Managing and Monitoring

8/10/2019 Managing and Monitoring

1/10

Windows 2000 Administrative StrategiesWindows 2000 provides you with a great deal of flexibility when you administer your network. The tools andmethods provided in Windows 2000 include: Terminal ervices. !rom a client computer" you can run interactive sessions on a remote computer that isrunning Windows 2000 erver so that you can administer the server from the client computer as if you were usingthe server locally.

#$%. #$% is a standard for retrieving information from a wide range of networking devices. &t can also alertnetwork administrators about events on these devices. 'ou can manage computers running Windows 2000 byusing an #$%(based management application.

#$% ervice. Windows 2000 supports #$% with the #$% service. The #$% service provides Windows2000 with the ability to use #$% to )uery computers for data and communicate with the third(party managementsystems.


2/10

%erforming *dministrative Tasks +emotely by ,singTerminal ervices

'ou can use Terminal ervices in Windows 2000 to remotely administer a network or a device on that network.Terminal ervices allows you to open interactive sessions on a remote server and administer the server from aclient computer as if you were using the server locally. The desktop of the server appears in a window on thedesktop of your local computer. The Terminal ervices client sends keystrokes and mouse movements to theTerminal server and receives screen updates from the server.

,sing Terminal ervices for remote administration provides the following benefits: 'ou can perform all administrative tasks on a server from a remote computer" including software installation.

'ou can connect to a server running Terminal ervices from client computers running Windows 2000" $icrosoftWindows #T-" $icrosoft Windows /" $icrosoft Windows " $icrosoft Windows 1. " and $icrosoft Windows34.

The Terminal ervices client software re)uires minimal resources to run. The installation files for the clientcomputer fit on two to four floppy disks.

Terminal ervices provides excellent performance" even over a slow network link. 5ecause the Terminalervices client transmits only keystrokes and mouse movements" and Terminal ervices only transmits screenupdates" bandwidth re)uirements are low.


3/10

+e)uirements for Terminal ervices +emote *dministration

The computer on which you install Terminal ervices must meet the following re)uirements to use Terminalervices for remote administration: The computer must be running one of the operating systems in the Windows 2000 erver family.

'ou must install Terminal ervices on the server and Terminal ervices 3lient on the client computer.

4ach active session on the server re)uires approximately 6 megabytes 7$58 of random access memory7+*$8" in addition to memory re)uirements for the application in the Terminal ervices session and other memorythat the server is using. This amount of +*$ is therefore unavailable for other use.

Installing Terminal Services for Remote Administration

When you install Terminal ervices on a computer running Windows 2000" you must decide whether to install it in

application server mode or in remote administration mode. 'ou must select the appropriate mode when you installTerminal ervices. &n order to use Terminal ervices to administer your network" select remote administrationmode when installing Terminal ervices.3haracteristics of +emote *dministration $ode&n remote administration mode: Terminal ervices is limited to two concurrent connections.

Two Terminal ervices licenses are included. 'ou do not need to purchase additional client licenses.

Terminal ervices performance is optimi9ed for a small number of connections.

Terminal ervices security settings are configured to be higher than in application server mode.

5y default" only members of the *dministrators group have permissions to connect to the remote computer byusing Terminal ervices.

Installing Terminal ServicesTo install Terminal ervices:. pen *dd;+emove %rograms from 3ontrol %anel" and then click *dd;+emove Windows 3omponents.

2. &n the Windows 3omponents wi9ard" on the Windows 3omponents page" select the Terminal ervices checkbox" and then click #ext.

1. n the Terminal ervices etup page" click +emote administration mode" click #ext when prompted type thepath to the setup files" and then click !inish.


4/10

When you install Terminal ervices for remote administration" Windows 2000 automatically optimi9es manysettings for a small number of client connections. Windows 2000 also configures some security settings for ahigher level because administrators may access confidential data while accessing the Terminal server from aninsecure client computer. !or example" only administrators have permissions to log on to a terminal server. *lso"when you install Terminal ervices in remote administration mode" Windows 2000 ensures that no data from asession can remain on the client computer>s 3lipboard. 'ou can improve performance and security further byperforming additional configuration steps.

3onfiguring %erformance %arameters'ou can configure two performance parameters to enhance the performance of the Terminal ervices session.ptimi9ing ervices +unning n The erver5ecause performance for multiple Terminal ervices sessions is not the primary purpose of the server that youare configuring" you must optimi9e the performance of background services" such as file and printer sharing.To configure background services:. &n 3ontrol %anel" double(click ystem.

2. &n the ystem %roperties dialog box" on the *dvanced tab" click %erformance ptions.

1. !or the ptimi9e performance for option" click 5ackground services.

Freeing Computer Resources'ou can configure Terminal ervices to close inactive and disconnected Terminal ervices client sessions after adesignated amount of time. This is useful if you limit the number of concurrent sessions and an administratorforgets to end a session. These settings also enhance security.

To maximi9e resource availability" you should set the idle session limit to ten minutes and the time limit to end adisconnected session to five minutes.To set the idle session limit and the time to end disconnected session limit:. pen Terminal ervices 3onfiguration from the *dministrative Tools menu.

2. &n the +?%(Tcp %roperties dialog box" on the essions tab" ensure that verride user settings is selected.

1. &n the &dle session limit list" click 0 minutes.


5/10

!ncrypting Terminal Services "ata'ou can encrypt the data between the Terminal ervices server and client computer to prevent access tounauthori9ed people. 4ncrypting this data can decrease performance on slow client computers" but highencryption is recommended due to the often confidential nature of administrative tasks.To encrypt data between Terminal ervices clients and servers:. pen Terminal ervices 3onfiguration from the *dministrative Tools menu.

2. &n Terminal ervices 3onfiguration" select 3onnections" and in the right pane" right(click the +?%(Tcpconnection and then select %roperties.

1. n the @eneral tab" click Aigh to set the encryption level to high.

#$% peration

#$% is an industry(standard network management protocol that is used to manage network nodes 7servers"workstations" routers" bridges" and hubs8 from a centrally located host. #$% is widely used with Transmission3ontrol %rotocol;&nternet %rotocol 7T3%;&%8 networks and" more recently" with &nternetwork %acket4xchange; e)uenced %acket 4xchange 7&%B; %B8 networks. Windows 2000 supports #$% through the #$%service. ,nderstanding how to use #$% helps you effectively implement #$% to manage your network.

#$%" a part of the T3%;&% protocol suite" was developed in the &nternet community to monitor and troubleshootrouters and bridges. #$% provides the ability to monitor and communicate status information between manydifferent networking devices" such as: 3omputers running Windows 2000

3omputers running Windows #T

+outers or gateways

$inicomputers or mainframe computers

Wiring hubs

The #$% service sends status information to one or more hosts when the host re)uests the information" orwhen a significant event occursCfor instance" when a host runs out of hard disk space. !or a more extensivelisting of applicable +!3s" see the D imple #etwork $anagement %rotocolE section in the Windows 2000 erver+esource =it.

#$% uses a distributed architecture. This architecture consists of two components: management systems andagents. $anagement system. * management system is any computer running #$% management software. Theprimary function of any management system is to re)uest information from an agent.

*gents. *n agent is any device running #$% agent software" such as a server or router. The primary functionof an agent is to send information that the management system re)uests.

#$% $anagement ystem &nformation +e)uest * management system can re)uest information through the get" get(next" get(bulk" and set operations. The get operation is a re)uest for a specific value" such as the amount of hard disk space available.


6/10

The get(next operation is a re)uest for the DnextE value. 'ou use this operation to re)uest data that follows thecurrent data.

The get(bulk operation is a re)uest for a large amount of management data. 'ou use this re)uest to minimi9ethe number of protocol exchanges.

The set operation changes a value. 'ou rarely use this operation" because most values have read(only accessand cannot be set.

#$% *gent Trap $essagesThe notify operation" also called a trap message" alerts management systems to an unusual event" such as apassword violation. 'ou configure an #$% agent to specify under what conditions it sends a trap" and to whatmanagement systems it sends traps. #ote The only management operation that an agent can initiate is a trap.

The Windows 2000 #$% ervice

3omputers running Windows 2000 can serve as #$% agents by using the Windows 2000 #$% service.3omputers running Windows 2000 with the #$% service installed can communicate with #$% managementsystems.The Windows 2000 #$% service: +eports traps to one or more hosts as they occur.

Aandles re)uests for status information from #$% management systems.

3an be installed and used on any computer running Windows 2000 and T3%;&% or &%B; %B.

,ses host names and &% addresses to identify the hosts to which it reports information and from which itreceives re)uests.#ote #$%,T&F" an #$% management tool in the Windows 2000 +esource =it" provides #$% managementfeatures. &n addition" there are many third(party products available to provide #$% management features on aWindows 2000 network.

The $anagement &nformation 5ase

* management information base 7$&58 defines what data a management system can re)uest from an agent" howthe management system must re)uest the data" and how the agent formats the information that it returns. * $&5serves as a set of manageable obGects that represent information about a network device" such as the number ofactive sessions or the version of network operating system software that runs on a host. #$% managementsystems and agents must share a common understanding of $&5 obGects in order to operate.

* $&5 combines similar obGects. !or example" the &nternet $&5 && defines H obGects that are essential for eitherfault analysis or configuration analysis. The F*# $anager $&5 defines obGects to monitor computers runningWindows 2000" Windows #T" or F*# $anager. ther $&5s cover components such as ?ynamic Aost

3onfiguration %rotocol 7?A3%8 or Windows &nternet #ame ervice 7W 8.Typically" an #$% management system removes the intricacies of understanding $&5 definitions formanageable obGects from an administrator. Aowever" when selecting an #$% management system" you mustensure that it supports all of the $&5s that Windows 2000 uses.

#ote !or more information about &nternet $&5 &&" see +!3 2 1

The $&5 obGect namespace is hierarchical. &t is structured so that each manageable obGect can be assigned aglobally uni)ue name. The &nternational rgani9ation for tandardi9ation 7& 8 has authority for the root of the


7/10

namespace and assigns authority for parts of the namespace to individual organi9ations. This allowsorgani9ations to assign names without consulting an &nternet authority for each assignment.bGect &dentifier !ormat

The obGect identifier in the hierarchy is written as a se)uence of labels beginning at the root and ending at theobGect. Fabels are separated with periods. !or example: .1.6. .


8/10

/. n the Windows 3omponents page" click #ext" and when Windows 2000 has configured all settings" click!inish.

The #$% service provides primitive security and context checking for Windows 2000Ibased agents and formanagement systems.

To configure #$% security on a Windows 2000Ibased agent:. pen 3omputer $anagement from the *dministrative Tools menu.

2. &n 3omputer $anagement" expand ervices and *pplications" and then in the console tree" click ervices.

1. &n the details pane" right(click #$% ervice" and then click %roperties.


9/10

%hysical This host manages any physical devices" such as repeaters. *pplications This host uses any applications that use T3%;&%. This option should always be selected.?atalink and This host manages a bridge.subnetwork&nternet This host acts as an &% gateway 7router8.4nd(to(end This host is an &% host. This option should always be selected.#ote The *pplications" &nternet" and 4nd(to(end services are enabled by default.


10/10

+eview

. 'ou need to administer a server remotely from several locations" including over a dial(up connection. Which isthe best method to useK

2. Which #$% operations are initiated by a management systemK Which #$% operation does an agentinitiateK

1. What is the purpose of a community nameK

Managing and Monitoring

Documents

Transcript of Managing and Monitoring