IT Arkitektur og Sikkerhed

Præsentationer af emnet: "IT Arkitektur og Sikkerhed"— Præsentationens transcript:

1 IT Arkitektur og Sikkerhed
Lektion 2 Version 1.01

2 Dagsorden Sidste uge Denne uge Introduktion til netværk
Introduktion til computere Introduktion til OS Virtuelle maskiner RAID SAN NAS Cluster Load Balancing Directories LDAP & Microsoft AD Server roller i IT infrastrukturen Server based computing 2

3 Introduktion til Computere
CPU Memory Video Controller Keyboard Controller Floppy disk Controller Hard Disk controller 3

4 Processor (CPU) CPU’en får instruktioner fra hukommelsen og eksekverer dem Alle CPU’er opererer på følgende måde Fetch henter instruktioner fra hukommelsen Decode fordeler instruktionen til relevante dele af CPU’en Execute CPU’en udfører instruktionen Writeback Skriver eventuelt resultatet af de udførte instruktioner tilbage til hukommelse Der findes flere typer af CPU arkitekturer RISC (Reduced Instruction Set Computer) CISC (Complex Instruction Set Computer) After the execution of the instruction and writeback of the resulting data, the entire process repeats, with the next instruction cycle normally fetching the next-in-sequence instruction because of the incremented value in the program counter. If the completed instruction was a jump, the program counter will be modified to contain the address of the instruction that was jumped to, and program execution continues normally. In more complex CPUs than the one described here, multiple instructions can be fetched, decoded, and executed simultaneously. This section describes what is generally referred to as the "Classic RISC pipeline," which in fact is quite common among the simple CPUs used in many electronic devices (often called microcontroller). It largely ignores the important role of CPU cache, and therefore the access stage of the pipeline. Being an old idea, some aspects attributed to the first RISC-labeled designs (around 1975) include the discovery that compilers of the time were often unable to take advantage of features intended to facilitate coding, and that complex addressing took many cycles to perform. It was argued that such functions would better be performed by sequences of simpler instructions if this could yield implementations simple enough to cope with really high frequencies, and small enough to leave room for many registers (in place of complex logic or microcode - transistors were then a scarce resource), factoring out slow memory accesses. Uniform, fixed length instructions with arithmetics restricted to registers were chosen to ease instruction pipelining in these simple designs, with special load-store instructions accessing memory. A complex instruction set computer (CISC, pronounced like "sisk") is a computer instruction set architecture (ISA) in which each instruction can execute several low-level operations, such as a load from memory, an arithmetic operation, and a memory store, all in a single instruction. The term was retroactively coined in contrast to reduced instruction set computer (RISC). 4

5 Processor (CPU) De fleste CPU opererer i mindst to forskellige modes (privilege modes): User mode – CPU har kun adgang til et subset af instruktionerne og mindre hardware Kernel mode (supervisor mode) – CPU afvikle alle instruktioner i et instruktionssæt. Og har adgang til den faktiske hardware Hypervisor mode er et nyt koncept der blandt andet er introduceret af Intel og AMD i de nyere CPU arkitekturer – Hypervisor er vigtig at bide mærke i.f.t. virtualisering In kernel mode, the CPU may perform any operation provided for by its architecture. Any instruction may be executed, any I/O operation may be initiated, any area of memory may be accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically certain instructions are not permitted, I/O operations may not be initiated, some areas of memory cannot be accessed etc. Usually the user-mode capabilities of the CPU are a subset of the kernel mode capabilities, but in some cases (such as hardware emulation of non-native architectures), they may be significantly different from kernel capabilities, and not just a subset of them. At least one user mode is always defined, but some CPU architectures support multiple user modes, often with a hierarchy of privileges. These architectures are often said to have ring-based security, wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the central, innermost ring. Multics hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the Intel protected mode, and the IA-64 as well, though it is referred to by a different name in these cases. Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical levels or layers of privilege within the architecture of a computer system. This is generally hardware-enforced by some CPU architectures that provide different CPU modes at the firmware level. Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as the CPU and memory. Special gates between rings are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources intended for programs in another. For example, spyware running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for device drivers. Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring. 5

6 Hukommelse (Memory) Hukommelsen bruges til at gemme instruktioner og data, mens et program eksekverer. Man designer typisk hukommelse ud fra tre kriterier: Hastighed Pris Kapacitet Intet hukommelse er optimalt på alle områder Man taler derfor om et hukommelse hierarki inde i en computer 6

7 Hukommelse In computer operating systems that have their main memory divided into pages, paging (sometimes called swapping) is a transfer of pages between main memory and an auxiliary store, such as hard disk drive.[1] Paging is an important part of virtual memory implementation in most contemporary general-purpose operating systems, allowing them to use disk storage for data that does not fit into physical RAM. Paging is usually implemented as architecture-specific code built into the kernel of the operating system. 7

8 I/O enheder Som nævnt tidligere styrer OS også I/O enheder
VIGTIGT et typisk brugerprogram kan IKKE tilgå I/O enheder direkte En I/O enhed består typisk af to dele: En device controller som er en chip (eller flere). Typisk en lille microcontroller der er uafhængig af CPU’en og som kun er programmeret til at styre enheden. Enheden selv Eksempler: Et grafikkort eller en monitor En harddisk controller og selve harddisken En printer controller med tilhørende printer ….. En device controller kaldes ofte også for et kort eller en adapter (SCSI) 8

9 I/O enheder OS tager fat i device controlleren. Device controlleren tager derefter direkte fat i hardwaren. Den del af OS der taler med device controlleren hedder en device driver. En device controller vil typisk have forskellige device drivers for hvert operativsystem: Enhed Linux OS Manufacturer A controller Linux driver Win XP OS Windows XP driver Manufacturer B controller Solaris OS Solaris driver Manufacturer C controller …… ……………… Hardware Software 9

10 I/O enheder og drivere En device driver arbejder tæt sammen med kernefunktioner i operativsystemet og skal derfor typisk køre i kernel mode eller i et trusted ring mode. Der er typisk tre måder at loade en driver i et operativsystem: Relink OS kærnen med driveren og reboote systemet De fleste Unix typer virker sådan. Ved at lave et entry i konfigurationsfilen for operativsystemet og fortælle den at den skal loade driveren ved boot. Typisk for Windows Load og accepter driveren mens operativsystemet kører. Giver mulighed for hot-plugging (Plug and Pray?). Kaldes for ”dynamic loading”. Man behøver ikke her at reboote. De fleste OS’er arbejder i den retning. USB behøver typisk dynamic loading. 10

11 Hvad er et Operativ System (OS)?
Et program der bliver startet af BOOT processen. Et program der tilgås via. Et applikationsprogram interface (API) En brugergrænseflade (GUI) Styrer brugen af CPU’en, herunder multi-tasking af applikationer Styrer brugen af den interne hukommelse i systemet Styrer input til og output fra tilknyttet hardware; såsom diske, printere, m.m. Sender beskeder til applikationer og brugere om status på operationer der udføres, og eventuelle fejl der sker. 11 11

12 Hvor bliver OS brugt? Flere og flere steder… På desktop og servere
MAC OSX Server Windows NT, 2000, XP, 2003 og VISTA BSD Linux varianter; Kommercielle såvel som Open Source Novell/SuSE (OpenSuSE) RedHat (Fedora) Debian Ubuntu Gentoo Kommercielle UNIX varianter: Solaris (BSD), AIX (AT&T), HPUX (AT&T) Andre; OpenVMS, OS/400, m.fl. På netværksudstyr Routere 12 12

13 Hvor bliver OS brugt? PDA’er Mobiltelefoner Spillekonsoller Andet
PalmOS Windows Mobile Embedded Linux Mobiltelefoner Symbian OS Spillekonsoller Xbox, Xbox360 PSP, PS2, PS3 Andet Biler Lyd & Billede 13 13

14 UNIX Ken Thompson starter med at arbejde på UNIX i 1969
Bill Joy starter med at arbejde på BSD i 1976 Avie Tevanian starter med at arbejde på MACH i 1985 Steve Jobs starter med at arbejde på NextStep i 1985 Richard Stallman starter med at arbejde på GNU i 1984 Linus Thorvaldsen starter med at arbejde på Linux i 1991 14 14

15 BOOT processen Eksempel, PC
Når maskinen startes, initieres basic input-ouput system (BIOS) der er gemt på systemets read-only memory (ROM). BIOS udfører først en POST check for at sikre at systemets komponenter er tilstede og virker. BIOS er konfigureret til at vide hvor den skal finde OS. Normalt kigger den på disk, og herefter på CD-ROM. Rækkefølgen kan ændres. Når BIOS har bestemt hvor OS er, indlæser den første sektor (512-byte) på disken med Master Boot Record (MBR) MBR starter OS setup, og henter kærnen af OS ind i systemets hukommelse. 15 15

16 OS er lagdelt 16 16

17 Kærnen Kærnen ”kernel” er den inderste og grundlæggende del af OS, som bliver startet af BOOT processen og lagt ind i hoved hukommelsen. Kærnen er ALTID i hoved hukommelsen. Det varierer fra OS til OS hvad kærnen indeholder. 17 17

18 Typer af kærner Monolitiske kærner
Hele kærnen kører i hukommelsen og udstiller alle systemkald til services såsom netværk, process styring, hukommelsesstyring m.m. Det betyder i teorien at alt funktionalitet i kærnen bliver initieret ved systemstart. Moderne monolitiske kærner understøtter dog loadable modules dynamisk kan hentes ind i kærnen. Eksempler: DOS, Linux, BSD, Solaris m.fl. A monolithic kernel is a kernel architecture where the entire kernel is run in kernel space in supervisor mode. In common with other architectures (microkernel, hybrid kernels), the kernel defines a high-level virtual interface over computer hardware, with a set of primitives or system calls to implement operating system services such as process management, concurrency, and memory management in one or more modules.[citation needed] Even if every module servicing these operations is separate from the whole, the code integration is very tight and difficult to do correctly, and, since all the modules run in the same address space, a bug in one module can bring down the whole system. However, when the implementation is complete and trustworthy, the tight internal integration of components allows the low-level features of the underlying system to be effectively utilized, making a good monolithic kernel highly efficient. In a monolithic kernel, all the systems such as the filesystem management run in an area called the kernel mode 18 18

19 Typer af kærner Mikrokærner
En minimal kærne kører i hukommelsen og udstiller kun de mest basale systemkald til services såsom process styring, hukommelsesstyring m.m. Andre services der ellers ville være forventet i kærnen leveres af programmer uden for kærnen kaldt servers. Mikrokærner er blevet interessante i de senere år pg.a. sikkerhed. Eksempler: AmigaOS, SymbianOS m.fl. In 2006 the debate about the potential security benefits of the microkernel design has increased[3]. Many attacks on computer systems take advantage of bugs in various pieces of software. For instance, one of the common attacks is the buffer overflow, in which malicious code is "injected" by asking a program to process some data, and then feeding in more data than it stated it would send. If the receiving program does not specifically check the amount of data it received, it is possible that the extra data will be blindly copied into the receiver's memory. This code can then be run under the permissions of the receiver. This sort of bug has been exploited repeatedly, including a number of recent attacks through web browsers. To see how a microkernel can help address this, first consider the problem of having a buffer overflow bug in a device driver. Device drivers are notoriously buggy[4], but nevertheless run inside the kernel of a traditional operating system, and therefore have "superuser" access to the entire system[5]. Malicious code exploiting this bug can thus take over the entire system, with no boundaries to its access to resources [6]. For instance, under open-source monolithic kernels such as Linux or the BSDs a successful attack on the networking stack over the internet could proceed to install a backdoor that runs a service with arbitrarily high privileges, so that the intruder may abuse the infected machine in any way[7] and no security check would be applied because the rootkit is acting from inside the kernel. Even if appropriate steps are taken to prevent this particular attack[8], the malicious code could simply copy data directly into other parts of the kernel memory, as it is shared among all the modules in the kernel. A microkernel system is somewhat more resistant to these sorts of attacks[9] for two reasons. For one, an identical bug in a server would allow the attacker to take over only that program, not the entire system; in other words, microkernel designs obey the principle of least authority. This isolation of "powerful" code into separate servers helps isolate potential intrusions, notably as it allows a CPU's memory management unit to check for any attempt to copy data between the servers. 19 19

20 Typer af kærner Hybride kærner
Kombinerer elementer fra monolitiske- og mikrokærner. Ideen er at have en kærne lig en mikrokærne, men implementeret som en monolitisk kærne. Alle servers kører i kærnen. Eksempler: MAC OSX, Windows NT, 2000, 2003, XP & VISTA 20 20

21 OS bloat Op. Sys. SLOC Windows NT 16 millioner Red Hat Linux 7.1
Der har gennem tiden været en tendens, startende fra BSD med at inkludere flere og flere services til OS.. OS Bloats. Der kører heftige debatter om hvilke kærne typer der er bedst. Den voldsomeste og længstlevende debat er mellem Andrew S. Tanenbaum og Linus Torvalds Google: The Tanenbaum-Torvalds Debate Op. Sys. SLOC Windows NT 16 millioner Red Hat Linux 7.1 30 millioner Windows 2000 29 millioner Debian 3.1 213 millioner Windows XP 40 millioner Sun Solaris 7.5 millioner Windows VISTA 50 millioner MAC OS X 10.4 86 millioner Linux kernel 2.6 6 millioner The Tanenbaum-Torvalds debate is a debate between Andrew S. Tanenbaum and Linus Torvalds, regarding Linux and kernel architecture in general. Tanenbaum began the debate in 1992 on the Usenet discussion group comp.os.minix,[1] Tanenbaum arguing that microkernels are superior to monolithic kernels and that, for this reason, Linux is obsolete. The debate was not restricted to just Tanenbaum and Torvalds, as it was on a Usenet group; other notable hackers such as Ken Thompson (one of the founders of Unix) and David Miller joined in as well. Due to the strong tone used in the newsgroup posts, the debate has widely been recognized as a “flame war”, a deliberately hostile exchange of messages, between the two camps (of Linux and MINIX, or alternatively, of monolithic kernel enthusiasts and microkernel enthusiasts) and has been described as such in various publications.[2] Torvalds himself also acknowledged this in his first newsgroup post about the issue, stating (verbatim) “I'd like to be able to just 'ignore the bait', but ... Time for some serious flamefesting!”[3] This subject was revisited in 2006, again with Tanenbaum as initiator, after he had written a cover story for Computer magazine titled “Can We Make Operating Systems Reliable and Secure?”[4] While Tanenbaum himself has mentioned that he did not write the article for the purpose of entering a debate on kernel design again,[5] the juxtaposition of the article and an archived version of the 1992 debate on the technology site Slashdot caused the subject to be rekindled.[6] After Torvalds posted a rebuttal of Tanenbaum's arguments via an online discussion forum,[7] several technology news sites began reporting the issue.[8] 21 21

22 Modes og Processer Modes Processer En proces består af fem dele
Normalt kører processer i user mode Processer En proces er en instans af et kørende program. En proces består af fem dele En kopi af koden i programmet Hukommelse (real memory eller virtual memory) der indeholder koden, og proces specifik data OS ressourcer (descriptors) der er allokeret til processen Sikkerheds attributter, såsom proces ejer og proces rettigheder Processens kontekst In computer terms, supervisor mode (sometimes called kernel mode) is a hardware-mediated flag which can be changed by code running in system-level software. System-level tasks or threads will have this flag set while they are running, whereas user-space applications will not. This flag determines whether it would be possible to execute machine code operations such as modifying registers for various descriptor tables, or performing operations such as disabling interrupts. The idea of having two different modes to operate in comes from "with more control comes more responsibility" - a program in supervisor mode is trusted never to fail, because if it does, the whole computer system may crash. In general, a computer system process consists of (or is said to 'own') the following resources: An image of the executable computer code associated with a program. Memory (typically some region of virtual memory and/or real memory), which contains the executable code and process-specific data, including initial, intermediary, and final products. Operating system descriptors of resources that are allocated to the process, such as file descriptors (Unix terminology) or handles (Windows). Security attributes, such as the process owner and the process' set of permissions. Processor state (context), such as the content of registers, physical memory addressing, etc. The state is typically stored in computer registers when the process is executing, and in memory otherwise. Any subset of resources, but typically at least the processor state, may be associated with each of the process' threads in operating systems that support threads or 'daughter' processes. 22 22

23 Multitasking For at flere processer kan køre samtidigt og deles om de samme ressourcer, såsom CPU, er der behov at multitaske. CPU’en kan kun give opmærksomhed til én proces ad gangen, d.v.s. at CPU’en aktivt udfører instruktioner for denne proces. Med multitasking skemalægges hvilken proces der får opmærksomhed hvornår, og hvornår den næste proces for opmærksomhed Det kaldes context switch når CPU’en skifter opmærksomhed fra en proces til en anden. Hvis context switching sker hurtigt nok, virker det som om processerne kører i parallel Selv med computere med flere CPU’er (multiprocessor maskiner) hjælper multi-tasking med at køre flere processer end der er CPU’er In computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. In the case of a computer with a single CPU, only one task is said to be running at any point in time, meaning that the CPU is actively executing instructions for that task. Multitasking solves the problem by scheduling which task may be the one running at any given time, and when another waiting task gets a turn. The act of reassigning a CPU from one task to another one is called a context switch. When context switches occur frequently enough the illusion of parallelism is achieved. Even on computers with more than one CPU (called multiprocessor machines), multitasking allows many more tasks to be run than there are CPUs. Operating systems may adopt one of many different scheduling strategies, which generally fall into the following categories: * In multiprogramming systems, the running task keeps running until it performs an operation that requires waiting for an external event (e.g. reading from a tape) or until the computer's scheduler forcibly swaps the running task out of the CPU. Multiprogramming systems are designed to maximize CPU usage. * In time-sharing systems, the running task is required to relinquish the CPU, either voluntarily or by an external event such as a hardware interrupt. Time sharing systems are designed to allow several programs to execute apparently simultaneously. * In real-time systems, some waiting tasks are guaranteed to be given the CPU when an external event occurs. Real time systems are designed to control mechanical devices such as industrial robots, which require timely processing. The term time-sharing is no longer commonly used, having been replaced by simply multitasking. 23 23

24 Multithreading Multitasking lader programmørerne udvikle programmer der kører i flere samtidige processer (eksempelvis en til at samle data, en til at behandle data, en til at skrive resultatet til disk). Det kræver at flere programinstanser kan tilgå en process samtidigt. En Thread er en mappe for information som er tilknyttet én programinstans i en proces, d.v.s. at der kan findes flere threads under en process, dette kaldes Multithreading As multitasking greatly improved the throughput of computers, programmers started to implement applications as sets of cooperating processes (e.g. one process gathering input data, one process processing input data, one process writing out results on disk.) This, however, required some tools to allow processes to efficiently exchange data. Threads were born from the idea that the most efficient way for cooperating processes to exchange data would be to share their entire memory space. Thus, threads are basically processes that run in the same memory context. Threads are described as lightweight because switching between threads does not involve changing the memory context. Multithreading is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer. Each user request for a program or system service (and here a user can also be another program) is kept track of as a thread with a separate identity. As programs work on behalf of the initial request for that thread and are interrupted by other requests, the status of work on behalf of that thread is kept track of until the work is completed. 24 24

25 Hukommelsesstyring Når flere programmer kører på engang, så risikerer man at et dårligt skrevet (eller bevidst ødelæggende) kørende program overskriver et andet kørende programs hukommelsesallokering. OS sørger derfor at allokere hukommelse til et kørende program, og sikre at programmet ikke får lov til at tilgå hukommelse udenfor allokeringen. En måde for et OS at øge den tilgængelige memory er ved at benytte en swap fil eller swap partition (virtual memory). In NT-based versions of Windows (such as Windows 2000 and Windows XP), the swap file is named pagefile.sys. The default location of the page file is in the root directory of the partition where Windows is installed. Windows can be configured to use free space on any available drives for page files. Occasionally, when the page file is gradually expanded, it can become heavily fragmented and cause performance issues. The common advice given to avoid this problem is to set a single "locked" page file size so that Windows will not resize it. Other people believe this to be problematic in the case that a Windows application requests more memory than the total size of physical and virtual memory. In this case, memory is not successfully allocated and as a result, programs, including system processes may crash. Supporters of this view will note that the page file is rarely read or written in sequential order, so the performance advantage of having a completely sequential page file is minimal. It is however, generally agreed that a large page file will allow use of memory-heavy applications, and there is no penalty except that more disk space is used. In the Linux and *BSD operating systems, it is common to use a whole partition of a HDD for swapping. Though it is still possible to use a file for this, it is recommended to use a separate partition, because this excludes chances of file system fragmentation, which would reduce performance. However with the 2.6 Linux kernel swap files are just as fast as swap partitions, this recommendation doesn't apply much to current Linux systems and the flexibility of swap files can outweigh those of partitions 25 25

26 Filsystemer Den sidste store ting, et OS hjælper med, er et filsystem.
Hierarkisk WIN: FAT, FAT32, NTFS MAC: HFS, HFS+, NTFS (ro), FAT32 (ro), ZFS (10.5) Linux/Unix: ext2, ext3, ReiserFS, Reiser4, UDF, UFS, UFS2, XFS, ZFS, FAT32, NTFS (ro) Distribueret AFS NFS SMB Distribueret (fault-tolerant – delt over flere noder) CODA DFS Record-orienteret Mainframe: VSAM, ISAM m.fl. (en samling records) Server Message Block. SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. One section of the SMB protocol is specifically for filesystem access, such that clients may make requests to a file server, but there are other sections of the SMB protocol that specialise in inter-process communication — IPC. The SMB protocol was optimized for local subnet usage, but one could use it to access different subnets across the Internet — on which MS Windows file-and-print sharing exploits usually focus Coda is a distributed file system with its origin in AFS2. It has many features that are very desirable for network file systems. Currently, Coda has several features not found elsewhere. 1. disconnected operation for mobile computing 2. is freely available under a liberal license 3. high performance through client side persistent caching 4. server replication 5. security model for authentication, encryption and access control 6. continued operation during partial network failures in server network 7. network bandwidth adaptation 8. good scalability 9. well defined semantics of sharing, even in the presence of network failures 26 26

27 Hvilket OS skal jeg vælge?
Afhænger af opgave og kompetence Hvert OS har forskellige interfaces Programmer skrives specifikt til OS En applikation til et OS kører ikke på et andet Trends Cross-over som f.eks WINE, VMWare, Parallels, CodeWeavers 27 27

28 Virtuel maskine En virtuel maskine er En kopi af hardware
Inkluderer kernel og user mode hardware emulering Har I/O, Interrupts og alt hvad en rigtig maskine har Typisk kan en virtuel maskine køre ethvert OS oven på sig. 28

29 Virtuel maskine 29

30 Data beskyttelse - RAID
RAID søger at beskytte mod datatab pga. diskfejl Afhængigt af RAID level vil RAID kunne recover data fra en fejlet disk Nogle gange indeholder RAID hotswap andre gange er det software baseret RAID Level Beskrivelse Striping 1 Mirroring 2 Hamming Code Parity 3 Byte Level Parity 4 Block Level Parity 5 Interleaved Parity 6 Double Parity (udvidelse af 5) 10 (0 + 1) Striping & Mirroring There are various combinations of these approaches giving different trade-offs of protection against data loss, capacity, and speed. RAID levels 0, 1, and 5 are the most commonly found, and cover most requirements. RAID 0 (striped disks) distributes data across several disks in a way that gives improved speed and full capacity, but all data on all disks will be lost if any one disk fails. RAID 1 (mirrored settings/disks) could be described as a real-time backup solution. Two (or more) disks each store exactly the same data, at the same time, and at all times. Data is not lost as long as one disk survives. Total capacity of the array is simply the capacity of one disk. At any given instant, each disk in the array is simply identical to every other disk in the array. RAID 5 (striped disks with parity) combines three or more disks in a way that protects data against loss of any one disk; the storage capacity of the array is reduced by one disk. RAID 6 (striped disks with dual parity) (less common) can recover from the loss of two disks. RAID 10 (or 1+0) uses both striping and mirroring. "01" or "0+1" is sometimes distinguished from "10" or "1+0": a striped set of mirrored subsets and a mirrored set of striped subsets are both valid, but distinct, configurations. RAID 53 Merges the features of RAID level 0 and RAID level 3. Many variants of RAID (Redundant Array of Inexpensive Disks) arrays calculate parity to provide a redundancy against failure. The amount of redundancy available in a RAID array varies according to the particular RAID level used. RAID levels that use parity include: RAID 3, 4, 5, 6 There are other RAID levels that make use of parity in one way or another, as well as RAID systems that use other redundancy methods. These other RAID levels will not be discussed here. Parity Creation A very simple Boolean operation is used at the binary level to create RAID parity. This operation is the Exclusive Disjunction operation also known as Exclusive OR (XOR, EOR herein XOR). Using XOR raw binary data is passed through an operation that results in a binary result, which can be used for redundancy and error correction. The truth table for calculating XOR parity is shown below: Value 1 Value 2 Parity Value 0 0 0 0 1 1 1 0 1 1 1 0 As you can see above the calculated value when the Value 1 XOR Value 2 is equal to 1 if and only if one of the Disk’s binary bits is equal to 1. Should the value of two of the disks be equal 0, 0 or 1, 1 then the result has to be 0. There does not exist a single recognised symbol of the XOR operation, various symbols are used within different applications, for the purpose of this article when the operation is used it shall take the following form: value a XOR value b. 30

31 Storage Area Network (SAN)
Hvad er en SAN løsning? Typisk et high speed network, med både LAN og Channel karakteristika, som etablerer en forbindelse mellem filsystemer (servere) og storage elementer Tænk på det som en kæmpe lagringsbus, som er sat sammen af tilsvarende teknologier, som man bruger på LAN og WAN, altså: repeaters, hubs, bridges, switches, converters og extenders SAN interfaces er typisk Fibre Channel… og ikke Ethernet eller ATM Hvorfor SAN? Reduktion af TCO Bedre styring af ressourcer Skalerbar storage Nemt at bruge, ligner bare endnu en fysisk disk 31

32 NAS Alle snakker om NAS. NAS bruger typisk eksisterende IP netværk og ligner typisk bare en appliance Giver typisk CIFS support iSCSI er er meget brugt buzzword A NAS unit is essentially a self-contained computer connected to a network, with the sole purpose of supplying file-based data storage services to other devices on the network. The operating system and other software on the NAS unit provide the functionality of data storage, file systems, and access to files, and the management of these functionalities. The unit is not designed to carry out general-purpose computing tasks, although it may technically be possible to run other software on it. NAS units usually do not have a keyboard or display, and are controlled and configured over the network, often by connecting a browser to their network address. The alternative to NAS storage on a network is to use a computer as a file server. In its most basic form a dedicated file server is no more than a NAS unit with keyboard and display and an operating system which, while optimised for providing storage services, can run other tasks; however, file servers are increasingly used to supply other functionality, such as supplying database services, services, and so on. In computing, the iSCSI (for "Internet SCSI") protocol allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers. It is a popular Storage Area Network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally-attached disks. Unlike Fibre Channel, which requires special-purpose cabling, iSCSI can be run over long distances using existing network infrastructure. iSCSI (pronounced /аɪsˈkʌzi/) uses TCP/IP (typically TCP ports 860 and 3260). In essence, iSCSI simply allows two hosts to negotiate and then exchange SCSI commands using IP networks. By doing this, iSCSI takes a popular high-performance local storage bus and emulates it over wide-area networks, creating a storage area network (SAN). Unlike some SAN protocols, iSCSI requires no dedicated cabling; it can be run over existing switching and IP infrastructure. As a result, iSCSI is often seen as a low-cost alternative to Fibre Channel, which requires dedicated infrastructure. 32

33 Storage design Følgende er vigtige features: Real-time konfiguration
Fokus på space management i modsætning til drive management At man kan tilføje nye drev UDEN at tage storage sytem offline Virtuelle drev trækkes fra alle spindler snarere end udvalgte  Performance OS uafhængighed At topoligien kan udvides konstant, hvis man har behov for det (nye servere) At virtuelle drev kan rekonfigureres (udvides, slettes osv.) online Ændre databeskyttelsesskema online At man kan mixe drevstørrelser og hastighed 33

34 Logiske volumer Logisk lag over fysiske diske Fordele
Sammensæt flere fysiske diske til logiske diske Ændre på størrelse af logiske diske ”On the fly” Volume managers differ but some basic concepts exist across most versions. The volume manager starts with physical volumes (or PVs), which can be hard disk partitions, RAID devices or SAN LUNs. PVs are split into small chunks called physical extents (or PEs). Some volume managers (such as that in HP-UX and Linux) will have PEs of an even size; others (such as that in Veritas) will have variably-sized PEs that can be split and merged at will. The PEs are then pooled into a volume group or VG. The pooled PEs can then be concatenated together into virtual disk partitions called logical volumes or LVs. These LVs behave just like hard disk partitions: mountable file systems can be created on them, or they can be used as raw block devices for swap. The LVs can be grown by concatenating more PEs from the pool. Some volume managers allow LV shrinking; some allow online resizing in either direction. Changing the size of the LV does not necessarily change the size of a filesystem on it; it merely changes the size of its containing space. A file system that can be resized online is recommended because it allows the system to adjust its storage on-the-fly without interrupting applications. PVs may also be organized into physical volume groups or PVGs. This allows LVs to be mirrored by pairing together its PEs with redundant ones on a different PVG, so that the failure of one PVG will still leave at least one complete copy of the LV online. In practice, PVGs are usually chosen so that their PVs reside on different sets of disks and/or data buses for maximum redundancy. 34 34

35 Cluster Hvad er cluster og hvordan virker det? Forskellige modes
Active/Passive Passive/Passive Flere servere Workload fordeling (HP Workload Manager) Eksempler HP Serviceguard Microsoft Datacenter m.fl Oracle Real Application Clusters Beowoulf Fremtid Grids In computers, clustering is the use of multiple computers, typically PCs or UNIX workstations, multiple storage devices, and redundant interconnections, to form what appears to users as a single highly available system. Cluster computing can be used for load balancing as well as for high availability. Advocates of clustering suggest that the approach can help an enterprise achieve availability in some cases. One of the main ideas of cluster computing is that, to the outside world, the cluster appears to be a single system. Grid computing (or the use of a computational grid) is the application of several computers to a single problem at the same time -- usually to a scientific or technical problem that requires a great number of computer processing cycles or access to large amounts of data. According to John Patrick, IBM's vice president for Internet strategies, "the next big thing will be grid computing." Grid computing depends on software to divide and apportion pieces of a program among several computers, sometimes up to many thousands. Grid computing can also be thought of as distributed[citation needed] and large-scale cluster computing, as well as a form of network-distributed parallel processing[citation needed]. It can be small -- confined to a network of computer workstations within a corporation, for example -- or it can be a large, public collaboration across many companies or networks. It is a form of distributed computing whereby a "super and virtual computer" is composed of a cluster of networked, loosely coupled computers, acting in concert to perform very large tasks. This technology has been applied to computationally intensive scientific, mathematical, and academic problems through volunteer computing, and it is used in commercial enterprises for such diverse applications as drug discovery, economic forecasting, seismic analysis, and back-office data processing in support of e-commerce and Web services. What distinguishes grid computing from conventional cluster computing systems is that grids tend to be more loosely coupled, heterogeneous, and geographically dispersed. Also, while a computing grid may be dedicated to a specialized application, it is often constructed with the aid of general-purpose grid software libraries and middleware. 35

36 Load Balancing Hvad er load balancing? Forskellige teknologier
Hardware såvel som Software Forskellige features Asymmetrisk load Prioriteret trafik / Content Aware Switching SSL offload Distributed Denial of Service beskyttelse Eksempler Microsoft Network Load Balancing Barracuda Load Balancer Cisco CSS Series DNS Round Robin In computer networking, load balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, and minimize response time. Using multiple components with load balancing, instead of a single component, may increase reliability through redundancy. The balancing service is usually provided by a dedicated program or hardware device (such as a multilayer switch). Hardware and software load balancers can come with a variety of special features. Asymmetric load: A ratio can be manually assigned to cause some backend servers to get a greater share of the workload than others. This is sometimes used as a crude way to account for some servers being faster than others. Priority activation: When the number of available servers drops below a certain number, or load gets too high, standby servers can be brought online SSL Offload and Acceleration: SSL applications can be a heavy burden on the resources of a Web Server, especially on the CPU and the end users may see a slow response (or at the very least the servers are spending a lot of cycles doing things they weren't designed to do). To resolve these kinds of issues, a Load Balancer capable of handling SSL Offloading in specialized hardware may be used. When Load Balancers are taking the SSL connections, the burden on the Web Servers is reduced and performance will not degrade for the end users. Distributed Denial of Service (DDoS) attack protection: load balancers can provide features such as SYN cookies and delayed-binding (the back-end servers don't see the client until it finishes its TCP handshake) to mitigate SYN flood attacks and generally offload work from the servers to a more efficient platform. HTTP compression: reduces amount of data to be transferred for HTTP objects by utilizing gzip compression available in all modern web browsers TCP offload: different vendors use different terms for this, but the idea is that normally each HTTP request from each client is a different TCP connection. This feature utilizes HTTP/1.1 to consolidate multiple HTTP requests from multiple clients into a single TCP socket to the back-end servers. TCP buffering: the load balancer can buffer responses from the server and spoon-feed the data out to slow clients, allowing the server to move on to other tasks. HTTP caching: the load balancer can store static content so that some requests can be handled without contacting the web servers. Content Filtering: some load balancers can arbitrarily modify traffic on the way through. HTTP security: some load balancers can hide HTTP error pages, remove server identification headers from HTTP responses, and encrypt cookies so end users can't manipulate them. Priority queuing: also known as rate shaping, the ability to give different priority to different traffic. Content aware switching: most load balancers can send requests to different servers based on the URL being requested. Client authentication: authenticate users against a variety of authentication sources before allowing them access to a website. Programmatic traffic manipulation: at least one load balancer allows the use of a scripting language to allow custom load balancing methods, arbitrary traffic manipulations, and more. Firewall: Direct connections to backend servers are prevented, for security reasons 36

37 DMZ Typisk implementeres demilitariserede zoner – semibeskyttede netværk – mellem virksomhedens intranet og internettet Web servere servere Proxy servere Reverse-proxy servere In computer security, a demilitarized zone, named after the military usage of the term and normally abbreviated to DMZ; also known as a demarcation zone or perimeter network, is a physical or logical subnetwork that contains and exposes an organization's external services to a larger, untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network Generally, any service that is being provided to users in an external network should be placed in the DMZ. The most common of these services are web servers, mail servers, ftp servers, VoIP servers and DNS servers. In some situations, additional steps need to be taken to be able to provide secure services. Web servers Web servers may need to communicate with an internal database to provide some specialised services. Since the database server is not publicly accessible and may contain sensitive information, it should not be in the DMZ. Generally, it is not a good idea to allow the web server to communicate directly with the internal database server. Instead, an application server can be used to act as a medium for communication between the web server and the database server. This may be more complicated, but provides another layer of security. servers Because of the confidential nature of , it is not a good idea to store it in the DMZ. Instead, should be stored on an internal server. The mail server in the DMZ should pass incoming mail to the internal mail server and the internal mail server should pass outgoing mail to the external mail server. Ideally, all communications should be initiated by the internal mail server. Proxy servers For security, legal compliance and also monitoring reasons, in a business environment, it is also recommended[who?] to install a proxy server within the DMZ. This has the following benefits: Obliges the internal users (usually employees) to use this particular proxy to get internet access. The users should not be allowed to browse internet directly and bypass the DMZ defenses. Allows the company to save on internet bandwidth because some of the web content may be cached by the proxy server. Allows the system administrator to record and monitor user activities and make sure no illegal content is downloaded or uploaded by the employees. In many EU countries for example, a company director is liable for employees' internet activities.[citation needed] Reverse proxy servers A reverse proxy server provides the same service as a proxy server, but the other way around. Instead of providing a service to internal users, it provides indirect access to internal resources from external network (Usually the internet). A back office application access, such as an system, can be provided to external users (To read s while outside the company) but the remote user does not have direct access to his server. Only the reverse proxy server can physically access the internal server. This is an extra layer of security, which is particularly recommended when internal resource needs to be accessed from the outside. Usually such reverse proxy mechanism is provided by using an application layer firewall as they focus on the specific shape of the traffic rather than controlling access to specific TCP and UDP ports as a packet filter firewall does. 37

38 Directory Services Grundlæggende er en directory service en netværksbaseret applikation der indeholder information om netværksbrugere, netværksressourcer og. lign. En telefonbog er et meget godt eksempel. Hvad er typisk forskellen på en directory og en database? Er optimeret for mange læsninger og for avancerede søgninger Er duplikeret og replikeret Er en hierarkisk træ struktur Der er grundlæggende tre typer directory services: NOS directories (AD, Novell eDirectory) Applikations directories (ePost, SAP, og. lign.) Generelle directories (Almindelig opslag, de hvide sider) 38

39 LDAP LDAP står for Lightweigth Directory Access Protocol og er en protokol til at snakke med directory services LDAP er baseret på X.500. X.500 er Directory Model i OSI. DAP (Directory Access protocol) kører over OSI netværksprotokollen og er meget kompleks og tung. 39

40 LDAP Der findes et hav af LDAP Directory implementeringer:
LDAP Der findes et hav af LDAP Directory implementeringer: Microsoft Active Directory and ADAM Computer Associates eTrust Directory 8 IBM Tivoli Directory Server 5.x Nexor Directory 5.1 Novell eDirectory 8.7.x Oracle Internet Directory v 10g Sun Microsystems Sun ONE Directory Server 5.2 40 40

41 LDAP forespørgsel Sådan kunne en typisk LDAP forespørgsel se ud:
LDAP forespørgsel Sådan kunne en typisk LDAP forespørgsel se ud: # ldapsearch ”sn=Strand” cn telephoneNumber Svar: cn=Michael Strand, ou=managers, O=netcompany, c=dk telephoneNumber= 41

42 Objekt træ Data er repræsenteret i directory services som hierarki af objekter Toppen af hierarkiet kaldes normalt for ”root” Hvert objekt (kaldes også ”entry”) har en parent entry, og en eller flere child entries Hver entry består af en ObjectClass Hver ObjectClass består af nul eller flere attributer 42

43 Data Information Tree DIT

44 Data Information Tree DIT
Alle objekter har et unikt navn, kaldet en DN (Distinguished Name) som er opbygget af relative navne kaldet RDNs (Relative Distinguished Names) som findes ved at ”vandre træet” 44

45 LDAP operationer LDAP understøtter en række forskellige operationer
Binding og Unbinding Search efter objekter der opfylder søge kriterier Add objekt Delete objekt Modify objekt Modify DN eller RDN (Move) Compare objekter 45

46 Active Directory Microsoft Active Directory (AD) er et såkaldt NOS struktureret som et LDAP directory. AD indeholder information om objekter og deres attributter; såsom brugere, ressourcer (objekter) og services. AD bruges til at give netværksadgang, og tilladelser til ressourcer og -services, samt som generelt opslagsværk. Har været tilgængeligt siden Windows 2000 server Supporterer LDAP v2 og v3 standarderne 46

47 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed I stort set alle danske virksomheder vil I møde følgende serverroller: DHCP DHCP serveren uddeler IP adresser + andre ting efter behov En pr. subnet Alle miljøer 47

48 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed Fil og Print Central fildeling Central Printeropsætning Alle miljøer Intern og Ekstern DNS Hvorfor begge dele? Stort set alle miljøer Mail server Er en mail server en maskine? 48

49 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed Database server Central server Måske cluster Oftest ”Don’t touch” Oracle, MySQL eller SQLServer typisk Stort set alle miljøer ERP system Lige så central Helt sikkert også ”Don’t touch” Concorde, Navision, PeopleSoft, Oracle, SAP 49

50 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed RIS server (Remote Installation Server) Bruges til unattended OS installation af klienter/servere typisk via PXE Boot Kan være Altiris, IBM eller MS Oftest i miljøer med +50 PC’er Overvågningsserver Overvågning af maskiner og services i miljøet Typisk IBM Tivoli, HP OpenView, CA Unicenter eller MS MOM 50

51 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed Software Distribution Distribution af softwarepakker til klienter og servere Oftest i miljøer med +200 PC’er SMS, Altiris, Tivoli, SUS/WSUS??? WWW Web server Stort set alle miljøer IIS, Apache

52 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed Firewall Kan enten være en ”sort boks” eller en software firewall Beskytter virksomheden mod angreb udefra Cisco PIX, CheckPoint og Microsoft ISA server Mange hjemmeroutere tilbyder FW funktionalitet Alle steder VPN Server Giver remote adgang til virksomheden Lader folk logge på hjemmefra, som sad de i virksomheden Cisco 3000 VPN, Microsoft RRAS (ISA), Nortel + 40 brugere

53 Typiske serverroller i en virksomhed
Typiske serverroller i en virksomhed Terminal Server… Giver ”terminal adgang” til udvalgte maskiner/applikationer X11, IBM Mainframes (3270), Citrix, MS Terminal Server, MS Remote Desktop Bringer os videre til ”Server Based Computing” 53

54 Server baseret processering
Server baseret processering Idéen bag Server Based Computing er grundlæggende at intelligensen ligger på serversiden, hvor vi nemmere kan styre den Klienter skal være så dumme og tynde så muligt 54

55 Server baseret processering
Server baseret processering Applikationer eksekverer altid på server Applikationen tilgås fra en normal desktop eller en tynd klient Det er kun skærmbilleder, musetryk og tastaturtryk, der går over netværket Appliaktionen eksekverer 100% på server 55

56 Citrix arkitektur 56

57 Citrix klient krav Ved Server Based Computing er der stort set ingen krav til klienten. F.eks. supporterer Citrix i dag blandt andet: Symbion, Alle Windows platforme, Linux, BSD, HPUX, Solaris, PalmOS, AIX + mere general purpose Java klienter Virkelig lav ”footprint” og typisk under 2 MB Krav til båndbredde er ca: Citrix 20 kbps MS Terminal Server 128 kbps kbps X11 1 mbps 57

58 Mere Citrix Man kan publicere applikationer gennemsigtigt for brugere
Mere Citrix Man kan publicere applikationer gennemsigtigt for brugere Redirecte links Mappe printere automatisk Mappe lokale drev Lave loadbalancing mellem servere i ”farm” Isolere applikationer Rent praktisk: installer W2K3, installer applikationer, installer Terminal Server, installer Citrix 58

59 Klient/Server applikationsmodel
Klient/server arkitekturen er et populært design for distribuerede applikationer. I klient/server modellen er applikationerne opdelt i to dele. Klient delen fungerer i forgrunden ved at præsentere information for brugeren Server delen fungerer i baggrunden og manipulerer og behandler data for klienten. Ved en sådan opdeling opnås en række fordele f.eks. kan arbejdstunge opgaver løses af server computeren, der normalt er kraftigere end klient computeren. Endvidere kan server computeren servicere flere klienter samtidig. Klient(er) server Klient Server Klient 59

60 3-lags applikationsmodel
Applikations distribuering over flere lag; Præsentation/web; Applikationsslogik; Data; flere lag. Præsentation/web Applikationsslogik Data Klient Server Klient Klient 60

61 3-lags applikationsmodel
Fordele Skalerbarhed horisontalt og vertikalt Tilgængelighed og performance Sikkerhed på flere niveauer Gængse problemstillinger Load balancing Sessionshåndtering (”sticky sessioner”) Isolering af Fejl 61

62 J2EE applikationsramme
J2EE (Java 2 Enterprise Edition) er flere lags, komponentbaseret applikationsmodel En SUN-specifikation - et teknisk dokument, der detaljeret beskriver J2EE-platformen og dens API'er En SUN-referenceimplementation, der fungerer dels som proof-of-concept i forhold til specifikationen, og dels som et supplement til specifikationen (er der tvivl om platformens opførsel i et givent tilfælde, gælder referenceimplementationens opførsel som specifikation) Et værktøj, der tester kompatabilitet af en forelagt serverplatform med J2EE-specifikationen (via en række test cases) En række "J2EE blueprints" - principper for og tips til fornuftig applikationsudvikling på J2EE-platformen Implementeringer: BEA WebLogic, IBM WebSphere, Red Hat JBOSS 62

63 J2EE applikationsramme
Applikationslogik er defineret i komponenter En J2EE applikation er sammensat af komponenter såsom servlets, JSP, enterprise beans. De forskellige komponenter kan afvikles på forskellige maskiner Arkitekturen søger også at løse tværgående problemer ("cross-cutting concerns") som sikkerhed, transaktionsunderstøttelse og samtidighed ved at realisere det såkalte "component/container"-princip: Komponenters offentligt udstillede services tilgås kun indirekte gennem en container (en applikation, der indkapsler komponenten), som så kan håndtere CCC-problemerne 63

64 It arkitektur mønstre Typisk arbejder vi som It arkitekter efter arkitektur mønstre, som kan betragtes som skabeloner for hvordan vi definere vores It arkitektur. Mange It leverandører har sådanne frit tilgængelige for brug It arkitektur mønstrene dækker forskellige brugsmønstre Self-Service (Bruger-til-Virsomhed) Collaboration (Bruger-til-Bruger) Information Aggregation (Bruger-til-Data) Extended Enterprise ( Virksomhed-til-Virksomhed) Eksempel IBM Redbooks "Academic Edition: Applying Pattern Approaches Patterns for e-business Series“ 64

65 Opgaver 