Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul:...
Transcript of Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul:...
![Page 1: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/1.jpg)
Modul: ITKGrundlagen:“Enterprise IT Infrastructure Building Blocks”
Freiburg, 12.September 2005
![Page 2: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/2.jpg)
Content
• Introduction Enterprise IT Architecture
• Network Architecture Basics, Components
• System Architecture , Storage, Server, Data Center Trends
• Security “AAA”
![Page 3: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/3.jpg)
Definition
“Information Technology is the use of
hardware, software, services, and supporting
infrastructure to manage and deliver
information.”
“Information Technology is the use of
hardware, software, services, and supporting
infrastructure to manage and deliver
information.”
![Page 4: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/4.jpg)
DevicesInformationPeople Systems
Enterprise IT
• Enterprise IT needs to connect information, people, systems and devices
![Page 5: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/5.jpg)
Distributed Enterprise IT Themes
Supplier B
Web SiteSupplier C
Orderfulfillment
Supplier A
Customers
Inventory
•Security•Reliability & Availability•Synchronous vs. asynchronous•Scalability•Integration
![Page 6: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/6.jpg)
• Multi Channel (Extend the access hence the transactional surface)
Web, Desktop, Mobile Apps, Call Centers, B2B Partners… Allow a context to be kept through different channels
• Service Oriented (maximize re-use, permit agility)
Key enabler of multi channel Permit legacy system wrapping Faster, easier integration across business processes Increases modularity, hence increases flexibility
• Very Internet Aware (Provide Connectedness)
Within Enterprise, Remote Employees, Partners, Customers
Enterprise IT Requirements
![Page 7: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/7.jpg)
Enterprise Architecture
• Used to define the Enterprise IT landscape to cope with the current and (hopefully) later requirements
• The art of abstraction and design of a systems, their structure, components and interrelation
• Different architectural views help to map business requirements to applications to physical systems
![Page 8: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/8.jpg)
Conceptual
Logical
Implementation
Business Information Application Technology
Physical Servers Software
Installed Network layout
Detailed design Technology
dependent design
DB schemas Data access
strategy
Process specifications
Logical Server types
Service Mappings
Service Interactions
Service definitions
Object models
Schemas & document specifications
Workflow models
Role Definitions
Service distribution
“Abilities”strategy
Process models Service factoring
Entity relationship models
Use cases & scenarios
Business models
Architectural views
![Page 9: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/9.jpg)
Enterprise Architecture Areas
Org
aniz
atio
nan
dSe
curit
y
Network Architecture
System Architecture
Data Architecture
Applications Architecture
Ope
ratio
nsan
dM
anag
emen
t
Functional Architecture
Strategy
![Page 10: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/10.jpg)
Standards not all there / still evolving
Org
aniz
atio
nan
dSe
curit
y
Network Architecture
System Architecture
Data Architecture
Applications Architecture
Functional Architecture
Ope
ratio
nsan
dM
anag
emen
t
Strategy
1980s& 1990s
1990s& 2000s
2000s& 2010s
Standardization Timeline
![Page 11: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/11.jpg)
Enterprise Architecture Areas covered in this talk
Org
aniz
atio
nan
dSe
curit
y
Network Architecture
System Architecture
![Page 12: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/12.jpg)
Network Architecture
![Page 13: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/13.jpg)
Networking Basics
![Page 14: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/14.jpg)
Communications Architecture
• The complexity of the communication task is reduced by using multiple protocol layers:
• Each protocol is implemented independently• Each protocol is responsible for a specific subtask• Protocols are grouped in a hierarchy
• A structured set of protocols is called a communicationsarchitecture or protocol suite
![Page 15: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/15.jpg)
TCP/IP Protocol Suite
• The TCP/IP protocol suite is the protocol architecture of the Internet
• The TCP/IP suite has four layers: Application, Transport, Network, and Data Link Layer
• End systems (hosts) implement all four layers. Gateways (Routers) only have the bottom two layers.
Application
Transport
Network Operating system
User-level programs
Data Link
Data Link
Media AccessControl (MAC)
Sublayer inLocal AreaNetworks
![Page 16: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/16.jpg)
Functions of the Layers
• Data Link Layer: Service: Reliable transfer of frames over a link
Media Access Control on a LAN Functions: Framing, media access control, error checking
• Network Layer: Service: Move packets from source host to destination host Functions: Routing, addressing
• Transport Layer: Service: Delivery of data between hosts Functions: Connection establishment/termination, error
control, flow control
• Application Layer: Service: Application specific (delivery of email, retrieval of
HTML documents, reliable transfer of file) Functions: Application specific
![Page 17: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/17.jpg)
TCP/IP Suite and OSI Reference Model
• The TCP/IP protocol stack does not define the lower layers of a complete protocol stack
ApplicationLayer
ApplicationLayer
PresentationLayer
SessionLayer
TransportLayer
NetworkLayer
(Data) LinkLayer
PhysicalLayer
TransportLayer
NetworkLayer
OSIReference
Model
(Data) LinkLayer
TCP/IP Suite
![Page 18: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/18.jpg)
Ports
• Available at the Transport layer• Provide the multiplexing/demultiplexing facility at
this layer• 16-bit numbers• 1-1024 is reserved for standard applications• Examples 80: HTTP 443: HTTPS 25: SMTP 20: FTP
![Page 19: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/19.jpg)
Switch
• A switch learns the MAC addresses of the devices connected to it, and sends packets directly and only to the target end-point.
• Provides much more consistent bandwidth and latency
![Page 20: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/20.jpg)
Router
• Segments LANs into distinct networks and subnetworks; e.g. the distinct red, green and blue LANs with distinct network numbers.
• Segments LANs into broadcast domains
• Provides interface to the WAN
3rd floor
2nd floor
1st floor
Ethernet switch
router
![Page 21: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/21.jpg)
VLAN
• A single physical LAN can be logically segmented into multiple logical LANs; and,
• Physically separate LANs can be made to behave and appear as a single LAN
• Packets are tagged according to LAN membership, e.g. green LAN, red LAN and blue LAN.
• Ethernet switches establish broadcast domains according to the defined VLAN boundaries
• Routers establish multiple VLANs on a single interface
![Page 22: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/22.jpg)
3rd floor
2nd floor
1st floor
Campus Backbone
3rd floor
2nd floor
1st floor
Building A Building B
Router
VLAN
![Page 23: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/23.jpg)
Firewall
• A Firewall is a barrier device placed between two separate Networks.
• The two most prevalent types of Firewalls are Packet Filters and Application Layer Gateways.
![Page 24: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/24.jpg)
Packet Filters
• Packet Filters block traffic• Sometimes called screening routers• The filtering method is based on IP address and/or port
numbers. • They impose security restrictions at lower layers usually by
inspecting IP and TCP /UDP packet headers against tables of filtering rules.
• Based on the information it extract from the packet headers, the Packet Filter makes security decisions such as “forward this packet” or “don’t forward this packet
![Page 25: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/25.jpg)
• Application Level Gateways (ALGs) serve as a relay between two networks.
• ALGs are application-aware entities that examine application protocol flows and only allow messages that conform to security policies to pass through
• ALGs may also modify messages so that they will conform to the policies and be able to pass through
Application Level Gateways
![Page 26: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/26.jpg)
Example
2 M
bit/s
Lea
sed
Line
128
k Bit/
s E
NX
Con
nec t
ion
![Page 27: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/27.jpg)
WLANs
![Page 28: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/28.jpg)
WLAN
• A WLAN shares same characteristics as a standard data-based LAN with the exception that network devices do not use cables to connect to the network
• RF is used to send and receive packets• Sometimes called Wi-Fi for Wireless Fidelity
![Page 29: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/29.jpg)
IEEE 802.11 Standards
• IEEE 802.11 802.11b- DSSS @11Mbps 2.4GHz 802.11a- DSSS @54Mbps 5GHz
802.11g- DSSS @22Mbps 2.4GHz 802.11e- DSSS @22Mbps w/QoS
![Page 30: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/30.jpg)
WLAN Components
Access Point
Internet
802.11b EthernetRouter
![Page 31: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/31.jpg)
WLAN Components (continued)
• Each network device must have a wireless network interface card installed
• Wireless NICs are available in a variety of formats: Type II PC card CompactFlash (CF) card USB stick Build in
![Page 32: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/32.jpg)
WLAN Components (continued)
• An access point (AP) consists of three major parts: An antenna and a radio transmitter/receiver to send and receive
signals An RJ-45 wired network interface that allows it to connect by
cable to a standard wired network Special bridging software
![Page 33: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/33.jpg)
Basic WLAN Security
• Two areas: Basic WLAN security Enterprise WLAN security
• Basic WLAN security uses two new wireless tools and one tool from the wired world: Service Set Identifier (SSID) beaconing MAC address filtering Wired Equivalent Privacy (WEP)
![Page 34: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/34.jpg)
Wired Equivalent Privacy (WEP)
• Optional configuration for WLANs that encrypts packets during transmission to prevent attackers from viewing their contents
• Uses shared keys―the same key for encryption and decryption must be installed on the AP, as well as each wireless device
• A serious vulnerability in WEP is that the IV is not properly implemented
• Every time a packet is encrypted it should be given a unique IV
![Page 35: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/35.jpg)
Trusted Network
• It is still possible to provide security for a WLAN and treat it as a trusted network
• Wi-Fi Protected Access (WPA) was crafted by the WECA in 2002 as an interim solution until a permanent wireless security standard could be implemented
• Has two components: WPA encryption WPA access control
![Page 36: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/36.jpg)
System ArchitectureStorage
![Page 37: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/37.jpg)
Networked & Direct Attached Storage
![Page 38: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/38.jpg)
Storage types
Storage Type Product Use Environment
Networked Storage Improve manageablilty, useability and costs by moving storage out the server.
Storage Area Network (SAN)
Intensive data processing and management of large quantities of storage.
300 GB or more with 1-100 servers
Network Attached Storage (NAS)
File Sharing 160GB or more attached to an IP network or a SAN
Direct Attached Satisfy immediate storage needs for overloaded servers.
SCSI Disk Arrays
Simple storage attaches directly to your server or basic clustering.
Can attach up to two servers directly to the array.
Fibre Disk
Buy the building blocks of a SAN as needed. Attach more servers as you grow.
Can attach up to two servers directly to the array.
![Page 39: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/39.jpg)
SCSI implementations
• SCSI-1: Uses an 8-bit bus, and supports data rates of 4 MBps• SCSI-2: Same as SCSI-1, but uses a 50-pin connector instead of a 25-
pin connector, and supports multiple devices. This is what most people mean when they refer to plain SCSI.
• Wide SCSI: Uses a wider cable (168 cable lines to 68 pins) to support 16-bit transfers.
• Fast SCSI: Uses an 8-bit bus, but doubles the clock rate to support data rates of 10 MBps.
• Fast Wide SCSI: Uses a 16-bit bus and supports data rates of 20 MBps.
• Ultra SCSI: Uses an 8-bit bus, and supports data rates of 20 MBps. • SCSI-3: Uses a 16-bit bus and supports data rates of 40 MBps. Also
called Ultra Wide SCSI.• Ultra2 SCSI: Uses an 8-bit bus and supports data rates of 40 MBps. • Wide Ultra2 SCSI: Uses a 16-bit bus and supports data rates of 80
MBps.
![Page 40: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/40.jpg)
SAN (Storage Area Network)
• A SAN is an intelligent network environment in which storage resources are deployed and managed independently of any single server .
![Page 41: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/41.jpg)
SAN Benefits
• Performance FC @ 200MB/sec vs SCSI @ 40MB/sec
• Availability Redundancy, non-disruptive upgrades
• Scalability Add or re-deploy storage as needed
• Backup/restore/archive LAN-free; move data at FC speed vs LAN (up to 100x)
• Centralized storage management Manage SAN as a single entity (shared resources)
![Page 42: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/42.jpg)
SAN Components
Fiber Channel (FC) networkRedundant network made upof fiber channel switches•Very low latency•High reliability•Fiber optic or copper cables•Distance 10km•1, 2 or 4 Gb transmission speeds
Host Bus Adapter (HBA)Similar to a SCSI adapter card or a network interface card (NIC), provides the server with a FC interface to the SAN
Storage SubsystemIncludes storage processor,cache and storage devices (e.g. disks)
![Page 43: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/43.jpg)
DELL EMC2 SAN solution: 4TB capacity
DAE (Disk Array Enclosure)
CX300 DPE (Disk Processor Enclosure )
DAE (Disk Array Enclosure)
24 Port FC Switches 2GB/s
![Page 44: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/44.jpg)
DELL EMC2 SAN solution: 4TB capacity
DAE (Disk Array Enclosure)
CX300 DPE (Disk Processor Enclosure)
DAE (Disk Array Enclosure)
24 Port FC Switches 2GB/s
![Page 45: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/45.jpg)
iSCSI
• Native storage I/O over TCP/IP Leveraging the install base of Ethernet and TCP/IP networks Lower costs than FC Lower performance Much higher latency Only really comparable to FC
with TOE and iSOE on NICiSCSI
TCP
IP
MAC
PHY
![Page 46: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/46.jpg)
RAID
![Page 47: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/47.jpg)
RAID (Redundant Array of Inexpensive Disks)
• Late 1980s R&D project at UC Berkeley • Capacity scaling
Combine multiple address spaces as a single virtual address
• Performance through parallelism Spread I/Os over multiple disk spindles
• Reliability/availability with redundancy Disk mirroring (striping to 2 disks) Parity RAID (striping to more than 2 disks)
![Page 48: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/48.jpg)
Most common RAID level
• Level 0 (striping) Any application which requires very high speed storage, but does not need
redundancy. Photoshop temporary files are a good example Minimum of 2 drives required
• Level 1 (mirroring) , Applications which require redundancy with fast random writes; entry-
level systems where only two drives are available. Small file servers are an example
Minimum of 2 drives required• Level 5 (distributed (stripping) parity),
High performance if most I/O is random and in small chunks. Database servers are an example
Minimum of 3 drives required• Level 0/1 or 10 (mirroring and striping)
Dual level raid, combines multiple mirrored drives (RAID 1) with data striping (RAID 0) into a single array. Provides highest performance with data protection
Minimum of 4 drives required
![Page 49: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/49.jpg)
RAID Level 5
![Page 50: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/50.jpg)
Backup & Recovery
![Page 51: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/51.jpg)
File server Web server DB server APP server
Backup server
SCSI bus
Backupagent
Backupagent
Backupagent
Backupagent
Work schedulerData mover
Metadata systemMedia manager
Tape drive(s) orTape subsystem
Ethernet network
Generic Network Backup System
![Page 52: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/52.jpg)
Tape subsystems
Robot
Tape Subsystem Controller
Tapedrive
Tapedrive
Tapedrive
Tapes
![Page 53: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/53.jpg)
Backup operations
• Full (all data) Longest backup operations Usually done over/on weekends Easiest recovery with 1 tape set
• Incremental (changed data) Shortest backup operation Often done on days of the week Most involved recovery
• Differential (accumulated changed data) Compromise for easier backups and recovery Max 2 tape set restore
![Page 54: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/54.jpg)
• Completing backups within the backup window* Starts after daily processing finishes Ends before next day's processing begins
• Media management and administration Thousands of tapes to manage Audit requirements are increasing On/offsite movement for disaster protection
• Balancing backup time against restore complexity
*Backup window = time allotted for daily backups
Traditional backup challenges
![Page 55: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/55.jpg)
LAN-free backup in SANs
File server Web server DB server APP server
Backupsoftware
Ethernet client network
Backupsoftware
Backupsoftware
Backupsoftware
SAN switch
Tape drives or tape subsystem
SAN
LAN
![Page 56: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/56.jpg)
Advantages of LAN-free backup
• Consolidated resources (especially media)• Centralized administration• Performance• Offloads LAN traffic
![Page 57: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/57.jpg)
System ArchitectureServer
![Page 58: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/58.jpg)
Server Clustering
![Page 59: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/59.jpg)
Today’s server infrastructure requirements
• High Availability No single point of failure Real time notification
• Scalability Increasing processing power and capacity needs Incremental addition of resources
• Manageability Contain the cost of maintaining a increasingly complex
environment
![Page 60: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/60.jpg)
• Cluster = A group of individual computers and storage devices that work together yet can be accessed as a single system.
Cluster definition
![Page 61: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/61.jpg)
Clustering Terminology:• Nodes = An individual system that is either an active or inactive member of a
cluster.• Cluster service = The collection of software on each node that manages or
performs a cluster specific activity.• Resources = Physical or logical entities managed by the Cluster service.
Example: Disk drives• Shared Disks = Devices (normally hard drives) that cluster nodes are attached
to via a shared bus.• Quorum Disk = Resides on the shared disks and maintains consistency of the
cluster configuration on all nodes. It contains management data, recovery log, and arbitrates between nodes to determine ownership of the cluster.
Cluster Concepts and Terminology
![Page 62: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/62.jpg)
Cluster configuration
Private Storage Device
Private Storage Device
Shared Storage Device
Heartbeat
LAN
![Page 63: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/63.jpg)
Data Center Trends
![Page 64: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/64.jpg)
DBMS Servers
Web Servers
Browsers
App Servers
Load Balancing
Storage Network
Firewall Network
• Mapping of server platforms to n-tier architectures
• Requirements and capabilities vary by tier
Data Centers today - A multi-tier perspective
![Page 65: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/65.jpg)
Scalability: Up and Out
• “Scale Up” Datacenter Class machines “big iron” Cluster for availability
• “Scale Out” Commodity servers Cluster for scalability and availability
Up
Out
![Page 66: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/66.jpg)
2004 2008
Scale out Blade servers Thin rack form
factor (1-2U) Small SMP
(1-2 CPUs) Intel Volume
Scale out Modular servers Rack or standalone
form factor Medium SMP
(1-4 CPUs) Intel Volume
Scale up and out Single instance* Large SMP or
hybrid (NUMA) (4-16+ CPUs)
Intel & RISC
Win2003 Linux
Win2003 Linux
Win2003 Unix &
legacy Linux
Multiple boxes IP load balancing Systems
management services
Same as above plus: Application server
session management
App server load balancing
Data storage (mirroring, RAID, replication)
OS clustering DBMS clustering Typically 2 nodes
(moving to 4+)
Operating System
Win2000 Linux NT Win2003
Win2000 Linux NT Unix Win2003
Win2000 Unix Win 2003 Legacy NT Linux
PlatformScalability
High Availability
ServerLayer
WebServer
AppServer
DBMSServer
The tiers
![Page 67: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/67.jpg)
Data center example
2 M
bit/s
Lea
sed
Line
128
k Bit/
s E
NX
Con
nec t
ion
![Page 68: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/68.jpg)
• Virtualization Clients see a large virtual server Underlying infrastructure hidden
• Virtualization form factors Blades contain processor, memory, and I/O Rack contains blades, switches, UPS and cooling Grids, add sync/async network, applications aware of bandwidth
and latency dynamics
Virtualization
![Page 69: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/69.jpg)
Typical Blade Platform Today
Compute Blades Chassis midplane
Network switches
FC switches
Chassis Management Module (CMM)
1GBE NIC
1GBE NIC
CPU
CPU Memory
Chipset
IDE Drive
IDE Drive
Fiber Channel Daughter Card
1GBE NIC
1GBE NIC
CPU
CPU Memory
Chipset
IDE Drive
IDE Drive
Fiber Channel Daughter Card
1GBE NIC
1GBE NIC
CPU
CPU Memory
Chipset
IDE Drive
IDE Drive
Fiber Channel Daughter Card
1GBE NIC
1GBE NIC
CPU
CPU Memory
Chipset
IDE Drive
IDE Drive
Fibre Channel Daughter Card
• Current models are typically 6U to 7U chassis with 10 to 14 1P/2P x64 blades
• Each blade is like a server motherboard IDE/SCSI attached disks, network and IO Daughter card on the
blade Midplane is passive; IO switches provided in the chassis
![Page 70: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/70.jpg)
DELL PowerEdge 1855 Blades
Blade Chassis
Blade Server
![Page 71: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/71.jpg)
Server Virtualization example
• Volume 32-bit application solution• Out of the box consolidation• Heterogeneous OS/App
consolidation• Supported on standard servers• Highly flexible and configurable
solution
Software Partitions using Virtual Server (VS) 2005
Windows compliant server
Windows Host OS
App App App
NT4 Win2K Win2K3
Virtual Server
![Page 72: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/72.jpg)
What is Grid Computing?
“In basic terms, grids are clusters of interconnected servers, enabling shared computing resources
utilization”
“Defining Grid Computing”, Giga Research
![Page 73: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/73.jpg)
Grid Computing Vision
• Computing as a utility A network of clients and service providers
• Client-side: Simplicity Request computation or information and receive it
• Server-side: Sophistication Availability, load balancing, utilization Information sharing, data management
![Page 74: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/74.jpg)
Grid Computing Components
• Storage• Database Servers• Application Servers• Provisioning and
Management Tools
![Page 75: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/75.jpg)
Who we are
Organization and Security
![Page 76: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/76.jpg)
Sophistication of Hacker Tools
Packet Forging/ Spoofing
19901980
Password Guessing
Self Replicating Code
Password Cracking
Exploiting Known Vulnerabilities
Disabling Audits
Back Doors
Hijacking Sessions
Sweepers
Sniffers
Stealth Diagnostics
Technical Knowledge Required
High
Low 2000
DDOS
Internet Worms
Threats Are More Dangerous; Easier to Use
![Page 77: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/77.jpg)
Data and ResourcesData and Resources
Application DefensesApplication Defenses
Host DefensesHost Defenses
Network DefensesNetwork Defenses
Perimeter DefensesPerimeter Defenses
Ass
ume
Pri
or L
ayer
s Fa
ilA
ssum
e P
rior
Lay
ers
Fail
Security - Defense In Depth
![Page 78: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/78.jpg)
IdentitySecureConnectivity
PerimeterSecurity
Security Monitoring
Security Management
Network Security Tools
Internet
AuthenticationFirewallsVPN
Intrusion DetectionScanning Policy
![Page 79: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/79.jpg)
Identity Services: Think “AAA”
• Authenticate: Who are you?• Authorize: What can you do?• Account: What did you do?
797979
![Page 80: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/80.jpg)
Identity and AAA+
• User account management—manage users across an ever-expanding set of network access points (voice, video, cable, DSL, wireless, etc. )
• User authentication—stronger authentication required to control users accessing corporate resources from public networks and VPNs
• User and administration policies—more flexibility to address different authorization requirements across LANs, WANs, VPNs, intranets, extranets and B2B exchanges
• User reporting and tracking—tools to monitor, audit and log user and administration activity in the network
• User Session management—track IP-to-ID, user status, transparent authentication, maximum sessions, user security (is Fred on the network?), etc.
![Page 81: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/81.jpg)
Intranet/ExtranetBusiness-to-Business
Access ControlServer
Branch Office
ISDN
RADIUS
NAS
PSTNAnalog
Corp Network
Token server
External Datastore
Win32, NDS, SQL,ODBC, LDAP, etc.
Voice
AAA in the Network
Internet
Home Telecommuter
DSLCable
ISPGateway
Proxy AAA
Wireless LANs
TelnetAdminTACACS+
Internet VPNs Wireless LANs
Wireless
802.1xSwitching
![Page 82: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/82.jpg)
Authentication
• Verification of the user’s identity• Three factors (three Ws)
What you Know (pin, password) What you Have (token, key pair, smartcard) Who You Are (fingerprint, voice, DNA...)
• “Two-Factor” authentication is common goal to increase security, better establish who the users are
• Initial logon procedure to authenticate user• Doesn’t specify what a user is allowed or not allowed to do (Authorization)• Various authentication methods
Classic User ID / password Third-party authentication
• Windows 2000• UNIX• Netegrity SiteMinder• Lotus Notes
Kerberos
![Page 83: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/83.jpg)
Kerberos - the 3-headed dog that guards the entrance to Hades
![Page 84: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/84.jpg)
What is Kerberos?
• Developed at M.I.T.• A secret key based service for providing authentication in open
networks• Authentication mediated by a trusted 3rd party on the network:
Key Distribution Center (KDC)
![Page 85: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/85.jpg)
Kerberos overview
• Authentication method: User’s enter password on local machine only Authenticated via central KDC once per day No passwords travel over the network
• Single Sign-on (via TGS): KDC gives you a special “ticket”, the TGT, usually good for rest of the day TGT can be used to get other service tickets allowing user to access them
(when presented along with authenticators)
![Page 86: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/86.jpg)
Directories
• Directory - the database that holds the information about objects that are to be managed by the directory service
• Directory service - the interface to the directory; provides access to the data that is contained in that directory.
• Directory services act as a central authority that can securely authenticate resources and manage identities and relationships between them.
• Directory services use a distributed model for storing their information and that information is usually replicated between directory servers.
![Page 87: Modul: ITKGrundlagen: Enterprise IT Infrastructure ...element74.net/ITK Grundlagen.pdfModul: ITKGrundlagen: ... 802.11e- DSSS @22Mbps w/QoS. WLAN Components Access Point Internet 802.11b](https://reader033.fdocuments.us/reader033/viewer/2022052813/6098ecd1a602cf781b6bf84a/html5/thumbnails/87.jpg)
LDAP – Light Weight Directory Access Protocol
• LDAP defines a relatively simple protocol for updating and searching directories running over TCP/IP
• Implementations: MS Active Directory Novell eDirectory Red Hat Directory Server