the computer application) that helps to deliver content that can be accessed
through the Internet.

116. The most common use of web servers is to host web sites but there are
other uses such as data storage or running enterprise applications.

117. The primary function of a web server is to deliver web pages on the
request to clients. This means delivery of HTML documents and any additional
content that may be included by a document, such as images, style sheets and
scripts.

RESTRICTED
 RESTRICTED
59

118. Formerly called Internet Information Server. It is a web server application

and set of feature extension modules created by Microsoft for use with Microsoft
Windows. It is the most used web server after Apache HTTP Server. IIS 7.5
supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of
Windows Server family of products, as well as certain editions of Windows XP,
Windows Vista and Windows 7. IIS is not turned on by default when Windows is
installed.

Features of IIS

119. The architecture of IIS 7 is modular. Modules, also called extensions, can
be added or removed individually so that only modules required for specific
functionality have to be installed. IIS 7 includes native modules as part of the full
installation. These modules are individual features that the server uses to
process requests and include the following:

(a) HTTP Modules. Used to perform tasks specific to HTTP in the

request-processing pipeline, such as responding to information and
inquiries sent in client headers, returning HTTP errors, and redirecting
requests.

(b) Security Modules. Used to perform tasks related to security in the

request-processing pipeline, such as specifying authentication schemes,
performing URL authorization, and filtering requests.

(c) Content Modules. Used to perform tasks related to content in the

request-processing pipeline, such as processing requests for static files,
returning a default page when a client does not specify a resource in a
request, and listing the contents of a directory.

(d) Compression Modules. Used to perform tasks related to

compression in the request-processing pipeline, such as compressing
responses, applying Gzip compression transfer coding to responses, and
performing pre-compression of static content.

(e) Caching Modules. Used to perform tasks related to caching in the

request-processing pipeline, such as storing processed information in
memory on the server and using cached content in subsequent requests
for the same resource.

RESTRICTED
 RESTRICTED
60
(f) Logging and Diagnostics Modules. Used to perform tasks
related to logging and diagnostics in the request-processing pipeline, such
as passing information and processing status to HTTP.sys for logging,
reporting events, and tracking requests currently executing in worker
processes.

120. IIS releases new feature modules between major version releases to add
new functionality. The following extensions are available for IIS 7.5:

(a) FTP Publishing Service. Lets Web content creators publish content
securely to IIS 7 Web servers with SSL-based authentication and data
transfer.

(b) Administration Pack. Adds administration UI support for

management features in IIS 7, including ASP.NET authorization, custom
errors, FastCGI configuration, and request filtering.

(c) Application Request Routing. Provides a proxy-based routing

module that forwards HTTP requests to content servers based on HTTP
headers, server variables, and load balance algorithms.

(d) Database Manager. Allows easy management of local and

remote databases from within IIS Manager.

(e) Media Services Integrates a media delivery platform with IIS to

manage and administer delivery of rich media and other Web content.

(f) URL Rewrite Module Provides a rule-based rewriting

mechanism for changing request URLs before they are processed by the
Web server.

(g) WebDAV Lets Web authors publish content securely to IIS 7 Web
servers, and lets Web administrators and hosters manage WebDAV
settings using IIS 7 management and configuration tools.

(h) Web Deployment Tool Synchronizes IIS 6.0 and IIS 7 servers,
migrates an IIS 6.0 server to IIS 7, and deploys Web applications to an IIS
7 server.

RESTRICTED
 RESTRICTED
61
Installation of Web Server (IIS)

121. Compatibility.

Version Notes
IIS 8.0
IIS 8.0 is only available in Windows Server
IIS 7.5
2012 and Windows 8.
IIS 7.0

122. Prerequisites. Windows Server 2012 should be installed.

123. Installing IIS 8 With The Default Settings To install IIS, use the
following steps:

(a) Open Server Manager.

(b) Under Manage menu, select Add Roles and Features.

See Fig 12.36

Fig 12.36 : Server Manager

RESTRICTED
 RESTRICTED
62
(c) Select Role-based or Feature-based Installation. See Fig 12.37

Fig 12.37 : Feature-based Installation

(d) Select the appropriate server (local is selected by default). See Fig
12.38

Fig 12.38 : Server Selection

RESTRICTED
 RESTRICTED
63
(e) Select Web Server (IIS). See Fig 12.12 (d)

Fig 12.12 (d): Server Roles

(f) No additional features are needed for IIS, so click next. See Fig
12.39

Fig 12.39 : Feature of server

RESTRICTED
 RESTRICTED
64
(g) Click Next. See Fig 12.40

Fig 12.40 : Web Server Role

(h) Customize your installation of IIS, or accept the default settings that
have already been selected for you, and then click Next. See Fig 12.41

Fig 12.41 : Role Services

RESTRICTED
 RESTRICTED
65
(j) Click Install. See Fig 12.42

Fig 12.42 : Confirmation

(k) When the IIS installation completes, the wizard reflects the
installation status. See Fig 12.43

Fig 12.43 : Installation Complete

(l) Click Close to exit the wizard.

RESTRICTED
 RESTRICTED
66
WINDOWS SERVER 2012 FTP INSTALLATION AND CONFIGURATION

124. Today you step by step installation of Windows Server 2012 FTP Service.

(a) Add a portion of the Role As a first step we select from the Server
Manager, See Fig 12.44

Fig 12.44 : Server Manager

(b) Next select Role-based or feature-based installation click on NEXT,

See Fig 12.45

Fig 12.45 : Installation Type

RESTRICTED
 RESTRICTED
67
(c) We choose the FTP Server service is part of IIS features are brought
about and the next. See Fig 12.46

Fig 12.46 : Server Selection

(d) After you install the required services will ever need to restart our
server will start automatically re-emerges, and to approve a warning asks
confirmation from us. We continue to YES,. See Fig 12.47

RESTRICTED
 RESTRICTED
68

Fig 12.47 : Services Selection

(e) As shown below, Confirm installation selection, See Fig 12.48

Fig 12.48 : Confirm Installation Selection

(f) As shown below, the installation process begins. See Fig 12.49

RESTRICTED
 RESTRICTED
69

Fig 12.49 : Installating Role

(g) Then right-click on the IIS manager on our server by clicking on the
'Add FTP Site' he will continue. See Fig 12.50

Fig 12.50 : Add FTP Site

RESTRICTED
 RESTRICTED
70
(h) Desire by giving a name to C:\FTP. See Fig 12.51

Fig 12.51 : Site Information

(j) FTP service port and the addresses are selected to fulfill the
following screen. We left the default options. Of course if you want to be
able to bring this service to more secure by choosing SSL. See Fig 12.52

Fig 12.52 : Add FTP Site

RESTRICTED
 RESTRICTED
71
(k) Active Directory Users and Computers interface will give the FTP
service allows users to permission of read and write. See Fig 12.53

Fig 12.53 : Permission

(l) Here we add the users are able to read or write rights. We also
wanted to give write access to users within the company added. See Fig
12.54

Fig 12.54 : Add User

RESTRICTED
 RESTRICTED
72
(m) The following screen 2nd screen on the right, select the FTP service
FTP Authorization Rules option to add users or groups that want to take
advantage of this service. We are created in the Active Directory group
called FTP Users added, See Fig 12.55

Fig 12.55 : Authorization

(n) Below is a test just to make local server as an address ftp://127.0.0.1/

establishing of communication by typing the ftp server port number 21 and
immediately asked us what we wanted to connect with the user name. We
also Domain \ User and live to enter the password.

(p) Allow access to the case files for more as you can See Fig 12.56

Fig 12.56 : Allow Access

RESTRICTED
 RESTRICTED
73
Web Server Maintenance

125. When you own a website whether it be personal website or business

website, there are number of things you must do in order to maintain it. Here is a
list with an explanation of what needs to be done during maintenance of web
server.

(a) Domain Name. Make sure the domain name is registered.

Some people don’t even know when their domain name is going to expire
and then their website goes down without them even knowing. Also, check
to make sure that the contact information is correct – especially for the
Administrative Contact. This is who will receive emails regarding the
domain name expiring. What’s best is to have this set up as the “info@”
(for example, [email protected]) email account. This email account
should be a group account so that more than one person receives email
from it.

(b) Website Software. If your website is using a Content Management

System (CMS for short) or any kind of scripts (PHP, Perl, DotNet/ASP,
etc.), then you need to make sure that software stays up to date. Check for
updates from the software publisher. Also, your website host should be
updating the core server software. For example, they should be applying
patches and upgrades for things like the web service, FTP service and
database running on the server. If you run your own web server, then you
should be applying and testing these updates yourself.

(c) Web Statistics. Commonly known as “web stats”, this is the program
or service responsible for reporting who is visiting your website, how they
got there and where they come from. You want to keep up to date on your
website traffic so that you can improve your website.

(d) Content. Of course, your website’s content needs to be up to date.

This includes copy/text and pictures.

(e) Testing. If you website has any kind of form, login form or other
kinds of functions, then those should be tested regularly to make sure they
are working fine and data which is entered to be stored or fetched as per
user requirement.

(f) Link Checking. If your website has links going to other websites, you
should make sure those links work fine so that your website continues to
be a solid resource.

RESTRICTED
 RESTRICTED
74
(g) Backups. Check to see if backups of your website and database are
being done. Also check that the backups work and can be restored without
problems.

(h) Design. Make sure that your website still looks fine in all of the
latest versions of major website browsers like Internet Explorer, Firefox,
Chrome and Safari. These browsers are updated often and if your website
doesn’t adapt, then it might not show up looking nice (or show up at all) on
certain browsers.

(j) Website Errors. Check all error log files and messages at
Google Webmaster Tools and Bing Webmaster Tools to make sure there
are not major errors.

(k) Check Load Time. Do some testing to make sure your website
loads quickly.

12.13

126. Windows Powershell. PowerShell is a mixture of a command line, a

functional programming language, and an object-oriented programming
language. PowerShell is based on Microsoft .NET, which gives it a level of open
flexibility that was not available in Microsoft's scripting languages (such as
VBScript or batch) before this. PowerShell is an explorer's scripting language.
With built-in help, command discovery, and with access to much of the .NET
Framework, it is possible to dig down through the layers.

127. Windows PowerShell executes four types of commands:

(a) Cmdlets

(b) PowerShell functions

(c) PowerShell scripts

(d) Executable programs

128. PowerShell is a shell what it is capable of:

(a) PowerShell works with standard Windows commands and

applications already know and use.

RESTRICTED
 RESTRICTED
75
(b) PowerShell introduces a powerful new type of command. PowerShell
commands (called cmdlets) share a common Verb-Noun syntax and offer
many usability improvementsover standard commands.

(c) PowerShell understands objects. Working directly with richly

structured objectsmakes working with (and combining) PowerShell
commands immensely easierthan working in the plain-text world of
traditional shells.

(d) PowerShell caters to administrators. Even with all its advances,

PowerShell focusesstrongly on its use as an interactive shell: the
experience of entering commands ina running PowerShell application.

(e) PowerShell supports discovery. Using three simple commands, you

can learn anddiscover almost anything PowerShell has to offer.

(f) PowerShell enables ubiquitous scripting. With a fully fledged

scripting languagethat works directly from the command line, PowerShell
lets you automate tasks withease.

(g) PowerShell bridges many technologies. By letting you work with

.NET, COM, WMI,XML, and Active Directory, PowerShell makes working
with these previously isolatedtechnologies easier than ever before.

(h) PowerShell simplifies management of data stores. Through its

provider model, PowerShell lets you manage data stores using the same
techniques already use to manage files and folders.

129. PowerShell automates tasks using cmdlets. These are .NET application
programming interface (API) classes appearing as system commands and
implementing specific functions. They are the native commands in PowerShell
and process objects individually. They are used as recipients in a pipeline and
receive and output results as objects

130. PowerShell has an interactive command line interface. PowerShell allows

the user to produce aliases for cmdlets, which are converted to the original
commands by PowerShell. Pipeline is an important concept included in
PowerShell. The output of a command is passed over to another command
using a | operator.

131. Microsoft has released PowerShell 2, which is installed by default on

Windows 7 and Windows Server 2008 R2. PowerShell V2 includes about 240
cmdlets and includes changes in scripting language and the hosting API. New
features added in PowerShell V2 are:

RESTRICTED
 RESTRICTED
76

(a) Data Language. This is a subset of the PowerShell scripting

language. It permits data definitions to be separated from the scripts and
allow string resources to be imported into the script at runtime.

(b) PowerShell Remoting. This invokes cmdlets and scripts on

remote machines using workstation management.

(c) Script Debugging. This permits breakpoints on scripts and

functions for easy location of commands.

(d) Background Jobs. This invokes command sequences

asynchronously.

(e) Network file transfer. Asynchronous transfer of files between

machines.

(f) Modules. These organize and partition scripts in reusable

units.

(g) Transaction. This involves transaction cmdlets for starting,

committing and rolling back transactions.

(h) Scriptcmdlets. These are cmdlets designed using the

PowerShell Scripting Language.

(j) Eventing. This listens, forwards and acts on system events.

(k) Integrated Scripting Environment. This enables only selected

parts of the script to run and provides a GUI-based PowerShell with syntax
highlighting, integrated debugger and tab completion.

12.14

Hosting of Website

132. Web hosting is a service that allows organizations and individuals to post a
website or web page onto the Internet. A web host, or web hosting service
provider, is a business that provides the technologies and services needed for
the website or webpage to be viewed in the Internet. Websites are hosted, or
stored, on special computers called servers.

RESTRICTED
 RESTRICTED
77
133. When Internet users want to view your website, all they need to do is type
your website address or domain into their browser. Their computer will then
connect to your server and your webpages will be delivered to them through the
browser. Most hosting companies require that you own your domain in order to
host with them. If you do not have a domain, the hosting companies will help
you purchase one.

134. A web hosting service is a type of Internet hosting service that allows
individuals and organizations to make their website accessible via the World
Wide Web. Web hosts are companies that provide space on a server owned or
leased for use by clients, as well as providing Internet connectivity, typically in a
data center. Web hosts can also provide data center space and connectivity to
the Internet for other servers located in their data center, called colocation, also
known as Housing in Latin America or France.

135. To host a website on the internet, an individual or company would need

their own computer or server. As not all companies had the budget or expertise
to do this, web hosting services began to offer to host users websites on their
own servers, without the client needing to own the necessary infrastructure
required to operate the website. The owners of the websites, also called
webmasters would be able to create a website that would be hosted on the web
hosting service's server and published to the web by the web hosting service.

TYPES OF HOSTING

136. A typical server "rack" commonly seen in colocation centres.Some

commonly Internet hosting services can run Web servers.

(a) Smaller hosting services. The most basic is web page and
small-scale file hosting, where files can be uploaded via File Transfer
Protocol (FTP) or a Web interface. The files are usually delivered to the
Web "as is" or with minimal processing. Many Internet service providers
(ISPs) offer this service free to subscribers. Individuals and organizations
may also obtain Web page hosting from alternative service providers.

(b) Free web hosting service. is offered by different companies

with limited services, sometimes supported by advertisements, and often
limited when compared to paid hosting.

(c) Single page hosting. is generally sufficient for personal web

pages. Personal web site hosting is typically free, advertisement-
sponsored, or inexpensive. Business web site hosting often has a higher
expense depending upon the size and type of the site.

RESTRICTED
 RESTRICTED
78
(d) Shared web hosting service. one's website is placed on the same
server as many other sites, ranging from a few sites to hundreds of
websites. Typically, all domains may share a common pool of server
resources, such as RAM and the CPU.

(e) Dedicated hosting service the user gets his or her own Web
server and gains full control over it (user has root access for Linux
/administrator access for Windows); however, the user typically does not
own the server. One type of dedicated hosting is self-managed or
unmanaged. This is usually the least expensive for dedicated plans. The
user has full administrative access to the server, which means the client is
responsible for the security and maintenance of his own dedicated server.

(f) Cloud hosting. Cloud hosting is a new type of hosting platform that
allows customers powerful, scalable and reliable hosting based on
clustered load-balanced servers and utility billing. A cloud hosted website
may be more reliable than alternatives since other computers in the cloud
can compensate when a single piece of hardware goes down. Also, local
power disruptions or even natural disasters are less problematic for cloud
hosted sites, as cloud hosting is decentralized. Cloud hosting also allows
providers to charge users only for resources consumed by the user, rather
than a flat fee for the amount the user expects they will use, or a fixed cost
upfront hardware investment. Alternatively, the lack of centralization may
give users less control on where their data is located which could be a
problem for users with data security or privacy concerns.

137. Some specific types of hosting provided by web host service providers:

(a) File hosting service: hosts files, not web pages

(b) Image hosting service

(c) Video hosting service

(d) Blog hosting service

(e) Shopping cart software

(f) E-mail hosting service

RESTRICTED
 RESTRICTED
79
Backup of server

138. Backup of server is required to safe guard the important data from disaster
or failure of hardware and timely updation if any failure of server occurred. You
can use the Configure Server Backup Wizard to protect your operating system,
business information, and application data. You can save backups to one or
multiple external storage drives. You can also schedule backups to run
automatically or manually.

(a) You must be a network administrator to complete this procedure.

(b) Make sure that Windows Server Backup is installed on the server.

Configure a New Backup

139. Windows SBS 2008 installs Windows Server Backup by default. If

necessary, you can install Windows Server Backup from the Windows Server
Initial Configuration Tasks console or the Server Manager console.

(a) Attach one or more external storage drives to the server. These are
external storage drives that you can dedicate for storing backups.

(b) The Configure Server Backup Wizard formats the external storage
drives when it configures them for backup.

(c) Decide whether to back up all the data on the server or only certain
drives.

(d) Decide whether you want to run backups once-a-day or more often.

140. To Configure a Backup.

(a) Open the Windows SBS Console.

(b) On the navigation bar, click Backup and Server Storage.

(c) If you have not yet configured backup settings, In the task pane, click
Configure server backup. The Configure Server Backup Wizard appears.
See Fig 12.57

RESTRICTED
 RESTRICTED
80

Fig 12.57 : Window Server Backup

(d) If you have already configured backup settings and want to back up
the server immediately, in the task pane click Backup now.

(e) Complete the wizard by specifying. See Fig 12.58

Fig 12.58 : Backup Configration

(f) The external storage drive destinations that you want to back up to.

RESTRICTED
 RESTRICTED
81

(g) The drives that contain the data that you want to back up.

(h) The schedule for your backup.

141. Add or Remove Backup Destinations.

(a) You can back up your data to any of the following storage devices:

(i) External storage drives that support USB 2.0.

(ii) External storage drives that support IEEE 1394.

(iii) External storage drives that support eSATA.

(iv) Local hard disk drives that are installed on the server.

Fig 12.59 : Specify Destination Type

(b) To add or remove backup destinations:

(i) Open the Windows SBS console.

(ii) On the navigation bar, click backup and server storage.

(iii) In the task pane, click add or remove backup destinations. The
backup destinations dialog box appears, and it displays a list of
available storage drives.

RESTRICTED
 RESTRICTED
82
(c) To add or remove a storage drive for your backup, do one of the
following:

(i) To assign an external storage drive as a backup storage device,

click Add or remove drives, and then select the check box for the
storage drive that you want to add.

(ii) The Configure Server Backup Wizard formats the storage

drives when it configures them for backup.

(iii) To view all supported storage drives, select Show all valid
internal and external backup destinations.

(iv) To remove a storage drive as a destination storage device for

this backup, click Add or remove drives, and then clear the check box
for the storage drive that you want to remove. See Fig 12.60

Fig 12.60 : Select Backup destination

142. To Add or Remove Backup Items.

(a) Open the Windows SBS console.

(b) On the navigation bar, click backup and server storage.

(c) In the task pane, click Add or remove backup items. The backup items
dialog box appears, and it displays a list of drives that contain data.

RESTRICTED
 RESTRICTED
83
(d) To add or remove a data drive for the backup, do one of the following.

(e) To include a data drive in the server backup, select the adjacent
check box, and then click OK.

(f) To exclude a data drive from the server backup, clear the adjacent
check box, and then click OK.

(g) You cannot exclude from a backup any drives that contain operating
system files or critical applications.

(h) To include all data drives in the server backup, click Back up all.

143. Change the Backup Schedule. Configure Server Backup schedules

the backup to run daily at 5:00 P.M. and 11:00 P.M. by default. However, you
can change the time that your backup runs. You can also choose to run your
backup at multiple times during the day. To change the backup schedule:

(a) Open the windows SBS console.

(b) On the navigation bar, click backup and server storage.

(c) In the task pane, click change backup schedule. The backup schedule
dialog box appears. See Fig 12.61

Fig 12.61 : Specify Backup Time

(d) Select one of the following options:

RESTRICTED
 RESTRICTED
84

(i) Once a day. Sets Backup to run at 11:00 P.M. by default.

(ii) Twice a day. Sets Backup to run at 5:00 P.M. and 11:00 P.M.
by default.

(iii) Custom. Does not set a default time for Backup to run.

(e) If you want to change the time that Backup runs, in the list of times,
select the check box for each time of day that you want your backup to run.
Clear the check box for any time that you do not want backup to run.

(f) When you have finished specifying the backup schedule, click OK.

144. Pause the Backup Schedule. When you pause the backup schedule,
the next scheduled backup is disabled until you resume the backup schedule.
When backup is paused, the Windows SBS Console displays a status of
Paused in the next backup column.To pause and to resume schedule backup,
follow as:

(a) To Pause.

(i) Open the windows SBS console.

(ii) On the navigation bar, click backup and server storage.

(iii) In the task pane, click Pause backup schedule.

(iv) Click yes to confirm that you want to pause the scheduled
backup.

(b) To Resume.

(i) Open the windows SBS console.

(ii) On the navigation bar, click backup and server storage.

(iii) In the task pane, click resume backup schedule.

(iv) Click yes to confirm that you want to resume the scheduled
backup.

145. View Backup History. To view backup history, follow as:

RESTRICTED
 RESTRICTED
85
(a) Open the windows SBS console.

(b) On the navigation bar, click backup and server storage.

(c) The list view displays the servers and client computers that are
connected to your network.

(d) Right-click the server for which you want to view backup history, and
then click view backup history. The backup history dialog appears and
displays a list of previous backups. See Fig 12.62

Fig 12.62 : Select backup Option

(e) To view the details for a listed backup, click the backup to select it.

RESTRICTED
 RESTRICTED
86
Lesson Summary

 Window server can be designed to play many roles and each role is having
some important features to perform the specific task as per configuration of
server role.

 The Active Directory Domain Services role enables the server to be

configured as a domain controller.

 The DNS Server role allows the server to provide host name to IP address
resolution for Internet names, as well as hosting name resolution for local
domains.

 The DHCP Server role allows the server to provide IP addresses and other
settings to network clients.

 The Windows Server Backup feature installs a Microsoft Management

Console snap-in, comnand-line tools, and PowerShell cmdlets to support
backup and recovery of Windows servers

 The Hyper-V role supports hosting and managing virtual machines, including
both Windows and non-Windows guests

 An operating system or OS is a software program that enables the computer

hardware to communicate and operate with the computer software.
 Operating systems are classified in two categories:
(i) On the Basis of Task (ii) On the Basis of Users Can Logon

 DHCP (Dynamic Host Configuration Protocol) is a protocol used by DHCP

servers in wired/wireless IP networks to dynamically allocate a variety of
network configuration data, such as a user IP address, subnet mask, default
gateway IP address, DNS server IP address, lease time and so on, to client
devices (DHCP clients).

 Backup of server is required to safe guard the important data from disaster
or failure of hardware and timely updation if any failure of server occurred.

RESTRICTED
 RESTRICTED
87
MCQ

Q1. Operating System is the..................

(a) System Software (b) Application Software

(c) Driver Software (d) None of these

Q2. Which is not a type of OS……………………

(a) Windows 10 (b) LINUX

(c) Oracle OS (d) Mac OS

Q3. What ia the function of OS…………………………

(a) Resource Manager (b) Storage Management

(c) Extended Machine (d) All of the above

Q4. A network architecture in which each computer or process on the network is

either a client or a server is called……………

(a) Client-Server architecture (b) Server-Server architecture

(c) Application architecture (d) None of the above

Q5. The Hyper-V role supports……….

(a) hosting and managing virtual machines (b) to support backup

(c) to provide IP addresses (d) to host HTTP, HTTPS

Q6. The DHCP Server role allows the server…….

(a) hosting and managing virtual machines (b) to support backup

(c) to provide IP addresses (d) to host HTTP, HTTPS

Q7. The Windows Server Backup feature is to……….

(a) hosting and managing virtual machines (b) to support backup

(c) to provide IP addresses (d) to host HTTP, HTTPS

Q8. The DNS Server role allows the server…..

(a) hosting and managing virtual machines (b) to support backup

(c) to provide IP addresses (d) host name to IP address

Q9. The DNS Server role allows the server…..

RESTRICTED
 RESTRICTED
88

(a) hosting and managing virtual machines (b) to support backup

(c) to provide IP addresses (d) host name to IP address

Q10. On Microsoft Servers, a domain controller (DC) is a server computer that

responds to

(a) hosting and managing virtual machines (b) to support backup

(c) to provide IP addresses (d) to security authentication
requests
Q11. _____________ is a web server application.

(a) Active Directory (b) DNS

(c) IIS (d) DHCP

Q12. The ………. query finds the address of the system that has the resource or
service that the client requires.

(a) LDAP (b) DNS

(c) IIS (d) DHCP

Q13. DHCP stands for……..

(a) Dynamic Host Configuration Protocol

(b) Duel Host Configuration Protocol
(c) All of the above
(d) None of the above

Q14. …………….. Function primarily to provide a location to store shared files to

a given client within a network

(a) File servers (b) web server

(c) DHCP Server (d) Mail Server

Q15……………… means that there may be a specific computer server that

fulfills this function, typically for a larger network, and has specialized hardware
and software to handle the greater workload

(a) Dedicated file server (b) mail Server

(c) A non dedicated file server (d) DHCP Server

Q16. _____________ is a web server application.

(a) Active Directory (b) DNS

RESTRICTED
 RESTRICTED
89
(c) IIS (d) DHCP

Q17. IIS 7.5 includes the following additional or enhanced security feature(s):
__________________

(a) Client Certificate Mapping (b) IP Security

(c) Request Filtering (d) All of these

Q18. Remote Desktop service is also known as _________

(a) Terminal (b) Terminal Service

(c) Client Service (d) Media Service

Q19. …………… is a service that allows organizations and individuals to post a

website or web page onto the Internet.

(a) Web Hosting (b) HTML

(c) server OS (d) php

Q20. The most basic is web page and small-scale file hosting, where files can
be uploaded via………………… or a Web interface.

(a) FTP (b) HTTPS

(c) SMTP (d) POP

Q21. …………..is a new type of hosting platform that allows customers powerful,
scalable and reliable hosting based on clustered load-balanced servers and
utility billing.

(a) Shared web hosting (b) Image hosting

(c) Single Page hosting (d) Cloud hosting

Q22. Backup of server is required ……….

(a) To safe guard the important data (b) To allot IP address

(c) To maintain records of terminal (d) all of the above

Ans:- 1(a) 2(c) 3 (d) 4(a) 5(a), 6(c), 7(b), 8(d) 9(d), 10(d) 11(a), 12(a) 13(a)
14(a),15 (a), 16.(a) 17.(d) 18.(b) 19(a),20(a), 21(d) 22 (a),

RESTRICTED
 RESTRICTED
90

DTQ

Q1. What is the operating system?

Q2. Write down the types of OS?
Q3. How to classify the OS?
Q4. Define different types of server architucture?
Q5. What are the differences between architucture?
Q6. What are the System Requirements for Window Server 2012?
Q7. What is the difference between single tasking and multitasking OS?
Q8. What is server?
Q9. Write down the Role of Server?
Q10. Briefly explain any five rols of server?
Q11. What is DNS?
Q12. Define Domain controller?
Q13. What is Active Directory?
Q14. Define Trust?
Q15. What is Domain joining?
Q16. Write a short note on any five Trust?
Q17. Write down the components of AD?
Q18. Define DHCP?
Q19. How to allocate and release IP address?
Q20. What is file server?
Q21. Define the features of file server?
Q22. What is dedicated and non-dedicated file server?
Q23. Define web server?
Q24. Explain IIS and its features?
Q25. Write down the steps for Web Server Maintenance?
Q26. How to Host webite?
Q27. What is Backup?
Q28. How to create a new Backup?

RESTRICTED
 RESTRICTED
91
COMTECH/COMP/OS-III/13

CHAPTER-13
DIFFERENT CLASS MACHINE IN IAF

Objective.

 AT the end of this trainees will be able To revise the subject-

 Different Servers used in IAF

 Hardware difference between servers and PC

13.1

Different servers used in IAF

1. Different Servers provide platform for carrying out strategic, activities in

IAF are as follows:

(a) Web Server.

(b) File Server.

(c) Application Server.

(d) Database Server.

(e) Domain Name Server (DNS) Server.

(f) Global Catalog Server.

(g) Directory Services Server.

(h) DHCP Server.

(j) E-Mail Servers.

(k) Windows .Net Application Host.

(l) Cluster Server.

RESTRICTED
 RESTRICTED
92

(m) Terminal Server.

(n) Remote Access Server.

(p) Print Server.

(q) Fax Server.

2. Web Server. A robust computational device that can manage

many websites is a web server. Installing numerous kinds of web server
applications on this computer, such as Apache or Microsoft IIS, offers links
to the various web pages hosted on the online, and such servers are
connected to the Internet by higher-speed connections that offer ultra-
speed data transfer speeds. This machine stores and retrieves Internet
(and intranet) data for the enterprise. Some documents, data, etc., reside
on web servers. Web application provides access to documents and other
data. “Thin” clients typically use a web browser to request those
documents. Such servers shares documents across intranets, or across
the Internet (or extranets). The most commonly used protocol is HTTP
(Hyper Text Transfer Protocol). Web application servers are now
augmenting simple web servers. The examples of web application servers
are Microsoft’s Internet Information Server (IIS), Netscape’s iPlanet IBM’s
WebSphere, BEA’s WebLogic and Oracle Application Server.

3. File Server. File servers are exclusively allocated structures that

facilitate all data to be accessed by clients. It serves as a consolidated
place for storing data, and many terminal systems may manage it. All the
files reside on the server machine. File Server provides clients access to
records within files from the server machine. File Servers are useful for
sharing files across a network among the different client process
requesting the services. The server process is somewhat primitive
because of tends to demand many message exchanges over the network
to find the requested data.

The examples of File servers are:

(a) UNIX: Network File Services (NFS) created by Sun Micro

systems.

(b) Microsoft Windows “Map Drive” e.g., “P-drive”.

RESTRICTED
 RESTRICTED
93
(c) Samba: An open Source/Free Software suite that provides
seamless file and print services to SMB/CIFS clients (i.e., Microsoft
Windows clients).

4. Application Server. With the release of the Windows Server 2008

operating system, ongoing updates to the applications that run on the
Windows Server 2008 system will be released regularly. Some of the
applications that come with Windows Server 2008 include Windows
Terminal Services for thin client computing access and utility server
services such as DNS and DHCP. Add-ons to Windows Server 2008
include Windows Server 2008 editions of Microsoft Exchange Server, SQL
Server, BizTalk Server and ISA Server.This machine manages access to
centralized application software; for example, a shared database. When
the user requests information from the database, the application server
processes the request and returns the result of the process to the user.

5. Database Server Data resides on server, in the form of a SQL

database. Database server provides access to data to clients, in response
to SQL requests. It shares the data residing in a database across a
network. Database Server has more efficient protocol than File Server. The
Database Server receives SQL requests and processes them and
returning only the requested data; therefore the client doesn’t have to deal
with irrelevant data. However, the client does have to implement SQL
application code. The example of database server is: Oracle9i database
server.

6. Domain Name Server (DNS) Server. The domain name service

(DNS) is a list of network servers and systems, so a DNS server provides
information about the devices connected to the network. The DNS is an
essential term of the Internet. Most internet users are getting benefit from
this application daily but not each user is familiar with this terminology.
DNS is a kind of digital directory that holds the names of and matches
those names with numbers. Here we consider the internet protocol (IP) as
numbers. IP’s are used as addresses for communication of devices
connected with the Internet. Devices connected to the Internet that include
a smartphone, laptops, personal computers, and tablets have a unique IP
address. Therefore, it is the decentralized system used for matching the
website names (URL) and numerical address (IP) on the web of a specific
website for which the client is requesting.

7. Global Catalog Server. The global catalog server stores a copy of

the user list of the Active Directory network. When an internal or external
user with appropriate security rights wants to look at a list of Active
Directory users, the global catalog server provides the list

RESTRICTED
 RESTRICTED
94

8. Directory Services Server It is found on large-scale systems

with data that is distributed throughout multiple servers. This machine
functions as an organization manager, keeping track of what is stored
where, enabling fast and reliable access to data in various locations.

9. DHCP Server. The Dynamic Host Configuration Protocol (DHCP)

assigns network address to devices on the network. Windows Server 2008
provides the service function to facilitate DHCP addresses to network
devices.

10. E-Mail Servers: e-mail servers are a valuable asset for

companies, agencies and individuals as well. That enables the transferring
of messages among various stakeholders. Specific applications perform
functions on the mailing servers that permit the administrators to establish
and control email accounts for the specific domain that the server hosts.
Various protocols include SMTP, IMAP, POP3 for email communication.
Service Mail Transfer Protocol (SMTP) is a general approach used for firing
the messages as well as to controlling the outgoing emails. However, the
Internet Message Access Protocol (IMAP) and Post Office Protocol V3
(POP3) is used for reception and controlling the incoming emails. This
machine manages the flow of electronic mail, messaging, and
communication with mainframe systems on large-scale networks.

11. Windows .Net Application Host. New to Windows Server 2008

is the capability for the server to act as a host system for the execution of
Windows `.Net` Framework applications. With built-in internet Information
Server Version 6 Windows .Net applications can be coped straight to the
Windows Server 2008 for execution.

12. Cluster Server. When fault tolerance is important to an

organization, clustering provides fall over from one system to another.
Windows Server provides the ability to link system together so that when
one system falls, another system takes over.

13. Terminal Server. Instead of having a full desktop or laptop

computer for each user on the network, organization have the option of
setting up simple low-cost terminals for users to gain access to network
resources. Windows Server Terminal Services allows a single server to
host network system access for dozens of users.

14. Remote Access Server. When a remote user has a desktop or

laptop system and needs access to network services. Windows Server

RESTRICTED
 RESTRICTED
95
2008 provides remote access Services that allow the remote systems to
establish a secure remote connection.

15. Print Server. As a file and print server, the Server system can
provide network users with centralized access to data files or can act as a
print queue server to holt multiple printers. Several improvements have
been made in Windows Server for file security, file server fault tolerance
and the configuration of redundant print This machine manages user
access to the shared output devices, such as printers. These are the
earliest type of servers. Print services can run on a file server or on one or
more separate print server machines.

16. Fax Server provides the facility to send and receive the Faxes
through a single network connection. The Fax server can be a workstation
with an installed FAX board and special software or a specialized device
dedicated and designed for Fax Services. This machine manages flow of
fax information to and from the network. It is similar to the mail server.

13.2

Hardware difference between servers and PC

17. Server and Desktop are not just categories of processors but make up
separate platforms of which the processor is a part of.

There are four major platforms:

(a) Mainstream / Consumer, sometimes defined as Desktop

(b) Workstation or HEDT (High-End Desktop)

(c) Professional Workstation

(d) Server

18. There’s no official definition of what each of these platforms consist of, but
generally, they’ll be split into broad tiers of form-factors, hardware performance,
expandability & specialization, and intended use-case.

RESTRICTED
 RESTRICTED
96

Mainstream / Consumer, sometimes defined as Desktop

19. The mainstream or consumer platforms are what you would use in a computer
built for light workloads like graphic design, word-processing, browsing, and general
everyday work. Desktop platforms are also evolving to perform better in multi-
threaded workloads, making them a cheaper alternative to workstation platforms.
One good example is CPU rendering, where this platform is starting to gain
popularity ever-increasing CPU core counts.

Workstation / HEDT

20. Workstation platforms are suited towards more demanding workloads which
require strong multi-threaded performance and better connectivity. By providing
many processing cores and access to more e.g. PCIe-Lanes, applications that are
well-parallelized run great on this platform.Workstation platforms fit into desktop
form-factors, making them ideal for use on a desk at work or home, where you are
actively working on the system.

Professional Workstation

21. The Professional workstation platform offers many features you would find in a
high-end server platform – the key difference being that it fits into a desktop form-
factor. This platform is ideal for applications like rendering, simulations, or workloads
that need access to even more PCIe-Lanes, ECC Memory, larger Memory
Capacities, or CPU Security features than the Workstation / HEDT Platform can
provide.

Server

22. The server platform is primarily made for reliability, flexibility, and scalability.
They are deployed mainly as rack-mounted units in data centers, allowing a large
amount of computing power to be packed into a small amount of space. Server
platforms are configured for multiple uses ranging from high-capacity storage to
performance-intensive applications with many processing cores and memory. They
are also rated to run 24/7 for long periods without suffering from instability or system
crashes and are not meant to be worked on directly.

RESTRICTED
 RESTRICTED
97

Fig 13.1 : Server

Key Differences between platforms

23. CPUs are unavoidably tied to their platform. You can’t slap a desktop CPU into
a server platform and you can’t install a server CPU into a desktop platform.The
differences between Server and Desktop CPUs lie in their platform

Form Factor

24. One visually apparent difference between the desktop and server platforms is
their form factor. Both the server and desktop platforms have standards for
measuring the space the system occupies.For desktop platforms, the typical form
factors are XL-ATX, E-ATX, ATX, M-ATX, and M-ITX in order of their size. ATX is
the most popular option for desktop PC systems, with M-ATX and M-ITX following
suit.

Fig 13.2 :Motherboard Form Factors and Sizes Compared

RESTRICTED
 RESTRICTED
98
25. The E-ATX form factor is often found in workstation and enthusiast systems.
The larger size lets them pack additional features, such as more PCIe and RAM
Slots, while still being within the constraints of a desktop case.

26. Desktop cases also come in different form factors. They are categorized into
Full Tower, Mid Tower, Mini Tower, and Small Form Factor (SFF). Compatibility with
hardware for a particular case depends on its size, with full tower cases supporting
most from factors while SFF cases only supporting M-ITX.

Fig 13.3 : PC Case Size Comparison Graphic

27. Most servers come in either the tower or rack mount configurations. The tower
configuration is similar to the desktop platform and is a good choice if you are
working with a small number of servers.

Fig 13.4 : Tower Server

RESTRICTED
 RESTRICTED
99

28. Rack mount servers are made to use with standard 19” server racks, allowing
you to stack servers vertically and save space. Apart from servers, rack mount
storage arrays and network switches to add additional functionality to setup.

Fig 13.5 : Rack Server

29. The size of rack mount components is determined in units of height ranging
from 1U up to 6U for general servers. Most server racks are 42U in height which
allows you to fit quite a lot of hardware in a small amount of space.

30. Although there are some Server Motherboards that abide by the general
Desktop PC Form-Factors, many are custom made to fit more efficiently into the
Server Case.

Memory

Fig 13.6 : ECC

31. Server platforms support ECC or Error Correction Code memory across their
entire suite of processors. ECC support on desktop platforms is limited to a
professional workstation, workstation, and a select number of consumer platforms.

RESTRICTED
 RESTRICTED
100
32. On consumer platforms like AMD’s Ryzen on B550 and X570 motherboards,
ECC support does exist but is not validated for server or workstation use, and
compatibility varies by motherboard manufacturers.

33. ECC ram corrects memory corruption due to random bit flips, preventing
system crashes and data corruption. This is important system failures cannot afford
when using the computer 24/7 for an extended period.

34. Servers and professional workstation processors also support capacities of

RAM that range in terabytes. For reference, a typical consumer platform will support
no more than 128GB of memory.

35. The number of RAM channels available also varies between platforms. Server
and Pro workstations have eight channels, while workstation platforms have four
and consumer two. More memory channels improve the net bandwidth between
RAM and the processor.

Memory Max
Platform ECC Support
Channels Memory
Desktop Consumer/ No, some platforms have non- 2 128 GB
Mainstream certified support
Workstation Yes 4 512 GB
Professional Yes 8 2 TB
Workstation
Server Server Yes 8 2TB+

Fig 13.7 : Merory chart

Multi-processor Support

36. A feature unique to the server platform is the support for multiple processors.
Multiple processors in a single system not only increases your core count but also
gives you access to more memory and PCIe lanes in a single system.

37. With a single system having multiple processors, you save a lot of space and
cost that separate systems would have occupied. This is great for e.g. render farms
that require many processing cores in a limited space.

RESTRICTED
 RESTRICTED
101
Expansion & Connectivity

38. Server and pro workstation platforms offer a large number of PCIe lanes.
These PCIe lanes are necessary for adding expansion cards like GPUs, NVMe
SSDs, SATA SSDs, HDDs, or network cards.

Platform Max PCIe Lanes

Desktop Consumer/ Mainstream 20
Workstation 56
Professional Workstation 128
Server Server 128+
Fig 13.8 : PCI e chart

39. Server platforms are highly versatile in their allocation of PCIe lanes Need a
large amount of GPUs in a single system with support for more GPUs than most
desktop systems.

Fig 13.9 : Server with GPUs

40. This just goes to show how versatile and easily configurable a server platform
is. Servers are easily configurable with many GPUs, NVMe drives, or hard disks, all
while keeping it compact.

41. Of course, servers aren’t optimized for quiet operation, so server tucked away
in a data center or separate room.

42. Professional workstations are also configurable, thanks to their abundance of

x16 PCIe slots. However, they are not as versatile, mainly due to the space

RESTRICTED
 RESTRICTED
102
constraints of the desktop form factor, which may force to use risers with expansion
cards like GPUs to make the best use of the platform.

Fig 13.10 : Mother board for Professsional workstation

43. Consumer systems have a lower number of PCIe lanes, which will limit
expansion to one or two GPUs and a couple of NVMe drives. Some specialized
systems support several GPUs via a single 1x riser link for applications like mining,
though it will severely impact performance in non-mining workloads.

CPUs compatibility with platforms

44. Processors are bound to a specific platform and will be compatible with only
said platform. Take AMD’s consumer/workstation Ryzen and Epyc series, for
example. There exists no Ryzen processor for servers nor any Epyc CPUs for
desktops.

45. The CPU from each series is made for their own platform. Even processors
identical on paper (e.g. same core counts and clocks) will differ significantly when
taking into consideration the platform they work with.

RESTRICTED
 RESTRICTED
103
Type of CPUs bounded to platform

46. Here’s a quick overview of what type of CPUs are bound to which platform
and their typical core counts:

Core
Platform Manufacturer Series
Range
Desktop Consumer/ AMD Athlon 2-4
Mainstream
Ryzen 4-16
Intel Pentium / Celeron 2-4
Core 2-10
Workstation AMD Threadripper 8-64
Intel Core X 10-18
Professional AMD Threadripper Pro 12-64
Workstation
Server Server AMD Epyc 8-64
Intel Xeon 4-56

Fig 13.11 : CPU Chart

Key differences between Desktop CPUs and Server CPUs

47. As discussed above, processors within their platforms offer several features
that help differentiate the two platforms. Now focus on the actual differences
between the processors.

RESTRICTED
 RESTRICTED
104

Fig 13.12 : HEDT Processors Chart

48. Lower clock speeds also reduce the power draw, which may not seem to have
any benefit for a single CPU. However, plan to run hundreds or even thousands of
processors, it will have profound implications, even for a few watts per processor.

49. Server processors also need to run 24/7 on high load, which significantly
degrades their lifetime if run at high temperatures. That is why even low core-count
server processors run at lower clock speeds than comparable desktop chips.

Core Count

50. While desktop platforms match servers in the maximum number of cores in a
single processor, server processors have the unique advantage of being able to use
multi-processor configurations.

51. Intel’s Xeon Scalable is an excellent example of how easily pack a single
severs with many processing cores. Intel offers these processors in nodes that
easily fit into a 2U chassis offering up to 224 cores in a single server.

Core Clocks

52. Desktop / consumer processors feature higher clock speeds making them an
excellent option for active and single-threaded workloads that cannot be parallelized
easily, like graphic design and large parts of video editing or gaming.

53. Intel and AMD also allow manual overclocking on many of their desktop chips,
which provides additional performance at the cost of an increased power draw and
stability. The thermal output of a processor core scales exponentially with its clock
speed.

RESTRICTED
 RESTRICTED
105
Pricing Difference

Fig 13.13 : CPU Chart

54. Desktop processor pricing is straightforward, with the pricing generally being
proportional to the processor’s clock speed and core count.

55. Desktop platforms, having a single processor in a well-ventilated system with

options for large air and liquid cooling solutions, allow manufacturers to set higher
core clocks without worrying about overheating.

56. Server platforms run in constrained environments where the only cooling
method is high flow rate air over a small heatsink. Add to that multiple, high core
count processors, and lower clock speeds to maintain temperatures for a stable,
long-duration operation.

57. Server CPUs usually consist of highly binned components, meaning they run
more stable and draw less power, making them more expensive even when
compared to desktop CPUs that seem to have the same specs on paper.

58. The CPU has to have on-chip logic to access all the platform features as well,
so it should come as no surprise that server CPUs that have access to e.g. more
memory channels or more PCIe-Lanes have increased pricing – all other factors the
same.

RESTRICTED
 RESTRICTED
106
The right CPU for you: Server or Desktop processors

59. When choosing between a server and a desktop processor, it’s not just the
processor that matters but the platform.

60. Once with a particular platform, switching to another will be expensive due to
the lack of compatibility across platforms.

61. Choose the desktop platform if plan to work on your PC or workstation from a
desk actively. Although servers come in the tower configuration, they are not meant
to be run as a standalone unit and will offer much less performance (low clock-
speeds, etc.).

62. Go with the server platform if plan on leaving it unattended. Servers are easily
mountable on equipment racks and allow you to expand with additional servers,
storage arrays, or network switches without taking much space.

63. Remember that rack-mounted servers are very loud, so they are not suitable
for a home or work environment.

64. For applications like render farms that need a large amount of computing
power, use the desktop platform as render-nodes. For large-scale operations, the
space and energy savings of the server platform make rack-mounted servers the
better option.

List of Recommended Processors:

Platform Use case Processor

Server Server CPU Render Farm AMD Epyc 7713P / 7713
GPU Render Farm AMD Epyc 7302 / Intel Xeon
Silver 4214
Storage/NAS Intel Xeon Silver 4110 / AMD
Epyc 7281
Desktop Consumer Graphic Design, Gaming AMD Ryzen 5 5600X
/Mainstream
Video Editing, High-end Intel i9 10900K / AMD Ryzen
Gaming, Modeling and 5950X / AMD Ryzen 5900X
Animation
CPU/GPU Rendering Intel i9 11900K / AMD Ryzen
5950X
Workstation Video Editing AMD Threadripper 3960X
CPU Rendering AMD Threadripper 3990X

RESTRICTED
 RESTRICTED
107
Platform Use case Processor
GPU Rendering AMD Threadripper 3960X
Professional CPU Rendering AMD Threadripper 3995WX
Workstation
GPU Rendering AMD Threadripper 3955WX

Fig 13.14 : CPU Chart

Desktop Motherboards vs Server Motherboards – Important Things to

Know

65. A desktop motherboard is designed to host essential hardware for a single-

user computer. It has one socket for the processor or CPU, including a slot for
the chipset. There are up to four memory sockets, for as many RAMs, and two
to four SATA connectors. Most desktop motherboards have one Ethernet or
LAN port for the internet, one slot for a graphics processor, support for one
optical drive, and standard input/output connectors.

66. On the other hand, a server is designed for numerous real-time users.
These users are known as clients, and the server is the host.A server
motherboard can host two processors or more, including as many chipsets.

67. Most server motherboards have a minimum of eight memory sockets, ten
or more SATA connectors, two LAN ports, and Wi-Fi in many models, support
for multiple graphics processors, and six or more expansion slots.

RESTRICTED
 RESTRICTED
108
POINTS TO REMEMBER

 Different Servers provide platform for carrying out strategic, activities

in IAF are as follows:

(a) Web Server.

(b) File Server.

(c) Application Server.

(d) Database Server.

(e) Domain Name Server (DNS) Server.

(f) Global Catalog Server.

(g) Directory Services Server.

(h) DHCP Server.

(j) E-Mail Servers.

(k) Windows .Net Application Host.

 Server and Desktop are not just categories of processors but make up
separate platforms of which the processor is a part of.

 There are four major platforms:

(a) Mainstream / Consumer, sometimes defined as Desktop

(b) Workstation or HEDT (High-End Desktop)

(c) Professional Workstation

(d) Server

RESTRICTED
 RESTRICTED
109

Self Test

MCQ

Q1. HEDT means

(a) Desktop (b) high end desktop
(c) Single server (d) multiple server

Q2. IIS
(a)Internet image service (b) image internet service
(c) Internet information service (d) none of the above

MCQ Ans: 1(b), 2(c)

DTQ

Q1. What is webserver and file server?

Q2. What are the hardware difference between server and PC?

Q3. What is DNS and catalog server ?

Q4. What are the different servers used in IAF?

RESTRICTED
 RESTRICTED
110

COMTECH/COMP/OS-III/14

CHAPTER-14
VIRTUALISATION

Objective.

 AT the end of this trainees will be able To revise the subject-

 Introduction to Virtualisation,physical and virtual machine,

Traditional and virtual computing, understanding virtualization,
Need and applications of virtualization, Limitation, tools and
technologies in virtualized environments

 Type of virtualization: desktop application,server, hardware,

storage memory and I/O virtualization

 Server virtualization: hypervisor, Types of hypervisors,

Hypervisor architecture, installation of hypervisor, Virtual
machines

 Network and memory virualisation: virtual LAN, virtual memory

 Creation of virtual machine using oracle virtual box or VMware

workstation

 VM management: VM configurations, VM migration, migration

types and process

14.1

Introduction

1. Virtualization is a technology that helps us to install different Operating

Systems on single hardware. Virtualization in operating system changes a
normal operating system so that it can run different types of applications that
may be handled on a single computer system by many users. The operating

RESTRICTED
 RESTRICTED
111
system may appear different to each user and each of them may believe they
are interacting with the only operating system i.e. this does not interfere with
user experience.

2. Operating system virtualization can also be used to migrate a process from

one instance of the operating system to another. However, all the processes in
the system are isolated and there operations are strictly monitored so there are
no discrepancies in the system.

3. A diagram representing operating system virtualization is as follows –

Fig 14.1 : Virtualozation Diagram

RESTRICTED
 RESTRICTED
112
PHYSICAL AND VIRTUAL MACHINE

Fig 14.2 : Virtualozation Architecture

4. The architecture of a physical server is quite plain. Each server has its own
hardware: Memory, network, processing and storage resources. On this
hardware, the server operating system is loaded. From the OS you can then run
the applications

5. With a virtual infrastructure, you have the same physical server with all the
resources, but instead of the server operating system, there’s a hypervisor such
as v Sphere or Hyper-V loaded on it. The hypervisor is where you actually
create your virtual machines. As you can see on the diagram, each VM has its
own virtual devices – virtual CPU, virtual memory, virtual network interface cards
and its own virtual disk. On top of this virtual hardware you load a guest
operating system and then your traditional server applications.

6. The benefits of virtualization are obvious: Instead of having just one

application per server, you can now run several guest Operating Systems and a
handful of applications with the same physical hardware.

Traditional Computing

7. Traditional Computing is using physical data centers for storing digital

assets and running complete networking system for daily operations. In this,
access to data, or software, or storage by users is limited to device or official
network they are connected with. In this computing, user can have access to
data only on system in which data is stored.

RESTRICTED
 RESTRICTED
113
Virtual Computing

8. Virtual computing is collective combination of configurable system

resources and advanced service that can be delivered quickly using internet. It
simply provides lower power expenses, no capital costs, no redundancy, lower
employee costs, increased collaboration, etc. It makes us more efficient, more
secure, and provides greater flexibility.

Understanding virtualization:

9. There was a wild explosion of data centers overfilled with servers; but as
time passed, in a combination of the effect of Moore’s Law and the “one server,
one application” model, those servers did less and less work. Fortunately, help
was on the way in the form of virtualiza-tion. The idea and execution of
virtualization was not new. It ran on IBM main-frames back in the 1960s but was
updated for modern computer systems.

10. The first com-mercially available solution to provide virtualization for x86
computers camefrom VMware in 2001. A parallel open-source offering called
Xen arrived two years later. These solutions (VMMs, or hypervisors) took the
form of a layer of software that livedeither between an operating system and the
virtual machines (VMs) or wasinstalled directly onto the hardware, or “bare-
metal,” just like a traditional oper-ating system such as Windows or Linux. In the
next chapter, we’ll go into muchmore depth about hypervisors.

11. What virtualization brought to those overfull data centers and underutilized
servers was the ability to condense multiple physical servers into fewer servers
that would run many virtual machines, allowing those physical servers to run at
a much higher rate of utilization. This condensing of servers is called consolida-
tion. A measure of consolidation is called the consol-idation ratio and is
calculated by counting the number of VMs on a server.

RESTRICTED
 RESTRICTED
114
Fig: 14.3 : Virtualozation

12. In larger data centers, where hundreds or even thousands of servers were
housed, virtualization provided a way to decommission a large portion of serv-
ers. This reduced the overall footprint of a data center, reduced the power and
cooling requirements, and removed the necessity to add to or construct addi-
tional data centers. By extension, with fewer servers, it reduced a company’s
hardware maintenance costs and reduced the time system administrators took
to perform many other routine tasks.

Need and application virtualization

13. Server virtualization enables different OS to share the same network &
make it easy to move OS between different networks without affecting the
applications running on them. This allows portability of application. Virtualization
allows many instance of application to be created thus allowing them to scale up
& down as per requirement. Virtualization enables load balancing thus allowing
companies to handle peak loads. Storage virtualization enables efficient
utilization of existing resources. Allows services to be provided over internet.

14. These are Applicationof virtualization:

(a) Using Virtualization for Efficient Hardware Utilization

(b) Using Virtualization to Increase Availability

(c) Disaster Recovery

(d) Save Energy

(e) Deploying Servers too fast

(f) Save Space in your Server Room or Datacenter

(g) Testing and setting up Lab Environment

(h) Possibility to Divide Services

Limitations of virtualization

15. There are a few limitations with the hardware or VM virtualization, which
leads to containerization.

(a) Machine turn up time

RESTRICTED
 RESTRICTED
115

(b) Software Licensing

(c) Operational extra costs

(d) Learn the new Infrastructure

16. Tools of Virtualization

Tools Host OS Guest OS Feature

SolarWinds Windows -- VM Sprawl Control,
Virtualization Predictive
Manager recommendations, manage
across on-premise, hybrid,
& cloud, etc.
Parallels For Windows & Mac No reboot required.
Desktop Mac Users. Windows
V2 Cloud Windows Windows Browser accessibility, Web
client available on Windows
& Mac, Fast performance,
Technical support included.
VM Ware For Mac Users Windows No reboot required.
Fusion Linux Can work with Cloud.
NetWare
Solaris
Oracle Mac Windows Many OS. Run on any application.
Virtualization Linux Solaris Window Resizing.
VM Ware For Windows and More than Can work with Cloud.
Workstation Linux users 200 OS.
QEMU Any Any Can be used on any
platform.
Virtual PC Windows7 Windows Print option available from
XP guest OS also.
Windows
Vista
Microsoft Windows 64-bit Windows Can work with Azure.
Hyper-V Professional Linux
Enterprise
Education 8 and
above. Not for
Home versions.
Redhat Linux Linux Open source.
Virtualization Windows Fast performance.

RESTRICTED
 RESTRICTED
116
Veertu-for Mac Mac OS & VM runs as an application
MAC IOS of Mac.
Apple-Boot Mac Windows No need to download or
Camp instal.

Technologies of Virtualization

17. A virtual computer system is known as a “virtual machine” (VM): a tightly

isolated software container with an operating system and application inside.
Each self-contained VM is completely independent. Putting multiple VMs on a
single computer enables several operating systems and applications to run on
just one physical server, or “host.” A thin layer of software called a “hypervisor”
decouples the virtual machines from the host and dynamically allocates
computing resources to each virtual machine as needed.

14.2

Types of Virtualization

18. Desktop virtualization

This is also called as Client virtualization; this time is on the user’s site where
you virtualize their desktops. We change their desktops with thin clients and by
utilizing the datacenter resources.

Fig No.14.4 : Desktop Virtualization

19. Application virtualization

The virtualization technology isolates applications from the underlying operating

system and from other applications, in order to increase compatibility and
manageability. For example – Docker can be used for that purpose.

RESTRICTED
 RESTRICTED
117

Fig No.14.5 :.Application virtualization

20. Sever virtualization: Server virtualization is a virtualization technique that

involves partitioning a physical server into a number of small, virtual servers with
the help of virtualization software. In server virtualization, each virtual server
runs multiple operating system instances at the same time.

Hardware virtualization

21. Hardware virtualization is accomplished by abstracting the physical

hardware layer by use of a hypervisor or VMM (Virtual Machine Monitor). When
the virtual machine software or virtual machine manager (VMM) or hypervisor
software is directly installed on the hardware system is known as hardware
virtualization

(a) Virtual Hardware Overview: A virtual machine is a software

computer that, like a physical computer, runs an operating system and
applications. The virtual machine consists of a set of specification and
configuration files and is backed by the physical resources of a host. Every
virtual machine has virtual devices that provide the same functionality as
physical hardware, while being more portable, more secure, and easier to
manage.
Virtual machines have a guest operating system on which you can
install and run any software supported by that operating system. A guest
operating system is an operating system that runs inside a virtual machine.
You can install a guest operating system in a virtual machine and control
guest operating system customization for virtual machines created from
templates.

(b) Virtualization of CPU: A VM is a duplicate of an existing

computer system in which a majority of the VM instructions are executed

RESTRICTED
 RESTRICTED
118
on the host processor in native mode. Thus, unprivileged instructions of
VMs run directly on the host machine for higher efficiency. The critical
instructions are divided into three categories. sensitive instructions
Behavior sensitive instructions Privileged instructions execute in a
privileged mode and will be trapped if executes outside this mode. Control
sensitive instructions attempt to change the configuration of resources
used. Behavior sensitive instructions have different behaviors depending
on the configuration of resources, including the load and store operations
over the virtual memory. CPU’s user mode while the VMM run in
supervisor mode. When the privileged instructions including control and
behavior sensitive instructions of a VM are executed they are trapped in
the VMM. RISC CPU architectures can be naturally virtualized because all
control and behavior sensitive instructions are privileged instruction.

(c) Hardware Assisted CPU virtualization: There are two modes to

run under virtualization: root operation and non-root operation. Usually only
the virtualization controlling software, called Virtual Machine Monitor
(VMM), runs under root operation, while operating systems running on top
of the virtual machines run under non-root operation. Software running on
top of virtual machines is also called ‛guest software‚. To enter
virtualization mode, the software should execute the VMXON instruction
and then call the VMM software. Then VMM software can enter each
virtual machine using the VMLAUNCH instruction, and exit it by using the
VMRESUME. If VMM wants to shut down and exit virtualization mode, it
executes the VMXOFF instruction.

Fig No.14.6 : Hardware Assisted CPU virtualization

22. Storage virtualization: This is widely used in datacenters where you

have a big storage and it helps you to create, delete, allocated storage to
different hardware. This allocation is done through network connection. The
leader on storage is SAN. A schematic illustration is given below:

RESTRICTED
 RESTRICTED
119

Fig No.14.7 : Storage virtualization

23. Memory Virtualization: Virtual memory virtualization is similar to the

virtual memory support provided by modern operating systems. In a traditional
execution environment the OS maintains mappings of virtual memory to
machine memory using page tables, which is one stage mapping from virtual
memory to machine memory. All modern x86 CPUs include a Memory
management Unit and a translation Look-aside Buffer to optimize virtual
memory performance. In virtual execution environment virtual memory
virtualization involves sharing the physical system memory in RAM and
dynamically allocating it to the physical memory of the VMs. Guest OS sees flat
‚physical‛ address space. Page tables within guest OS: Translate from virtual to
physical addresses. Second-level mapping: • Physical addresses to machine
addresses. VMM can swap a VM’s pages to disk. Traditional way is to have the
VMM maintain a shadow of the VM’s page table. The shadow page table
controls which pages of machine memory are assigned to a given VM. When
OS updates its page table, VMM updates the shadow

RESTRICTED
 RESTRICTED
120

Fig No.14.8 : Memory Virtualization

24. I/O Virtualization Input/output (I/O) virtualization is a methodology to

simplify management, lower costs and improve performance of servers in
enterprise environments. I/O virtualization environments are created by
abstracting the upper layer protocols from the physical connections. The
technology enables one physical adapter card to appear as multiple virtual
network interface cards (vNICs) and virtual host bus adapters (vHBAs). Virtual
NICs and HBAs function as conventional NICs and HBAs, and are designed to
be compatible with existing operating systems, hypervisors, and applications. To
networking resources (LANs and SANs), they appear as normal cards. In the
physical view, virtual I/O replaces a server’s multiple I/O cables with a single
cable that provides a shared transport for all network and storage connections.
That cable (or commonly two cables for redundancy) connects to an external
device, which then provides connections to the data center networks. Server I/O
is a critical component to successful and effective server deployments,
particularly with virtualized servers. To accommodate multiple applications,
virtualized servers demand more network bandwidth and connections to more
networks and storage. According to a survey, 75% of virtualized servers require
7 or more I/O connections per device, and are likely to require more frequent I/O
reconfigurations.In virtualized data centers, I/O performance problems are
caused by running numerous virtual machines (VMs) on one server. In early
server virtualization implementations, the number of virtual machines per server
was typically limited to six or less. But it was found that it could safely run seven
or more applications per server, often using 80 percentage of total server
capacity, an improvement over the average 5 to 15 percentage utilized with non-
virtualized servers.

RESTRICTED
 RESTRICTED
121

14.3

25. Hypervisor A hypervisor is a thin software layer that intercepts

operating system calls to the hardware.It is also called as the Virtual Machine
Monitor (VMM). It creates a virtual platform on the host computer, on top of
which multiple guest operating systems are executed and monitored.

Hypervisors are two types:

(a) Native of Bare Metal Hypervisor

(b) Hosted Hypervisor

26. Native or Bare Metal Hypervisor. Native hypervisors are software

systems that run directly on the host's hardware to control the hardware and to
monitor the Guest Operating Systems. The guest operating system runs on a
separate level above the hypervisor. All of them have a Virtual Machine
Manager. Examples: Oracle VM, Microsoft Hyper-V,VMWare ESX and Xen.

Fig No.14.9 :Hypervisor type-I

27. Hosted Hypervisor: Hosted hypervisors are designed to run within a

traditional operating system. In other words, a hosted hypervisor adds a distinct
software layer on top of the host operating system. While, the guest operating
system becomes a third software level above the hardware. Example: Oracle

RESTRICTED
 RESTRICTED
122
VM VirtualBox. Others include VMWare Server and Workstation, Microsoft
Virtual PC, KVM, QEMU and Parallels.

Fig No.14.10 : Hypervisor type-II

28. Hyper-V Architecture Hyper-V is a hypervisor-based virtualization

technology for certain x64 versions of Windows. The hypervisor is core to
virtualization. It is the processor-specific virtualization platform that allows
multiple isolated operating systems to share a single hardware platform .

29. Hyper-V supports isolation in terms of a partition. A partition is a logical

unit of isolation, supported by the hypervisor, in which operating systems
execute. The Microsoft hypervisor must have at least one parent, or root,
partition, running Windows. The virtualization management stack runs in the
parent partition and has direct access to hardware devices. The root partition
then creates the child partitions which host the guest operating systems. A root
partition creates child partitions using the hypercall application programming
interface (API).

30. Partitions do not have access to the physical processor, nor do they
handle the processor interrupts. Instead, they have a virtual view of the
processor and run in a virtual memory address region that is private to each
guest partition. The hypervisor handles the interrupts to the processor, and
redirects them to the respective partition. Hyper-V can also hardware accelerate
the address translation between various guest virtual address spaces by using
an Input Output Memory Management Unit (IOMMU) which operates
independent of the memory management hardware used by the CPU. An
IOMMU is used to remap physical memory addresses to the addresses that are
used by the child partitions.

RESTRICTED
 RESTRICTED
123
31. Child partitions also do not have direct access to other hardware resources
and are presented a virtual view of the resources, as virtual devices (VDevs).
Requests to the virtual devices are redirected either via the VMBus or the
hypervisor to the devices in the parent partition, which handles the requests.
The VMBus is a logical inter-partition communication channel. The parent
partition hosts Virtualization Service Providers (VSPs) which communicate over
the VMBus to handle device access requests from child partitions. Child
partitions host Virtualization Service Consumers (VSCs) which redirect device
requests to VSPs in the parent partition via the VMBus. This entire process is
transparent to the guest operating system.

32. Virtual Devices can also take advantage of a Windows Server

Virtualization feature, named Enlightened I/O, for storage, networking, graphics,
and input subsystems. Enlightened I/O is a specialized virtualization-aware
implementation of high level communication protocols (such as SCSI) that utilize
the VMBus directly, bypassing any device emulation layer. This makes the
communication more efficient but requires an enlightened guest that is
hypervisor and VMBus aware. Hyper-V enlightened I/O and a hypervisor aware
kernel is provided via installation of Hyper-V integration services. Integration
components, which include virtual server client (VSC) drivers, are also available
for other client operating systems. Hyper-V requires a processor that includes
hardware assisted virtualization, such as is provided with Intel VT or AMD
Virtualization (AMD-V) technology.

33. The following diagram provides a high-level overview of the architecture of

a Hyper-V environment.

RESTRICTED
 RESTRICTED
124

Fig No.14.11 : Hypervisor Architecture

34. Installing VMware Workstation Player VMware workstation player is a

“hosted hypervisor”, it needs a pre-installed OS before continuing to install it.
VMware workstation player is free version and available for non-commercial,
personal and home use. They also encourage students and non-profit
organizations to benefit from this offering. To install the VMware workstation
player, follow the steps given below.

Step 1: Click on “Download Now” as shown in the screenshot below.

RESTRICTED
 RESTRICTED
125

Fig No.14.12 : Download Screen

Step 2: You will see that a file has been downloaded double click on it.

Fig No.14.13 :.Downloded file

RESTRICTED
 RESTRICTED
126
Step 3: A Table will pop-up initializing the installation of VMware -> Click “Next”

Fig No.14.14 : Installation screen

Step 4: Check the box “I accept the terms in the license agreement” Click on
“Next”.

Fig No.14.15 : Installation screen

RESTRICTED
 RESTRICTED
127
Step 5: Once again, click on the “Next” button.

Fig No.14.16 : Installation screen

Step 6: Leave the default values and click on “Next”.

Fig No.14.17 : Installation screen

RESTRICTED
 RESTRICTED
128

Step 7: Once again, click on “Next”.

Fig No.14.18 : Installation screen

Step 8: Click on “Install”.

Fig No.14.19 : Installation screen

Step 9: An icon will be created on the desktop. Click on it and a table will pop–
up, where you have two possibilities: If you want to use it as a non-commercial

RESTRICTED
 RESTRICTED
129
version, just enter your email address. If you want to use it as a commercial
version, check the second option and enter your serial key.

Fig No.14.20 : Installation screen

Virtual Machine Basics

35. A virtual machine is a software computer that, like a physical computer,

runs an operating system and applications. The hypervisor serves as a platform
for running virtual machines and allows for the consolidation of computing
resources.

Types of Virtual Machine

(a) System Virtual machines

(b) Process Virtual machines

36. System Virtual Machine Hardware Virtual machine provides a complete

system platform environment which supports the execution of a complete
operating system (OS) VMWare, Xen, Virtual BOX.

37. Process Virtual Machine Application Virtual machine provides a

platform-independent programming environment that abstracts away details of
the underlying hardware or operating system from software or application
runtime. Eg: Java Virtual Machine, .NET Framework

RESTRICTED
 RESTRICTED
130

14.4
38. Network Virtualization It is a part of virtualization infrastructure, which
is used especially if you are going tovisualize your servers. It helps you in
creating multiple switching, Vlans, NAT-ing, etc. orMultiple sub-networks can be
created on the same physical network by combining equipment into a single,
software-based virtual network resource. Network virtualization also divides
available bandwidth into multiple, independent channels, each of which can be
assigned to servers and devices in real time. Advantages include increased
reliability, network speed, security and better monitoring of data usage. Network
virtualization can be a good choice for companies with a high volume of users
who need access at all times.

The following illustration shows the VMware schema:

Fig No.14.21 : Network Virtualization.

RESTRICTED
 RESTRICTED
131
Virtual LAN

39. Network virtualization is virtual LAN (VLAN). A VLAN is a subsection of a

local area network (LAN) created with software that combines network devices
into one group, regardless of physical location. VLANs can improve the speed
and performance of busy networks and simplify changes or additions to the
network.

40. Another example is network overlays. There are various overlay

technologies. One industry-standard technology is called virtual extensible local
area network (VXLAN). VXLAN provides a framework for overlaying virtualized
layer 2 networks over layer 3 networks, defining both an encapsulation
mechanism and a control plane. Another is generic network virtualization
encapsulation (GENEVE), which takes the same concepts but makes them
more extensible by being flexible to multiple control plane mechanisms.

41. A VLAN (virtual LAN) is a subnetwork which can group together collections
of devices on separate physical local area networks (LANs). A LAN is a group of
computers and devices that share a communications line or wireless link to a
server within the same geographical area.

42. VLANs make it easy for network administrators to partition a single

switched network to match the functional and security requirements of their
systems without having to run new cables or make major changes in their
current network infrastructure. VLANs are often set up by larger businesses to
re-partition devices for better traffic management.

43. VLANs are also important because they can help improve the overall
performance of a network by grouping together devices that communicate most
frequently. VLANs also provide security on larger networks by allowing a higher
degree of control over which devices have access to each other. VLANs tend to
be flexible because they are based on logical connections, rather than physical.

44. One or more network switches may support multiple, independent VLANs,
creating Layer 2 (data link) implementations of subnets. A VLAN is associated
with a broadcast domain. It is usually composed of one or more network
switches.

Types of VLANs

45. Types of VLANs include Protocol based, static and dynamic VLANs.

(a) A Protocol VLAN which has traffic handled based on its protocol.
A switch will segregate or forward traffic based on the traffics protocol.

RESTRICTED
 RESTRICTED
132
(b) Static VLAN also referred to as port-based VLAN, needs a
network administrator to assign the ports on a network switch to a virtual
network; while:

(c) Dynamic VLAN allows a network administrator just to define network

membership based on device characteristics, as opposed to switch port
location.

46. Memory Virtualization Virtual memory virtualization is similar to the

virtual memory support provided by modern operating systems. In a traditional
execution environment the OS maintains mappings of virtual memory to
machine memory using page tables, which is one stage mapping from virtual
memory to machine memory. All modern x86 CPUs include a Memory
management Unit and a translation Look-aside Buffer to optimize virtual
memory performance. In virtual execution environment virtual memory
virtualization involves sharing the physical system memory in RAM and
dynamically allocating it to the physical memory of the VMs. Guest OS sees flat
‚physical‛ address space. Page tables within guest OS: • Translate from virtual
to physical addresses. Second-level mapping: • Physical addresses to machine
addresses. VMM can swap a VM’s pages to disk. Traditional way is to have the
VMM maintain a shadow of the VM’s page table. The shadow page table
controls which pages of machine memory are assigned to a given VM. When
OS updates its page table, VMM updates the shadow

Fig No.14.22 : Memory Virtualization.

RESTRICTED
 RESTRICTED
133
Virtual memory virtualization is similar to the virtual memory support provided by
modern operating systems. In a traditional execution environment, the operating
system maintains mappings of virtual memory to machine memory using page
tables, which is a one-stage mapping from virtual memory to machine memory.
All modern x86 CPUs include a memory management unit (MMU) and a
translation lookaside buffer (TLB) to optimize virtual memory performance.
However, in a virtual execution environment, virtual memory virtualization
involves sharing the physical system memory in RAM and dynamically allocating
it to the physical memory of the VMs.

47. That means a two-stage mapping process should be maintained by the

guest OS and the VMM, respectively: virtual memory to physical memory and
physical memory to machine memory. Furthermore, MMU virtualization should
be supported, which is transparent to the guest OS. The guest OS continues to
control the mapping of virtual addresses to the physical memory addresses of
VMs. But the guest OS cannot directly access the actual machine memory. The
VMM is responsible for mapping the guest physical memory to the actual
machine memory. Figure 14.23 shows the two-level memory mapping
procedure.

Fig No.14.23 : Memory Mapping.

48. Each application sees its own logical memory, independent of physical
memory Virtual Memory in simple words is the RAM of the machine. The
memory resource settingsfor a virtual machine determines how much of the
host's memory is allocated to the virtualmachine. The virtual hardware memory
size determines how much memory is available toapplications that run in the
virtual machine.A virtual machine cannot benefit from more memory resources
than its configured virtualhardware memory size. The ESXi hosts limit the

RESTRICTED
 RESTRICTED
134
memory resource use to the maximumamount useful for the virtual machine, so
that you can accept the default of unlimitedmemory resources.You can add,
change, and configure virtual machine memory resources or options toenhance
virtual machine performance. You can set most of the memory parameters
whilecreating the virtual machine or it can also be done after the Guest
Operating System is installed. Most of the hypervisors require to power off the
virtual machine before changingthe settings.In the following schematic
illustration, you can see that the total physical memory isdivided between two
virtual machines

14.5

Creating a VM with VMware Workstation

49. To create a virtual machine, we have to follow the steps given below. Step
1: Click on “Player” File New Virtual Machine.

Fig No.14.24 : Creating VM

Step 2: A table will pop-up requesting you to find a Boot disk, Boot Image or to
install OS at a later stage. We will choose the second option and click on
Browse. Then we have to click on the ISO image, which we want to install. Once
all this is done, click on “Next”.

RESTRICTED
 RESTRICTED
135

Fig No.14.25 : Creating VM

Step 3: As I am installing windows server 2012, it will pop-up a table requesting

to enter the serial key click directly on “Next”, if you want to activate the non
commercial version for Windows.

Fig No.14.26 : Creating VM

RESTRICTED
 RESTRICTED
136
Step 4: After the above step is complete, a dialogue box opens. Click “Yes”.

Fig No.14.27 : Creating VM

Step 5: Click “Next”.

Fig No.14.28 : Creating VM

Step 6: In the “Maximum size disk” box, enter the value of your virtual Hard
disk, which in our case is 60GB. Then click on “Next”.

RESTRICTED
 RESTRICTED
137

Fig No.14.29 : Creating VM

Step 7: Click on “Finish”.

Fig No.14.30 : Creating VM

RESTRICTED
 RESTRICTED
138

14.6

VM Management: VM configuration

50. Setting up Networking with VMware Workstation

To set up the networking modes of a virtual machine in a VMware Workstation,
we have to click on the “Edit virtual machine settings”.

Fig No.14.31 : VM networking

A table will be opened with the settings of networking and on the left hand side
panel of this table click on “Network Adaptor”. On the left of this table, you can
see the networking modes as shown in the following screnshots.

RESTRICTED
 RESTRICTED
139

Fig No.14.32 : VM networking

RESTRICTED
 RESTRICTED
140

Fig No.14.33 : VM networking

If we want to limit the bandwidth usage of a virtual machine, click on “Advance”

and set the incoming and outgoing bandwidths.

RESTRICTED
 RESTRICTED
141

Fig No.14.34 : VM networking

51. Allocating Processors & Memory to a VM using VMware Workstation

To allocate memory to a virtual machine in a VMware Workstation, we have to
click on “Edit virtual machine settings”. A table will be opened and we will have
to click on “Memory”. On the left hand side panel, we have to enter the amount
of memory manually or by moving the arrow up and down as shown in the
following screenshot.

RESTRICTED
 RESTRICTED
142

Fig No.14.35 : VM networking

RESTRICTED
 RESTRICTED
143
52. If you click on “Processors”. On the left hand side panel, we have to enter
the amount of vCPU as shown in the screenshot below.

Fig No.14.36 : VM CPU

Note: If you put more vCPU-s than what the host supports, it will fail to power on
the VM.

RESTRICTED
 RESTRICTED
144

Fig No.14.37 : VM CPU

53. Duplicating a VM Using VMware Workstation

To create duplicates of VM machines, we have to use the VMware Workstation
Commercial Version.Let us see how to do it in practice by following the steps
given below.

Step 1: Open the VMware managing console and right click on a VM that you
want to duplicate. Click on “Manage”.

RESTRICTED
 RESTRICTED
145

Fig No.14.38 : Clone VM

Step 2: Click on “Clone…” and a wizard will be open.

RESTRICTED
 RESTRICTED
146

Fig No.14.39 : Clone VM

Step 3: Click on “Next”.

RESTRICTED
 RESTRICTED
147

Fig No.14.40 : Clone VM

Step 4: Click on “Create a Full Clone” and “Next”.

RESTRICTED
 RESTRICTED
148
Fig No.14.41 : Clone VM

Step 5: Put a name for the clone that will be created and “Finish”.

Fig No.14.42 : Clone VM

54. The following screenshots describe the process of cloning.

RESTRICTED
 RESTRICTED
149

Fig No.14.43 : Clone VM

55. Once the cloning process is complete, the following window will open.

Fig No.14.44 : Clone VM

Migrating Virtual Machines

56. You can move virtual machines from one compute resource or storage
location to another by using cold or hot migration. For example, with vSphere
vMotion you can move powered on virtual machines away from a host to
perform maintenance, to balance loads, to collocate virtual machines that
communicate with each other, to move virtual machines apart to minimize fault
domain, to migrate to new server hardware, and so on.

57. Moving a virtual machine from one inventory folder to another folder or
resource pool in the same data center is not a form of migration. Unlike
migration, cloning a virtual machine or copying its virtual disks and configuration
file are procedures that create a new virtual machine. Cloning and copying a
virtual machine are also not forms of migration.

RESTRICTED
 RESTRICTED
150
58. By using migration, you can change the compute resource that the virtual
machine runs on. For example, you can move a virtual machine from one host
to another host or cluster. To migrate virtual machines with disks larger than 2
TB, the source and destination ESXi hosts must be version 6.0 and later.
Depending on the power state of the virtual machine that you migrate, migration
can be cold or hot.

59. Cold Migration Moving a powered off or suspended virtual machine

to a new host. Optionally, you can relocate configuration and disk files for
powered off or suspended virtual machines to new storage locations. You can
also use cold migration to move virtual machines from one virtual switch to
another, and from one data center to another. You can perform cold migration
manually or you can schedule a task.

60. Hot Migration Moving a powered on virtual machine to a new host.

Optionally, you can also move the virtual machine disks or folder to a different
datastore. Hot migration is also called live migration or vMotion. With vMotion,
you migrate the virtual machine without any interruption in its availability.
Depending on the virtual machine resource type, you can perform three types of
migration.

61 Change compute resource only Moving a virtual machine, but not its
storage, to another compute resource, such as a host, cluster, resource pool, or
vApp. You can move the virtual machine to another compute resource by using
cold or hot migration. If you change the compute resource of a powered on
virtual machine, you use vMotion.

62. Change storage only Moving a virtual machine and its storage,
including virtual disks, configuration files, or a combination of these, to a new
datastore on the same host. You can change the datastore of a virtual machine
by using cold or hot migration. If you move a powered on virtual machine and its
storage to a new datastore, you use Storage vMotion.

63. Change both compute resource and storage Moving a virtual

machine to another host and at the same time moving its disk or virtual machine
folder to another datastore. You can change the host and datastore
simultaneously by using cold or hot migration.In vSphere 6.0 and later, you can
move virtual machines between vSphere sites by using migration between the
following types of objects.

64. Migrate to another virtual switch Moving the network of a virtual

machine to a virtual switch of a different type. You can migrate virtual machines
without reconfiguring the physical and virtual network. By using cold or hot
migration, you can move the virtual machine from a standard to a standard or

RESTRICTED
 RESTRICTED
151
distributed switch, and from a distributed switch to another distributed switch.
When you move a virtual machine network between distributed switches, the
network configuration and policies that are associated with the network adapters
of the virtual machine are transferred to the target switch.

65. Migrate to another data center Moving a virtual machine to a

different data center. You can change the data center of a virtual machine by
using cold or hot migration. For networking in the target data center, you can
select a dedicated port group on a distributed switch.

Hot and Cold Migrations

66 Cold Migration. A powered down Virtual Machine is carried to

separate host or data store. Virtual Machine’s power state is OFF and there is
no need of common shared storage. There is a lack of CPU check and there is
long shortage time. Log files and configuration files are migrated from the
source host to the destination host. The first host’s Virtual Machine is shut down
and again started on next host. Applications and OS are terminated on Virtual
Machines before moving them to physical devices. User is given choice of
movement of disks associated from one data store to another one.

Fig No.14.45 : Cold Migration

67. Hot Migrations. A powered on Virtual Machine is moved from one

physical host to another physical host. A source host state is cloned to
destination host and then that source host state is discarded. Complete state
is shifted to the destination host. Network is moved to destination Virtual
Machine.

68. A common shared storage is needed and CPU checks are put into use.
Shortage time is very little. Without stoppage of OS or applications, they are

RESTRICTED
 RESTRICTED
152
shifted from Virtual Machines to physical machines. The physical server is
freed for maintenance purposes and workloads (which are among physical
servers) are dynamically balanced so as to run at optimized levels. Downtime
of clients is easily avoidable.

69. Suspend first host’s Virtual Machine and then clone it across registers of
CPU and RAM and again resume some time later on second host. This
migration runs when source system is operative.

(a) Stage-0. Is Pre-Migration stage having functional Virtual Machine

on primary host.

(b) Stage-1. Is Reservation stage initializing container on destination

host.

(c) Stage-2. Is Iterative pre-copy stage where shadow paging is

enabled and all dirty pages are cloned in succession rounds.

(d) Stage-3. Is Stop and copy where first host’s Virtual Machine is
suspended and all remaining Virtual Machine state are synchronized on
second host.

(e) Stage-4. Is Commitment where there is minimization of Virtual

Machine state on first host.

(f) Stage-5. Is Activation stage where second host’s Virtual Machine

start and establishes connection to all local computers resuming all
normal activities.

Fig No.14.46 : Hot Migration

RESTRICTED
 RESTRICTED
153

 Virtualization is a technology that helps us to install different Operating

Systems on single hardware. Virtualization in operating system changes
a normal operating system so that it can run different types of
applications that may be handled on a single computer system by many
users.

 Traditional Computing is using physical data centers for storing digital

assets and running complete networking system for daily operations.

 Virtual computing is collective combination of configurable system

resources and advanced service that can be delivered quickly using
internet.

 Server virtualization enables different OS to share the same network &

make it easy to move OS between different networks without affecting
the applications running on them.

 A virtual computer system is known as a “virtual machine” (VM): a

tightly isolated software container with an operating system and
application inside

 A hypervisor is a thin software layer that intercepts operating system

calls to the hardware

 Hypervisors are two types:

 Native of Bare Metal Hypervisor

 Hosted Hypervisor

 A virtual machine is a software computer that, like a physical computer,

runs an operating system and applications. The hypervisor serves as a
platform for running virtual machines and allows for the consolidation of
computing resources.

 Network virtualization is virtual LAN (VLAN). A VLAN is a subsection of

a local area network (LAN) created with software that combines network
devices into one group, regardless of physical location.

 A VLAN (virtual LAN) is a subnetwork which can group together

collections of devices on separate physical local area networks (LANs).

 Virtual memory virtualization is similar to the virtual memory support

provided by modern operating systems. In a traditional execution

RESTRICTED
 RESTRICTED
154
environment the OS maintains mappings of virtual memory to machine
memory using page tables, which is one stage mapping from virtual
memory to machine memory

Self Test

MCQ

Q1. Virtualization is a technology that helps us to install different Operating

Systems on------------------

(a) Multiple system (b) single hardware

(c) Single software (d) multiple software

Q2. Applicationof virtualization

(a) Disaster Recovery (b)Save Energy

(c) Deploying Servers too fast (d) all of the above

Q3. Tools of Virtualization

(a) Virtual PC (b) Microsoft Hyper-V

(c) Redhat Virtualization (d) All of the above

Q4. Types of Virtualization ------------------

(a) Client virtualization (b) Application virtualization

(c) Server virtualization (d) all of the above

Q5. Example of Application virtualization

(a) Docker (b) HBA

(c) Client (d) none of the above

Q6. When the virtual machine software or virtual machine manager (VMM) or
hypervisor software is directly installed on the hardware system is known

(a) Client virtualization (b) Application virtualization

(c) Server virtualization (d) hardware virtualisation

Q7. Types of hypervisor ------------------

RESTRICTED
 RESTRICTED
155
(a) Native of Bare Metal Hypervisor (b) Hosted Hypervisor
(c) (a) &(b) (d) none of the above

MCQ Ans: 1(b), 2(d), 3(d), 4(d), 5(a), 6(d),7(c)

DTQ

Q1. What is virtualisation?

Q2. Differentiate between traditional and virtual computing?

Q3. Define the need and applications of virtualisation?

Q4. Explain any five tools of virtualization?

Q5. What is server virtualisation?

Q6. Differentiate between desktop and application virtualsation

Q7. Explain any three types of virtualization?

Q8. What is hypervisor?

Q9. Explain the types of hypervisor?

Q10. What are the types of virtual machines?

Q11. What is network virtualizaion?

Q12. Explain the types of VLANs in the virtualisation

Q13. Differentiate between memory virtualization and virtual memory?

RESTRICTED
 RESTRICTED
156

COMTECH/COMP/OS-III/15

CHAPTER-15
PC AUDIT TOOLS

Objective.

 AT the end of this trainees will be able To revise the subject-

 PC audit tools
 Standalone PC Audit
 Internet/Internet PC audit

15.1

PC audit tools

1. The IW audit of IT systems in the IAF shall be undertaken as per the IAP
3903:2018 (Revised) and the latest guidelines and checklists issued by IAF
CERT on time to time to Station/Unit. These will be useful for auditee in
implementation of the relevant aspects to ensure best Information Security
practices all the time. These guidelines will be helping the auditing team to
check the important aspects to ascertain the health of the IT infrastructure and
to find out the potential risks and vulnerabilities.

2. PC audit tools implies extracting details of all components of system,

shows installed software with version and product key. It gathers information on
your hardware, software, processes and shows you relevant data or potential
threats. The auditing of IT infrastructure of any formation is done for the
betterment of the system by finding the anomalies, violations and non-
compliance to existing IT policies and give recommendations to mitigate the
isseus to ensure a strong cyber security posture in IAF.

3. There are many audit tools available for auditing the PCs. In IAF, Remote
Audit Tool (RAT) is deployed and governed by CERT-IAF remotely for auditing
of the entire AFNET domain PCs, Private LAN PCs and its associated
peripheral devices.

4. Internal audit of the installed IT assets including peripherals other than

deployed on iaf.in domain is to be conducted once in a year. IAF-CERT issues

RESTRICTED
 RESTRICTED
157
checklists which enables the audit team to collect required data for the purpose
of documentation, analysis and report generation.

5. Following category of PCs will be audited by RAT and local IT audit team
as per the instruction of IAF-CERT:

(a) IAF owned IT infrastructure, operated and maintained networks, ICT

hardware and software including public and non-public fund.

(b) IT hardware included as part of the weapon systems.

(c) All employees of IAF i.e. Uniformed and Civilian personnel.

15.2

Standalone PC Audit

6. Audit of the standalone PCs deployed in station/unit shall be undertaken

as per the IAP 3903:2018 (Revised) and the latest guidelines and checklists
issued by IAF CERT on time to time basis. Following points to be checked while
auditing the Standalone PCs:

(a) OS and AV patch updation in PCs.

(b) Information security aspects on standalone PCs while data

interchange/ interaction with OEM/Vendors/External agencies.

(c) Compliance of IAP 3903-2018 (Revised) and other CERT-IAF

policies / instructions.

(d) Availability of logbook of PC and endorsing of all the requisite details

including peripheral details in it.

(e) Detailed report of audit with major and minor observations to be

submitted to higher authorities for further scrutiny/analysis and remedial
actions.

7. Standalone PCs to be audited as per the following checklist in order to

ensure covering of all the aspects of cyber security:

RESTRICTED
 RESTRICTED
158

Fig No.15.1 : Checklist Standalone PC

RESTRICTED
 RESTRICTED
159

15.3

Intranet/internet PC audit

8. Audit of the Intranet/Internet PCs deployed in station/unit shall be

undertaken as per the IAP 3903:2018 (Revised) and the latest guidelines and
checklists issued by IAF CERT on time to time basis. Following points to be
checked while auditing the Intranet/Internet PCs:

(a) Air Gap violations (Network interchanged between trusted and un-
trusted system), if any.

(c) Check establishment of Intranet network (Private/Independent LAN)

at station/unit as per the guidelines of IAP 3903:2018 Chap V para 2 and
also check the security administration of the Intranet network as per IAP
3903:2018 Chap XVI.

(d) Internet connections authorization from appropriate authorities (as

per VCAS / DIT or policy in vogue) to be checked

(e) Ensure internet is to be extended only to users/ appointments/

sections as authorised by VCAS through DIT for cases involving financial
effect and by AOC where no financial effect is envisaged.

(f) Ensure non MFD printers are deployed on Internet PCs.

(g) CIAS is to be strictly implemented. All internet connections are to be

mandatorily routed through UTM and the UTM is to be configured as per
the policy guidelines issued by ISOC from time to time.

(h) Administrator account is to be strictly prohibited for internet access.

(i) All windows internet machines will be logged in with a local user
created by the SCITO/ lT administrator.

(j) All internet PCs must be enabled with a desktop lock out policy. Ten
minutes of inactivity time for desktop lockout will be uniformly configured
by the administrator.

(k) DHCP server on LAN side should be disabled in internet PC.

(l) OS and AV patch updation in Internet/ LAN PCs.

RESTRICTED
 RESTRICTED
160
(m) Information security aspects on PCs while data interchange
/ interaction with OEM/Vendors/External agencies is to be checked.

(n) Compliance of IAP 3903-2018 (Revised) and other CERT-IAF

policies / instructions.

(p) Availability of logbook of PC and endorsing of all the requisite details

including peripheral details in it.

(q) Ensure Server management in Intranet (Independent/Private LAN) is

as per the IAP-3903(2018) and other polices/guidelines issued by
CERT-IAF.

(r) Detailed report of audit with major and minor observations to be

submitted to higher authorities for further scrutiny/analysis and remedial
actions.

9. Internet PCs (Windows / Vayusenix) to be audited as per the following

checklist in order to ensure covering of all the aspects of cyber security:

Note: - Intranet PCs (Private/Independent LAN/System PCs) will be audited

as per the checklist of AFNET / Standalone according to their nature of
deployement and will be decided by the auditing team itself.

RESTRICTED
 RESTRICTED
161

Fig No.15.2 : Checklist Internet PC

RESTRICTED
 RESTRICTED
162

Fig No.15.3 : Checklist Internet PC (Vaysenix)

RESTRICTED
 RESTRICTED
163
POINTS TO REMEMBER

 PC audit tools implies extracting details of all components of

system, shows installed software with version and product key.

 There are many audit tools available for auditing the PCs. In
IAF, Remote Audit Tool (RAT) is deployed and governed by CERT-IAF
remotely for auditing of the entire AFNET domain PCs, Private LAN
PCs and its associated peripheral devices.

Self Test

MCQ

Q1. Audit policy is not applicable to

(a) Canteen (b) AFFWA

(c) SNCO`s Mess (d) MES

Q2. Which agency is responsible for Audit of Critical ICT

Infrastructure ……………

(a) DIT (b) IAF-CERT

(c) Command HQ. (d) Local

Q3. To assess IAF-CERT’s functioning in the domain of cyber security, a

multi-disciplinary committee comprising ………

(a) DAI (b) SOC

(c) DMI (d) All

MCQ Ans: 1(d), 2(b), 3(d)

DTQ

Q1. What is purpose of audit?

Q2. What are the different types of audit?

Q3. Define Focused and Surprise audit?

Q4. What do you understand by online audit?

RESTRICTED
 RESTRICTED
164
COMTECH/COMP/OS-III/16

CHAPTER-16
REMOTE AUDIT TOOLS

Objective.

 AT the end of this trainees will be able to revise the subject-

 Introduction and Relavance to AFNET

 Decoding various fields

16.1

Introduction and relavance to AFNET

1. The IW audit of AFNet PCs in the IAF is carried out by Station/Unit IT

Section, Cmd IW Section and IAF-CERT to ensure policy compliance in such
PCs. This audit is presently carried out by physically visiting the site, which is
very cumbersome, time-consuming and involves huge costs to the exchequer.
Besides this, the audit does not cover all the AFNet PCs of a station/unit and the
quality of audit is affected by the competency of individual carrying out the audit.
Working towards the development of a potent solution to the problem, Remote
Audit Tool (RAT) software has been developed by IAF-CERT to carry out
remote audit of AFNet PCs across IAF. This audit is planned to be carried out in
the background at regular frequency without affecting PC functionality.

2. The RAT servers have been hosted inside AFNET Data Centre and can be
accessed through URL https://www.rat.iaf.in. as shown in fig.16.1(a)

Fig No.16.1 : RAT Login

RESTRICTED
 RESTRICTED
165

3. All stakeholders (IAF-CERT, SOC, CIWOs and SCITOs) would have an

account in RAT software which can be logged-in using AFNET credentials. The
users would be presented with their respective role-based dashboards as shown
in Fig. 16.1 (b).

Fig No.16.2 : RAT Dashboard

4. A RAT agent resident on AFNET machines extracts the audit data from
PC. The extracted data is communicated by the agents to RAT server which
receives the data files, parses the files and maintains the received data in a
database. This singular back-end database powers the hierarchical dashboards
from Air HQ up to individual PC level. The intuitive dashboards designed for
different categories of users present the audit data in graphical form which
includes information icons, area charts, pie charts, vertical and horizontal bars.
The icons are further linked to the next lower formation (Commands & Stations)
up to the individual PC level.

5. Various violations vis-à-vis IAP 3903:2018 and CERT audit checklist are
highlighted and relevant alerts and notifications are generated in real-time. This
software also features the generation of audit reports for pan-IAF, command
AOR and station/unit wise and individual PC in PDF format. This audit report is a
ready to use document giving list of PCs under different violation heads and can
be used by the stations for carrying out necessary remediation actions.

6. After automatic audit of any PC and storage of its data in database, it is not
possible to tamper the data which guarantees non-repudiation of audit results.

RESTRICTED
 RESTRICTED
166
The IW health of each PC is critically examined and an IW score is assigned to
each PC. These scores are aggregated to generate overall IW scores for
stations and commands. The IW score (numerical value) reflects objective IW
health of each formation and instils a competitive spirit among formations
towards being the best IW compliant formation of IAF.

16.2

7. Decoding various fields The following categories /fields of information

can be accessed through the RAT dashboard as shown in fig No.16.3

Fig No.16.3 : RAT Dashboard

(a) Total Audited PCs - It shows list of PCs audited by RAT in the
Station /unit.

(b) Good Health PCs - It will show list of PCs having all the parameters
in excellent condition as per RAT agent as shown in fig.16.4

(c) PCs not having VeraCrypt - It will show PCs in which Veracrypt
software is not installed.

RESTRICTED
 RESTRICTED
167

Fig No.16.4 : RAT Health

(d) PCs with USB Violations - This tab will show any USB violation
pertaining to the PCs of the station/unit.

(e) PCs not installed with or malfunctioning Anti-virus - This menu will
give the information about the PCs with Antivirus installation related
issues.

(f) PCs whose Anti-virus has not been patched - It will give AV patch
related information about the PCs.
(g) PCs with Virus Intrusion history - It gives the virus intrusion history
pertaining to the PCs of station/unit.

(h) PCs having any black-listed software - This tab will give information
about the black-listed software installed in PCs with details of software.

(j) PCs whose OS has not been patched - This will provide information
about the operating system (OS) related issues with the PCs.

RESTRICTED
 RESTRICTED
168
(k) PCs whose hardware has been changed - It will give information
about the hardware changes done with the PCs in recent times in
station/unit.

(l) PCs whose CD/DVD drive is enabled - This will give information
about the PCs which is having CD/DVD drive open or enabled.

(m) PCs having Shared folder(s) - This will give information about the
shared folders with details pertaining to the PCs of station/unit.

(n) IW Score - This will show the overall IW score (In percentage) of the
station/unit after taking consideration of the various fields/facts as listed by
the RAT administrator centrally.

(p) Report (in PDF format) summarising violations / non-compliances -

Reports can be generated using “Generate PDF” button on the left menu
pane of the dashboard as shown in fig. 16.5. A report (.pdf) giving
summarized details of violations with PC list would be presented to the
user. The report, which can be printed, is in the form of a ready to use
document for carrying out necessary remediation actions for each
violation.

Fig No.16.5 : RAT Report

8. The Remote Audit Tool has been designed with an aim of strengthening
the overall cyber security posture of IAF. Once operationalised pan-IAF, the
system will not only increase the audit coverage and frequency but also improve

RESTRICTED
 RESTRICTED
169
the overall efficacy of IW audits. It would also bring desired numerical objectivity
in audits through the integrated IW scoring system.

Note: - The RAT agent is not to be uninstalled from any AFNETPC without prior
clearance from IAF-CERT.

POINTS TO REMEMBER

 Policies of IW in IAF are governed by IAP 3903. Main agency

handling IW in IAF is IAF CERT (IAF Computer Emergency Response
Team).

 The cyber related offences would be dealt under the provisions of the
IT Act, 2000, IT (Amendment) Act, 2008 and Air Force Act, 1950.

 Loss of PC / Laptop / Palmtop, Secondary Storage device etc. is to

be immediately reported on detection, without loss of time to the authorities
higher in chain of Command.

 On report of breach / compromise of the password, the authorised

user should change password immediately and report to the authority
higher in chain of command.

 The carriage of storage devices out of unit / offices without

authorisation from security staff should be investigated by thorough inquiry
and strict disciplinary action is to be initiated for the breach against the
defaulter.

 As soon as the incident is detected / reported, the systems related

with the incident should be preserved for digital forensics.

 Major Cyber Security Violations.

 Damage to the Computer, Computer System etc.
 Tampering with Computer Source Documents.
 Hacking with Computer System.
 Publishing of Information which is Obscene in Electronic Form.
 Publishing False Digital Signature Certificate.

 All secondary storage devices will be clearly marked and labeled with
the name of the user to which it has been issued.

RESTRICTED
 RESTRICTED
170

 A record of the out / in and usage of secondary media is to be

maintained by users.

 USB enabled Photocopiers with in-built printers purchased from OCG

/ ATG are not to be connected to AFNET PCs without specific clearance
from system administrator.

 Serial Number of the hard disk installed in each computer will be

noted at the time of installation in the log book of the computer.

 As a policy no Pen Drives usage shall be permitted in IAF.

 Any data being brought to meet service requirements from outside

environment will be through a standalone Sanitisation Station to check for
any malware.

 In the information chain, servers should have the highest protection.

 All ingress and egress of data will be logged and accounted for at
DAP.

RESTRICTED
 RESTRICTED
171

Self Test

MCQ

Q1. Audit policy is not applicable to…………..

(a) Canteen (b) AFFWA

(c) SNCO`s Mess (d) MES

Q2. Which agency is responsible for Audit of Critical ICT

Infrastructure ……………

(a) DIT (b) IAF-CERT

(c) Command HQ. (d) Local

Q3. To assess IAF-CERT’s functioning in the domain of cyber security, a

multi-disciplinary committee comprising……….

(a) DAI (b) SOC

(c) DMI (d) All

MCQ Ans: 1(d), 2(b), 3(d).

DTQ

Q1. What is purpose of audit?

Q2. What are the different types of audit?

Q3. Define Focused and Surprise audit?

Q4. What do you understand by online audit?

RESTRICTED
 RESTRICTED
172
COMTECH/COMP/OS-III/17

CHAPTER-17
IAP 3903 (REVISED)

Objective.

 AT the end of this trainees will be able To revise the subject-

 Minor and major violation cyber security

 Storage device and peripherals
 Control of secondary storage media, network device
 Password management and Data Access Point (DAP)

17.1

Introduction to IAP 3903(Revised)

1. Information Technology has changed the way the Armed Forces in India
operate. The importance of information and the central role it plays in warfare is
not new. IAF is the pioneer in adopting IT revolution to achieve its operational
edge. IT infrastructure is increasingly becoming more complex and diverse. The
basic pillar of Information Security is a strong and effective security policy.
Hence, Directorate of Intelligence Air Headquarters, New Delhi has issued IAP-
3903(Revised) on 01 Nov 12 with the following objectives:-

(a) To provide instructions for Information Assurance (IA) in the IAF.

(b) To prevent any form of compromise of the Information Systems in

IAF operational and functional domains.

(c) To layout the guidelines for incident response within the IAF.

(d) Formalise actions in the event of crisis / security breach.

2. Breach of IT Security. The cyber related offences would be dealt

under the provisions of the IT Act, 2000, IT (Amendment) Act, 2008 and Air
Force Act, 1950. Any breach of computer security related to physical / personnel
/ hardware / Software / System / Site aspects shall be investigated through a

RESTRICTED
 RESTRICTED
173
Court of Inquiry / Formal Investigation. Some of the guidelines for handling IT
security breach /action are as follows :-

(a) Loss of PC / Laptop / Palmtop, etc. Loss of PC / Laptop / Palmtop

etc is to be immediately reported on detection, without loss of time to the
authorities higher in chain of Command. Command Int officers are to
immediately notify Air HQ (Dte of Int (Counter Int & Security) and PM (Air).
Assistance of civil police is to be taken where necessary. Command HQ
should convene COI / Formal Investigation.

(b) Loss of Storage Media. The loss is to be immediately reported on

detection to the authorities higher in chain of command. The loss of a
storage media like floppy disk, hard disks, CD, pen drive, etc. should be
dealt in the same way as loss of any highest classification document ever
stored on device.

(c) Breach of Password. On report of breach / compromise of the

password, the authorised user should change password immediately and
report to the authority higher in chain of command. Keeping in view the
sensitivity and criticality due to breach, appropriate investigation is to be
carried out at establishment / formation level.

(d) Detection of Virus / Bugs. Detection of virus is to be

investigated to fix the source and take remedial action. Detection of any
bug (programming error) in any in-house developed software / customised
software will be brought to the notice of the issuing / procuring / developing
agency giving full details of the problem.

(e) Unauthorised Carriage of Storage Devices. The carriage of

storage devices out of unit /offices without authorisation from security staff
should be investigated by thorough inquiry. Strict disciplinary action is to
be initiated for the breach against the defaulter.

3. Procedure for Handling of Computer Breaches. Any kind of incident

reported must be simultaneously processed both on IT and Int channels. As
soon as the incident is detected / reported, the systems related with the incident
should be preserved for digital forensics. The digital evidence is to be handled
as per the provisions of Indian Evidence Act and IT Act. Based on preliminary
investigation and evidence collection, further actions like convening of COI can
be decided. Dte of Ops (IW) and IAF-CERT may be involved for any technical
expertise / forensics, legal and human Int in such cases and will get co-opted
with Central Security and Investigation Team (CSIT) as an when required. For in
depth investigation and forensic analysis, the digital evidences will be forwarded
to D Ops (IW) by Dte of Int (CI & S).

RESTRICTED
 RESTRICTED
174

4. Disciplinary Action for Breaches in Computer Security. Some of the

breaches that would culminate into Disciplinary / Administrative actions for
violation of IT security requirements have been enumerated in succeeding
paragraphs No. 5, 6 & 7. It is noteworthy that the breaches mentioned below are
neither exhaustive nor conclusive; these are mentioned as broader guidelines.
There may be more breaches depending upon the facts and circumstances of
the case.

5. Major Violations. The following breaches may be considered as Major

Violations:-

(a) Damage to the Computer System. Any person could be charged

for damage to the computer, computer system etc. who without permission
of the owner or any other person who is in charge of a computer, computer
system or computer network carries out any one of the activities listed at
para 2 above.

(b) Tampering with Computer Source Documents. Whoever,

knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes other to conceal, destroy or alter any computer source
code used for a computer, computer program, computer system or
computer network, when the computer source code is required to be kept
or maintained by the user would be liable to be charged with tampering the
computer, computer system etc.

(c) Hacking with Computer System. Whoever with the intent to

cause or knowing he is likely to cause wrongful loss or damage to the
public or any person destroys or deletes or alters any information residing
in a computer resource or diminishes its value or utility or affects it
injuriously by any means.

(d) Publishing of Information which is Obscene in Electronic Form.

Whoever publishes or transmits or causes to be published in the electronic
form, any material which is lascivious or appeals to the prurient interest or
if its effect is such as to tend to deprave and corrupt persons who are
likely, having regard to all relevant circumstances, to read, see or hear the
matter contained or embodied in it.

(e) Publishing False Digital Signature Certificate in Certain

Particulars. Whoever knowingly creates, publishes or otherwise makes
available a Digital Signature Certificate for any fraudulent or unlawful
purpose shall be treated as a serious offence.

RESTRICTED
 RESTRICTED
175
6. Minor Violations. The following breaches may be considered as Minor
Violations:-

(a) Use of computer system by any unauthorised person (s).

(b) Sharing of password with anyone including colleagues, except where

authorised by competent authority.

(c) Allowing staff members to bring own floppies / CDs / other types of
media or software to run on computer system of the department.

(d) Using pirated copies of software as these may contain viruses and
even facilitate intrusions in to the system.

(e) Downloading computer games since these could be the main carriers
of computer viruses and unsuspecting / easy media for an intruder to break
into your computer system.

(f) Carrying storage device outside the building without proper authority.

(g) Using password that is easily susceptible to dictionary / brute force

attacks.

(h) Keeping storage devices unattended.

(j) Becoming member of chat club on official internet.

(k) Violating any advisories issued from time to time on any subject
relating to IT resources.

(l) Use of I-Keys by unauthorized person (s).

Note. Depending upon the gravity of the offence & facts and
circumstances of the case, minor violation may also be treated as a major
violation and appropriate Disciplinary / Administrative action is to be
initiated in consultation with CJA / JAG (Air).

7. The following violations related to internet may be categorised as major or

minor depending upon gravity of offence:-

(a) Storing of service related information on internet PC.

(b) Unauthorised air gap violation between Intranet and Internet.

RESTRICTED
 RESTRICTED
176
(c) Installing and using unauthorised software. (All software which are
not cleared by DIT for code consistency, D AFNET for use on AFNET
domain, D Ops IW for security, and D Ops IT&N for encryption shall be
deemed as unauthorized)

17.2

Storage Device and Peripherals

8. Accounting of Storage Devices.

(a) All types of secondary storage devices such as floppies, CDs, DVDs,
zip cartridges, External HDDs etc. used by a Branch / Directorate / Unit will
be taken on charge. Secondary Storage Devices register as per format
given at Fig 17.1 will be maintained by the respective heads of Dte /
Branches / Units separately for each type of secondary storage device and
quarterly checks should be undertaken.

Fig 17.1 : Appendix -K

(b) They will be clearly marked and labeled with the name of the user to
which it has been issued. Format for label to be applied on such storage
devices is given at Fig 17.2

RESTRICTED
 RESTRICTED
177

Fig 17.2 : Label for Secondary Storage Device

(c) A record of the out / in and usage of secondary media is to be

maintained as per Fig 17.3 by users. These records are also to be made
available for check by Provost / Counter Intelligence personnel.

Fig 17.3 : Record of Usages

(d) Supply of blank storage devices are to be made only against written
requisition duly signed or countersigned by the head of Branch /
Directorate / Unit.

9. Formatting of Hard Disk. Formatting of PC belonging to any domain or

Internet is to be done with valid reason as per existing guidelines. Performa for
permission for formatting of any PC is placed as Fig 17.4

RESTRICTED
 RESTRICTED
178

Fig 17.4 : Permission for Formatting

10. Handling of Storage Devices. The following actions pertaining to use of

primary and secondary storage devices will be implemented immediately:-

(a) Handling of Hard Disks.

(i) Serial Number of the hard disk installed in each computer will
be noted at the time of installation in the log book of the computer.

(ii) In case of transfer of ownership of a computer to a different

user, all data on the hard disk will be erased before handing over to
the user.

(iii) Before handing over a computer for repairs, the hard disk will
be removed. Hard disk of any computer will not be handed over to
any civilian agency for repair or replacement.

(iv) Defective hard disk containing data will not be handed over to
any agency under any circumstances. If the data on the disk cannot
be removed by formatting due to defect in the disk, the same shall be
destroyed by hammering and burning by a Board of Officers and a
certificate to this effect produced in the log book of the computer.

(v) Destruction of hard disks is to be carried out by ordering a

Board of Officers (BOO). It is to be ensured that the hard disk is
physically broken. The storage media inside hard disk should be
removed and destroyed by application of corrosive chemicals (acid or
abrasive substances, emery wheel or disk sander) to the recording
surface, and by shredding, burning, disintegration, pulverisation and
smelting etc in presence of an officer and certificate to this effect
produced.

RESTRICTED
 RESTRICTED
179
(b) Handling of External Hard Disks (External HDDs) and Removable
Disks.

(i) Granular control of removable media for use on AFNET

systems would be carried out centrally by DCMU. Dte of AFNET will
authorise selected users to use USB devices as per existing
guidelines after being vetted by respective Command and PSOs.

(ii) Authorisation of External HDD is placed in IAP 3903(Revised).

However, if there is a need for authorisation of External HDD for an
appointment which is not covered in IAP 3903, same is to be
projected for approval through respective Command / Air HQ to Dte
Ops (IEW).

(iii) External HDD when used for storage / processing of classified

information is to be secured under lock and key as in case of S&C
documents. For storing and normal backup of documents, external
hard disk upto 500 GB are permitted, for database backup by IT
sections higher capacity hard disk can be purchased.

(iv) Use of external hard disks is to be reduced to barest minimum.

Proper accounting of the External HDD is to be kept.

(v) External HDD is to be on the charge of a commissioned officer

only.

(vi) In case external HDD is authorised for use on Internet PC

suitable colour coding RED (for Internet) and BLUE (for Intranet)
should be used to ensure segregation of media.

(c) Handling of Secondary Storage Devices.

(i) Use of secondary storage devices as well as their access points

both on Intranet and Internet domain are to be restricted to a barest
minimum.

(ii) Auto run should be disabled in all PCs.

(iii) On all PCs intranet (AFNET) CD / DVD drives are to be

disabled. These CD / DVD drives on Intranet PCs can be temporarily
enabled by system administrator for specific requirements of clients
regarding installation of standard software.

RESTRICTED
 RESTRICTED
180
(iv) All USB ports are to be disabled for mass storage devices
except selected appointments for which USB access for mass
storage devices as per IAP 3903(Revised).

(v) For stand-alone service (not Internet) PCs CD / DVD drives are
to be disabled and only USB are to be enabled for using secondary
storage devices / printers.

(vi) For all PCs on Internet CD / DVD drives with read and write
access is to be provided. All USB ports of Internet machines are to be
disabled except for use of printer / keyboard / mouse.

(vii) No Single storage device should be used on both networks to

maintain complete isolation between them. Suitable colour coding will
be implemented to distinguish between Intranet (BLUE Color) and
Internet (RED Color) devices / cables including secondary storage
devices. The above arrangement will ensure the following:-

(aa) Use of external HDD only on Intranet (AFNET) machines to

certain authorised users (and non-Internet machines).

(ab) Use of CD / DVD drive with R / W privileges only on

Internet machine.

(viii) Any information from a trusted source on a CD / DVD and to be

transferred to Intranet machine will be transferred through central
Data Access Point (DAP). However in case inescapable operational,
maintenance and admin requirements exists for enabling Mass
storage devices on internet PCs, one time consolidated clearance is
to be obtained from VCAS / AOC-in-C. These clearances should be
reviewed annually.

(ix) All removable media (CD/DVD) must have a clearly legible

registration number and suitable marking of formation holding them
using logo / label printer.

(x) Whenever an unauthorised USB device is connected, violation

is to be reported by NOCs to IAF-CERT. It shall be treated as per the
incident handling procedure.

(xi) All types of secondary storage devices whether blank or

otherwise will be properly accounted for and stored under lock and
key in a fire-proof cabinet.

RESTRICTED
 RESTRICTED
181
(xii) In case such a device contains any matter of classified nature, it
will be marked with the highest security classification of the
information contained in it.

(xiii) Storage media containing classified information will only be

transacted as a classified document of equivalent security
classification. Under no circumstances will such media be sent to
outside agencies for repair / recovery / replacement.

(xiv) Carriage of secondary storage devices into and out of Branch /

Directorate / Unit is to be resorted to only on proper authority from the
head of Branch / Directorate / Department / Establishment.

(xv) Destruction of Secondary Storage Media is to be carried by

ordering a Board of Officers (BOO).

(xvi) Loss of Computer / Hard disk / Pen drive / CD / Floppy is to be

immediately reported to higher formation and investigations carried
out simultaneously by the Branch / Dte / Unit to ascertain, the extend
of loss of classified information and to pin point respectively for the
loss for initiating suitable action against defaulters.

(d) Pen Drives. Pen drives have inherent security concern. As a

policy no Pen Drives usage shall be permitted in IAF. Existing Pen drives
are to be destroyed and no personal pen drive or pen drives bought from
other sources like ATG etc are to be used.

11. Control of Devices with Removable Storage Media and USB

Interfaced Photocopier and Printer. Today a number of digital devices
(like Digital Voice Recorders, Digital Cameras, Video cameras etc.) have
removable storage media in the form of SD Cards, Flash storage etc.

(a) USB enabled Photocopiers with in-built printers purchased from OCG
/ ATG are not to be connected to AFNET PCs without specific clearance
from system administrator.

(b) All such devices are to be cleared specifically for use by system
administrator and approval of PD / PSO / AOC / Stn Cdr has to be
obtained.

(c) Since these devices could be used for pilferage of service related
information, their usage must be regulated and controlled by the
concerned officer.

RESTRICTED
 RESTRICTED
182
(d) In addition, a list of all such hardware is to be maintained by Branch
CC / Command IT / C Org / Stn IT Centre and this information will be
passed to IAF-CERT.

(e) To prevent any leakage of classified information, the USB access on

AFNET will be permitted only as ‘Read Only’ mode for such devices.

17.3

Control of secondary Storage Media and Network Device

12. Control of Secondary Storage Devices. The secondary storage

devices (Ext HDD etc) are to be registered (Make, Product ID and Serial No) on
AFNET through central Device Control software for managing and controlling
use of these devices. A mechanism to generate ‘alert’ identifying defaulter unit
and terminal whenever an unauthorized device is connected has been
implemented.

13. Vulnerability Assessment by IAF-CERT. IAF-CERT shall undertake

Vulnerability Assessment and Penetration Testing (VAPT) of AFNET and other
IT infrastructure at periodic intervals as per ISO / IEC 28101:2005 after prior
notice. IAF-CERT will also carry out surprise VAPT of station IT infrastructure.
CITO / CIWO will carry out compliance of security policies of Stations under
their AOR.

14. Network Administration and Security. Dte of AFNET will be

responsible for the policy on AFNET (including various VLANs) administration
and security through SOC AFNET. Networks will be adequately managed and
controlled, in order to be protected from threats, and to maintain security for the
systems and applications using the network, including information in transit by
incorporating appropriate security solutions at physical, network, transport and
application layers.

15. Port Security. In order to ensure that access of network resources is not
available to unauthorised devices, strict control of network hosts need to be
done. Dte of AFNET should implement suitable mechanisms for ensuring that IP
address poison based attacks are prevented along with proper port and MAC
binding / NAP-NAC solution so that only recognized machines (PCs / Laptop
etc) may be permitted to ride the network infrastructure.

16. Security Policies for Network Devices.

RESTRICTED
 RESTRICTED
183
(a) Dte of AFNET shall ensure implementation and monitoring of security
policies for all network devices.

(b) Every network device should be updated with latest IOS / Malware
definitions.

(c) There should be packet inspection for detecting and analysing

anomalies and threat patterns, restrict insecure ports, protocol services,
provide protection against DOS attacks, filter / block and prevent the
malicious traffic.

(d) The CSI / CSA issued by IAF-CERT should be complied within the
stipulated time.

(e) Suitable testing of security updates / patches from OEMs of network

devices to be ensured before its application on the operational network.

(f) NOC should investigate / resolve the issues whenever required

updation is not taking place for certain devices.

17. Security Instructions for Servers. In the information chain, servers

should have the highest protection. Server Room should be categorised as VP
and unauthorised entries to be restricted. A suitable surveillance camera should
be installed to ensure all round security.

17.4

Password Management & Data Access Point (DAP)

18. Password Management. Sensitive information will be transmitted over

AFNET for Network Centric Operations of IAF. Hence, it is essential that the
network access for configuration, monitoring and troubleshooting is extended
only to authorized person (s) on need basis. Passwords are the key to the
server / network resources and form the most vital entry point, which need to be
properly managed and safeguarded. Dte of AFNET has issued Password
Management Policy laying down responsibility and methodology for
management of password for various System Administrators, Maintenance
Desk, Help Desk, Site Admin and all users of AFNET systems. The same should
be followed in letter and spirit. Hence, always use complex, hard-to-guess
passwords and change them regularly.

19. Any security measures you take can be undermined by a password that is
easy to guess or a computer account that does not have a password. Good

RESTRICTED
 RESTRICTED
184
passwords help keep your computer secure from external threats (such as
hackers) and local threats (such as a nosy roommate or officemate). Following
are guidelines for password security:

(a) Never have an account without a password.

(b) We recommend using 15 or more characters whenever possible for

your password (8 characters is a minimum).

(c) Use a mixture of character classes such as uppercase, lowercase,

numbers, and symbols.

(d) Don't use a password that is a dictionary word, is part of your name,
or is easily associated with you.

(e) Never use keyboard patterns such as "asdfg".

(f) Passphrases are a good technique for remembering a long password

so you don't have to write it down (e.g., "Ihatestalebread!").

(g) Use different passwords for your important computer accounts.

Although somewhat inconvenient, if one of your passwords is
compromised, an attacker will not gain easy access to your other
accounts.

(h) If you use your password in public places, such as a lab or a friend's
room, you should change your password more often.

20. Data Access Point (DAP). To prevent loss of sensitive data as well
as entry of malware, egress of data from the network to outside environment
and ingress of data into the network from outside environment needs to be
controlled, sanitised and monitored. In a specific formation this should be
implemented through Data Access Points (DAPs).

(a) The secondary storage devices should be enabled at one central

location within the IT cell. On all other AFNET PCs the secondary storage
devices need to be disabled except specific appointments for which USB
access for mass storage devices will be permitted by D AFNET.

(b) All ingress and egress of data will be logged and accounted for at
DAP.

RESTRICTED
 RESTRICTED
185
(c) Any data being brought to meet service requirements from outside
environment will be through a standalone Sanitisation Station to check
for any malware.

(d) The source of the required file / document to be brought in or taken

out is required to be recorded. The format of form to be used for data
transfer is placed at Fig 17.5 and record to be maintained in register for
transfer of data is placed at Fig 17.6

Fig 17.5: Form for Data Transfer

RESTRICTED
 RESTRICTED
186

Fig 17.6 : Register for Transfer of Data

(e) DAP required for operational needs like MET, ATC etc can be
authorised by AOC-in-C at Command level and PSOs at Air HQ level.

RESTRICTED
 RESTRICTED
187
POINTS TO REMEMBER

 Policies of IW in IAF are governed by IAP 3903. Main agency

handling IW in IAF is IAF CERT (IAF Computer Emergency Response
Team).

 The cyber related offences would be dealt under the provisions of the
IT Act, 2000, IT (Amendment) Act, 2008 and Air Force Act, 1950.

 Loss of PC / Laptop / Palmtop, Secondary Storage device etc. is to

be immediately reported on detection, without loss of time to the authorities
higher in chain of Command.

 On report of breach / compromise of the password, the authorised

user should change password immediately and report to the authority
higher in chain of command.

 The carriage of storage devices out of unit /offices without

authorisation from security staff should be investigated by thorough inquiry
and strict disciplinary action is to be initiated for the breach against the
defaulter.

 As soon as the incident is detected / reported, the systems related

with the incident should be preserved for digital forensics.

 Major Cyber Security Violations.

 Damage to the Computer, Computer System etc.
 Tampering with Computer Source Documents.
 Hacking with Computer System.
 Publishing of Information which is Obscene in Electronic Form.
 Publishing False Digital Signature Certificate.

 All secondary storage devices will be clearly marked and labeled with
the name of the user to which it has been issued.

 A record of the out / in and usage of secondary media is to be

maintained by users.

 USB enabled Photocopiers with in-built printers purchased from OCG

/ ATG are not to be connected to AFNET PCs without specific clearance
from system administrator.

RESTRICTED
 RESTRICTED
188
 Serial Number of the hard disk installed in each computer will be
noted at the time of installation in the log book of the computer.

 As a policy no Pen Drives usage shall be permitted in IAF.

 Any data being brought to meet service requirements from outside

environment will be through a standalone Sanitisation Station to check for
any malware.

 In the information chain, servers should have the highest protection.

 All ingress and egress of data will be logged and accounted for at
DAP.

Self Test

MCQ

Q1. Audit policy is not applicable to……………

(a) Canteen (b) AFFWA

(c) SNCO`s Mess (d) MES

Q2. Which agency is responsible for Audit of Critical ICT

Infrastructure ……………

(a) DIT (b) IAF-CERT

(c) Command HQ. (d) Local

Q3. To assess IAF-CERT’s functioning in the domain of cyber security, a

multi-disciplinary committee comprising…………..

(a) DAI (b) SOC

(c) DMI (d) All

MCQ Ans: 1(d), 2(b), 3(d)

DTQ

Q1. What is purpose of audit?

Q2. What are the different types of audit?

RESTRICTED
 RESTRICTED
189
Q3. Define Focused and Surprise audit?

Q4. What do you understand by online audit?

RESTRICTED
 RESTRICTED
190
COMTECH/COMP/OS-III/18

CHAPTER-18
REVISION)

Objective.

 AT the end of this trainees will be able To revise the subject-

RESTRICTED
 RESTRICTED
191
Global Keyboard Shortcuts:

 Windows key +Space bar operate as a keyboard shortcut for Aero Peek.
 Windows key + Up maximizes the current window.
 Windows key + Down if current window is maximized restores it;
otherwise minimizes current window.
 Windows key + Shift + Up makes upper and lower edge of current
window nearly touch the upper and lower edge of the Windows desktop
environment, respectively.
 Windows key + Shift + Down restores original size of the current window
prior to using Windows key + Shift + Up.
 Windows key + Left snaps the current window to the left edge of the
screen.
 Windows key + Right snaps the current window to the right half of the
screen.
 Windows key + Shift + Left and Windows key + Shift + Right move the
current window to the left or right display.
 Windows key + + (plus sign) functions as zoom in command wherever
applicable.
 Windows key + − (minus sign) functions as zoom out command wherever
applicable.
 Windows key + ESC (Escape key) turn off zoom once enabled.
 Windows key + Home operates as a keyboard shortcut for Aero Shake.

RESTRICTED
 RESTRICTED
192
Keyboard Shorcuts in Windows Operating System

File menu Alt+F

Edit menu Alt+E
View menu Alt+V
Undo the last operation Ctrl+Z
Redo the last operation Ctrl+Y
Cut the selected area and store it
Ctrl+X, or ⇧ Shift+Del
in the clipboard
Copy the selected area into the
Ctrl+C, or Ctrl+Ins
clipboard
Paste contents of clipboard at
Ctrl+V, or ⇧ Shift+Ins
cursor
Paste special Ctrl+Alt+V
Select everything in focused
Ctrl+A
control or window
Toggle among installed keyboard
⇧ Shift+Alt
languages
Run new application ⊞ Win, enter executable name
Open new browser window with
Ctrl+N
same page as current
Make new folder Ctrl+⇧ Shift+N
Lock desktop ⊞ Win+L
Show desktop ⊞ Win+D
Switch active user ⊞ Win+L
Ctrl+⇧Shift+Esc,
Task manager
Ctrl+Alt+Delete
Rename object F2
Open file or program ↵ Enter
Switch to next/previous focused
Alt+Tab ↹
window
Switch focus to the next/previous
Alt+Esc / ⇧ Shift+Alt+Esc
window (without dialog)
Open the Run dialog box ⊞ Win+R
⊞ Win, enter executable name
Open the Search dialog box or
⊞ Win+F
Save screenshot of entire screen
Print Screen
as file
Copy screenshot of entire screen Print Screen or Ctrl+Print
to clipboard Screen
Save screenshot of window as file

RESTRICTED
 RESTRICTED
193
Copy screenshot of window to
Alt+Print Screen
clipboard
Delete char to the right of cursor Del or Fn+← Backspace |Del
Delete word to the right of cursor Ctrl+Del
Delete word to the left of cursor Ctrl+← Backspace
Go to start of line Home
Go to end of line End
Go to start of document Ctrl + Home
Go to end of document Ctrl + End
Go to previous word Ctrl+←
Go to next word Ctrl+→
Go to previous line ↑
Go to next line ↓
Go to previous line break Ctrl+↑
Go to next line break Ctrl+↓
Go to find Ctrl+F
Go to next search result F3
Go to previous search result ⇧ Shift+F3
Search and replace Ctrl+H

RESTRICTED
 RESTRICTED
194
COMMON COMPUTER ABBREVIATIONS

PCI Peripheral Component Interconnect

RTC Real time Clock
CMOS Complimentary Metal Oxide Semiconductor
BIOS Basic Input Out System
CD ROM Compact Disk ROM
ALU Arithmetic Logic Memory
IR Instruction Register
IEW Information and Electronic Warfare
DIN Deutsche Industries Norm
USB Universal serial Bus
CERT Computer Emergency Response Team
EFS Encrypting File System
NTFS New Technology File System
TCP/IP Transfer Control Protocol/Internet Protocol
ACPI Advanced Configuration & Power Interface
APM Advanced Power Management
ISA Industry Standard Architecture
AT Advance Technology
ATX Advance Technology Extended
RPM Rotations Per Minute
FAT File Allocation table
WORM Write Once Read Many times
SCSI Small Computer System Interface
EIDE Enhanced Intergraded Drive Electronics
AT Advanced Technology
ATAPI AT Attachment Packet Interface
DVD Digital Versatile Disk

RESTRICTED
 RESTRICTED
195
HDD Hard Disk Drive
HDA Hard Disk Assembly
ASCII American Standard Code for Information Interchange
IRDA Infra Red Data Association
CRT Cathode Ray Tube
LCD Liquid Crystal Display
TFT Thin Film Transistor
RGB Red Green Blue
DMP Dot Matrix Printer
Light Amplification by Stimulated Emission and
LASER
Radiation
POST Power On Self test
SIMM Single Inline Memory Module
DIMM Dual Inline Memory Module
AGP Accelerated Graphic Port
HCL Hardware Compatibility List
CALs Client Access Licenses
DHCP Domain Host Control Protocol
APIPA Automatic Private IP addressing
DMA Dynamic Memory Access
SID Security ID
RISC Reduced Instruction Set Computing
MAC Media Access Control
SMTP Simple Mail Transfer Protocol
RSCS Remote Spooling Communication System
FDDI Fibre Distributive Data Interface

RESTRICTED
 RESTRICTED
196

NOTES

LIST OF BOOKS/ PUBLICATIONS/ MANUALS RECOMMENDED

Sl No Title Author Edition

1. Computer Organization & William Stallings

Architecture
2. AFNET Implementation
Insttruction Data 09
3. Storage Networks The Robert Spalding
complete reference
4. Virtualization Essentials Matthew Portnoy

EVALUATION / ASSESSMENT WITH MARKS AND WEIGHTAGE.

Refer TCASI Part II/TG/01/12 as amended from time to time.

“THE CONTENTS OF THE PRECIS TO BE UPDATED WITH THE LATEST

POLICIES AND INSTRUCTIONS ISSUED FROM TIME TO TIME”

RESTRICTED