Ch' 11 System Management

1
Ch. 11 - System Management

• Evaluating an Operating System
• Four Components of OS
• Measuring System Performance
• Measurement Tools
• Feedback Loops
• Monitoring
• System Security
• Ethics
• Accounting

• System System
• Performance System Security
• Accounting
• Performance
• Management

2
Evaluating an Operating System

• In real-life OS, components don't work in
  isolation.
• Each component depends on other components.
• Most OS designed to work with certain piece of
  hardware, category of processors, or specific
  groups of users.
• Evolved over time to operate multiple systems.
• Still favor some users computing environments.
• To evaluate OS, must understand design goals,
  history, how it communicates with users, how
  resources managed, what trade-offs made to
  achieve goals.
• Balance its strengths against its weaknesses.

3
The Operating Systems Components

• Performance of any resource depends on
  performance of others.
• Any improvement in system made after analysis of
  systems resources, requirements, managers,
  users.
• Key is to consider performance of entire system
  not just individual components.
• Memory Manager
• Processor Manager
• Device Manager
• File Manager
• Network Manager

Parts of OS
4
Memory Management Schemes

• If increase memory or change to another memory
  allocation scheme must consider actual operating
  environment in which system resides.
• Trade-off between memory use CPU overhead.

5
File Management

• Secondary storage allocation schemes help user
  organize and access files on system.
• File organization (contiguous, non-contiguous).
• Location of a volumes directory (main memory,
  disk).
• Device on which files are stored.
• Different schemes offer different flexibility,
  but trade-off for increased file flexibility is
  increased CPU overhead.

6
Processor Management Issues

• Trade-off better use of CPU versus increased
  overhead, slower response time, decreased
  throughput.
• System could reach saturation point if CPU is
  fully utilized but is allowed to accept
  additional jobsresult in higher overhead less
  time to run programs.
• Under heavy loads, CPU time required to manage
  I/O queues (which under normal circumstances
  doesnt require much time) could dramatically
  increase time required to run jobs.
• With long queues forming at channels, control
  units, I/O devices, CPU could be idle waiting
  for processes to finish their I/O.

7
Ways To Improve I/O Device Utilization

• Blocking reduces number of physical I/O requests,
  but CPU must block later deblock records
  (overhead).
• Buffering helps CPU match slower speed of I/O,
  but requires memory space for buffers which
  reduces level of processing.
• Rescheduling requests helps optimize I/O times,
  but is overhead function. Speed of CPU I/O
  device weighed against time to execute
  reordering.
• Trade-offs each of these options also increases
  CPU overhead uses additional memory space.

8
Network Management

• Synchronizes loads among remote processors,
  determines message priorities, selects
  alternative efficient communication paths over
  multiple data communication lines.
• Allows network administrator to monitor use of
  individual computers shared hardware, ensure
  compliance with software licenses.
• Simplifies process of updating data files
  programs on networked computers by coordinating
  changes through communications server.
• Security management.

9
System Security

• System has conflicting needs to share resources
  while protecting them.
• In early days, system was physically guarded
  only authorized users were allowed in vicinity.
• With advent of data communication, networking,
  personal computers, telecommunications software,
  web sites, and e-mail, computer security much
  more difficult.
• When networks connected to Internet,
  vulnerability need for information security
  increased exponentially.

10
Levels of Protection

• Depending on systems connectivity, protection
  required
• Computer level.
• Network level.
• Internet level.

11
Techniques to Protect Hardware Software

• Passwords -- unusual combination of characters
  numbers that is memorable, changed often.
• Guard against intruders who use default
  passwords, backdoor passwords, dictionary terms,
  or social engineering.
• Smart cardcredit card-sized calculator that
  requires something user has with something user
  knows.
• Making backups performing other archiving
  techniques.
• Layered backup schedule used to back up entire
  system weekly daily backup only files changed
  during that day.
• Store copies of complete system backups in safe
  off-site location.
• Help restore systems damaged by viruses or
  disasters (e.g., fires, malfunctions, hackers).

12
Techniques to Protect Hardware Software - 2

• Written policies procedures regular user
  training are essential elements of system
  management.
• Frequent password changes.
• Reliable backup procedures.
• Guidelines for loading new software.
• Compliance with software licenses.
  Recommend
• Network safeguards.
• Guidelines for monitoring network activity.
• Rules for terminal access.

13
Malicious or Accidental Breaches in Security

• Not all breaks in security are malicious.
• Some are only unauthorized use of resources.
• Some purposeful disruption of systems operation.
• Others purely accidental -- hardware
  malfunctions, undetected errors in OS, or natural
  disasters.
• Federal Computer Fraud and Abuse Act of 1986.

14
Security Breaches

• Denial of service attacks -- synchronized
  attempts to deny service to authorized users
  customers by causing computer to perform task,
  often unproductive task, over over.
• Accidental incomplete modification of data --
  non-synchronized processes access data records
  modify some but not enough of records fields.
• Data values are incorrectly encoded when fields
  arent large enough to hold numeric value stored
  there.
• Intentional unauthorized access.
• Browsing -- unauthorized users can search through
  storage, directories, or files for info arent
  privileged to read.
• Wire tapping of data communication lines
  (passive, active).

15
Security Breaches - 2

• 7. Repeated trials -- method used to enter
  systems that rely on passwords via program that
  systematically goes through all possible
  combinations until valid combination is found.
• 8. Trash collection -- people read anything
  thrown out by computer department for important
  info used to enter system illegally.
• 9. Trap doors -- unspecified non-documented
  entry points to system including backdoor
  passwords.
• Caused by flaw in system design, installed system
  programmer for future use or incorporated into
  system by destructive virus or Trojan horse
  program.

16
System Assaults Computer Viruses

• Virus -- any unauthorized program designed to
  gain access to computer system, lodge itself in
  secretive way by incorporating itself into other
  legitimate programs, replicate itself.
• Wormit replicates itself but is a self-contained
  program thats self-propagating. Worms thrive in
  network environments.
• Trojan Horse -- virus disguised as legitimate or
  harmless program that sometimes carries within
  itself means to allow program's creator to
  secretly access user's system.
• Logic bomb -- destructive program with time
  delay. Can spread throughout network, often
  unnoticed, until predetermined time when it goes
  off' does its damage.
• Bacteria (rabbits) -- programs that do not
  explicitly damage any file. Their sole purpose is
  to replicate themselves.

17
Sources of Viruses

• Very mobile on networked systems (e.g., Morris
  worm infected 6,000 systems one weekend in
  1988).
• Public bulletin boards, where easily reproduce.
• Included with illegal pirated software.
• Accidentally included in legitimate applications
  software.

18
Measures to Protect System From Viruses

• Level of protection is usually in proportion to
  importance of its data.
• Software to combat viruses available for most
  systems.
• Preventive programs calculate checksum for
  production program store in master file. Later,
  checksums compared.
• Diagnostic software compares file sizes, looks
  for replicating instructions, searches for
  unusual file activity.
• Encryptionputting it into secret code.
• Total network encryption, partial encryption,
  storage encryption.
• Increases systems overhead.
• System becomes totally dependent on encryption
  process itself -- cant lose key!

19
Network and Internet Assaults

• Network assaults include compromised web servers,
  circumvented firewalls FTP telnet sites
  accessed by unauthorized users.
• System vulnerabilities include file downloads,
  e-mail exchange, fire walls, Internet
  connections, etc
• No guaranteed method of protection against system
  assaults since evolve over time.
• Sniffers (packet sniffers) -- peruse data packets
  as they pass by, examine each for specific info,
  log copies of interesting packets for more
  detailed examination.
• Spoofing -- assailant falsifies IP addresses of
  Internet server by changing address recorded it
  packets it sends over Internet.
• E-mail transmissions may allow attachment of
  rouge programs, macro viruses, or other
  destructive code.

20
Computer Industry Associated With Lack of Ethical
Behavior

• Seemingly conflicting needs of users
  individuals need for privacy, organizations
  need to protect proprietary info, publics right
  to know.
• Illegally copied software -- lawsuits large
  fines per transgression.
• Plagiarism -- illegal and punishable by law in
  United States.
• Eavesdropping on E-mail, data, or voice
  communications is sometimes illegal and usually
  unwarranted, except under certain circumstances.
• Cracking (hacking) -- gaining access to another's
  computer system to monitor or change data, and
  its seldom an ethical activity..
• Unethical use of technology (unauthorized access
  to private or protected computer systems or
  electronic information) -- murky area of law, but
  clearly wrong thing to do.

21
How Can Users Be Taught to Behave Ethically?

• Continuing series of security awareness ethics
  communications to computer users is more
  effective.
• Publish policies clearly stating which actions
  will/will not be condoned.
• Teach regular seminar including real-life case
  histories.
• Conduct open discussions of ethical questions
• Is it okay to read someone elses E-mail?
• Is it ethical for a competitor to read your data?
  
• Is it okay if someone scans your bank account?
• Is it right for someone to change results of your
  medical test?
• Is it acceptable for someone to copy your
  software program and put it on the Internet?

22
Measuring System Performance

• Total system performance -- the efficiency with
  which a computer system meets its goals.
• Not easy to measure system efficiency because
  affected by user programs, OS programs,
  hardware units.
• System performance can be very subjective
  difficult to quantify.
• Even when performance is quantifiable (e.g.,
  number of disk accesses per minute), it is
  relative.
• Based on interactions of 3 components workload
  being handled by system.

23
Measurement Tools

• Throughput.
• Capacity. Measures of
• Response time. system
• Turnaround time. performance
• Resource utilization.
• Availability.
• Reliability.
• Measures of performance cant be taken in
  isolation from workload being handled by system.

24
Throughput Capacity Measures

• Throughput -- indicates productivity of system as
  whole.
• Measured under steady-state conditions.
• Gives the number of jobs processed per day or
  the number of on-line transactions handled per
  hour.
• Also measures volume of work handled by computer
  system unit.
• Bottlenecks tend to develop when resources reach
  their capacity (maximum throughput level).
• Resource becomes saturated processes in system
  arent being passed along.
• When main memory over-committed level of
  multiprogramming has peaked.
• Thrashing results from saturated disk drive

25
Response or Turnaround Time Measure

• Response time -- interval required to process
  users request from when user presses key to send
  message until system indicates receipt of
  message.
• Important to on-line interactive users.
• Turnaround time -- time from submission of job
  until its output is returned to user in batch
  jobs.
• Measure depends on workload handled by system at
  request time on job/request type submitted.
• To accurately measure system predictability,
  response time turnaround time must include
  their average variance.

26
Resource Utilization Availability Measures

• Resource utilization -- measure of how much each
  unit is contributing to overall operation.
• Given as a percentage of time that resource is
  actually in use.
• Helps determine if balance among units of system
  or if system is I/O-bound or CPU-bound.
• Availability -- indicates likelihood that
  resource will be ready when user needs it.
• Unit will be operational not out of service a
  user needs it.
• Mean time between failures (MTBF).
• Mean time to repair (MTTR).

27
MTBF MTTR

• Mean time between failures (MTBF) -- average time
  that a unit is operational before it breaks down.
• Mean time to repair (MTTR) -- average time needed
  to fix a failed unit and put it back in service.
• Availability (A) MTBF . MTBF
  MTTR
•  

28
Reliability

• Measures probability that unit will not fail
  during a given time period and its a function of
  MTBF.
• R(t) e(1/MTBF)(t)
•  
• where e is mathematical constant approximately
  equal to 2.71828.

29
Feedback Loops

• To prevent processor from spending more time
  doing overhead than executing jobs, OS
  continuously monitors system feed info to Job
  Scheduler -- feedback loop.
• Scheduler allow more jobs to enter the system or
  prevent new jobs from entering until some
  congestion relieved.
• Negative feedback loop mechanism monitors system
  , when it becomes too congested, signals
  appropriate manager to slow down arrival rate of
  processes.
• Positive feedback loop mechanism monitors system,
  when system becomes underutilized, causes
  arrival rate to increase.
• Used in paged virtual memory systems.

30
Monitoring

• Hardware monitors are more expensive but have
  minimum impact on system because theyre outside
  of it attached electronically.
• E.g., hard-wired counters, clocks, and
  comparative elements.
• Software monitors are relatively inexpensive but
  because they become part of system they can
  distort results of analysis.
• Tools developed for each specific system
  difficult to move.
• System measurements include other hardware units
  OS, compilers, other system software.
• Measurements are made in a variety of ways.
• Benchmarks, simulation models.

31
Accounting

• Most computer system resources are paid for by
  users.
• With single user -- easy to calculate cost of
  system.
• In a multi-user environment, costs distributed
  among users based on how much each uses systems
  resources.
• OS sets up user accounts, assigns passwords,
  identifies which resources available to each
  user, defines quotas for available resources
  (e.g., disk space or max. CPU time per job).
• To calculate cost of whole system, accounting
  program must collect info on each active user.

32
Pricing Policies

• Total amount of time spent between job submission
  and completion
• Connect time -- in interactive environments this
  is the time from log-in to log-out.
• CPU time is time spent by the processor executing
  job.
• Main memory usage in units of time, bytes of
  storage, or bytes of storage multiplied by units
  of time.
• Secondary storage used during program execution
  can be given in units of time or space, or both.
• Secondary storage used during the billing period
  is usually given in terms of number of disk
  tracks allocated.     

33
Pricing Policies - 2

• Use of system software includes utility packages,
  compilers, and/or databases.  
• Number of I/O operations -- usually grouped by
  device class line printer, terminal, and disks.
• Time spent waiting for I/O completion.
• Number of input records read -- usually grouped
  by type of input device.
• Number of output records printed -- usually
  grouped by type of output device.
• Number of page faults -- reported in paging
  systems.

34
Pricing Incentives

• Convince users to distribute their workload to
  system managers advantage.
• Encourage users to access more plentiful and
  cheap resources rather than those that are scarce
  and expensive.

35
Billing Information

• Some systems only give info on resource use.
• Other systems also calculate price of most costly
  items (e.g., CPU utilization, disk storage use,
  supplies) at end of every job.
• Advantage of maintaining billing records on-line
  -- status of each user checked before users job
  is allowed to enter READY queue..
• Disadvantage is overhead.
• Memory space is used CPU processing is
  increased.
• Can defer accounting program until off-hours,
  when system is lightly loaded.

36
Terminology

• availability
• backups
• benchmarks
• browsing
• capacity
• encryption
• ethics
• feedback loop
• logic bomb

• mean time between failures (MTBF)
• mean time to repair (MTTR)
• negative feedback loop
• password
• pirated software
• positive feedback loop
• reliability
• resource utilization
• response time

37
Terminology - 2

• smart card
• sniffers
• spoofing
• throughput
• trap door
• Trojan horse
• turnaround time
• virus
• wire tapping
• worm