Network Operations and Management

1
Network Operations and Management

• MSIT 126 Computer-based Comm. Systems and
  Networks
• Topic 13

2
LAN Installation
3
Section Preview
In this section you will study

• Administrative details such as contracts,
  support, and maintenance
• Hardware installation details such as site
  planning and cabling
• Testing and acceptance procedures
• Training for users, managers, and administrators

4
Administrative Details

• The LAN administrator should be aware of two key
  points during the installation process
• Plans may be incomplete or incorrect, so you must
  have a mechanism for changing the plans to meet
  the realities of the installation process.
• People sometimes deviate from plans that you have
  set up, and these deviations can have unexpected
  and undesirable consequences.
• If you elect to have one company provides all
  your LAN needs, you will have one contract if
  you choose several vendors, such as separate
  hardware and software vendors, you probably will
  have a contract with each if you decide to be
  the primary contractor, you may need even more
  contracts.

5
Purchase Contract

• A well defined purchase contract clearly states
  the responsibilities of both parties and
  eliminates the ambiguities of what is to be done.
• The intangible elements of the LAN installation
  are more apt to cause disagreements than the
  tangible (hardware) elements. You may receive
  software from your vendor that differs from your
  expectations in any of the following ways
• It does not provide the functions you expected.
• It provides the functions you expected but is
  difficult to use.
• It may be an older or newer version than you
  expected.
• It may be produced by a software company other
  than the one you expected.
• It may not be functional because it does not
  match your hardware or software configurations.
• It may not be functional because it has too many
  bugs.
• It may not have the license provisions you
  expected.

6
Purchase Contract (cont.)

• Still less tangible than software are the
  conditions under which the vendor has satisfied
  his or her obligation to your company. A good
  contract can help make the intangibles more
  concrete.
• You contract should detail what, where, when, and
  how items are to be delivered.
• For example, specifying Vendor Xs ethernet LAN
  adapter Model 123-456 or equivalent is not
  specific enough you must qualify what
  constitutes equivalency or specify who determines
  what is equivalent.
• Your contract should also set up a payment
  schedule. A payment schedule is usually
  established that allows the vendor to receive
  reimbursement at the completion of well-defined
  stages.

7
Purchase Contract (cont.)

• You must attempt to protect yourself from losses
  in the event that the vendor is unable to live up
  to the conditions of the contract. Here are some
  things that can happen
• The vendor fails to meet completion schedules.
• The system fails to meet performance objectives.
• The vendor fails to complete delivery of all
  components.
• The installation fails to meet building codes,
  such as wiring codes.
• The vendor fails to deliver software
  custom-tailored to your environment.
• The software fails to meet functional
  requirements (that is, it has too many bugs).
• You can protect yourself from such problems by
  inserting protection or penalty clauses into your
  contract.

8
Support and Maintenance Agreements

• You must decide which components, if any, are so
  critical that they should be covered by
  maintenance agreements. Multiple maintenance
  agreements by be necessary to cover all system
  components.
• If you are installing a LAN for the first time,
  you may need quite a bit of support during the
  first months of year of operation. Many companies
  just entering the world of LANs hire consultants
  to make the transition easier.

9
Installation Tasks

• LAN installation has several well-defined stages.
  Some of these stages can be worked on in
  parallel, and some phases require the completion
  of one or more other phases before they can
  begin. The major installation phases are
• Documentation
• Site planning
• Medium installation
• Hardware installation
• Software installation
• Conversion and data preparation
• Creation of the operating environment
• Testing and acceptance
• Cutover
• Training

10
IEEE 802.3 Fast Ethernet Restrictions
100Base-TX 100Base-T4 100Base-FX Star-wired CSMA/C
D 1,024 100 Meters for UTP 412 Meters for Fiber
Optic Cable 100 Mbps 100Base-TX Category 5
UTP 100Base-T4 Category 3 UTP or
better 100Base-FXT Two-Strand Multimode Fiber
Optic Cable (one transmit, one receive)
Standards Topology MAC Protocol Maximum
Nodes Maximum Segment Distance Transmission
Speed Cabling
11
Installation Tasks (cont.)

• Documentation
• Documentation is part of each phase of LAN
  selection and implementation.
• Site Planning
• Site planning defines the layout of the LAN and
  identifies the building and environment
  modifications necessary to house the components.
• During this phase you identify and plan the
  following
• workstation placement
• power requirements
• printer locations
• building code conformance
• power point locations
• medium locations
• server locations
• safety code conformance
• telephone line placement
• Site planning essentially produces the blueprints
  for laying out the network.

12
Installation Tasks (cont.)

• Medium Installation
• With a wire-based LAN, you must find a way to
  string wires or cables through the areas housing
  servers, workstations, and printers.
• If it is impractical or impossible to install
  wiring, a company has two options
• contract with a common carrier for a line
• use a wireless medium such as microwave or
  infrared light
• Hardware Installation
• Hardware installation can begin before premises
  are wired. However, completion of hardware
  installation requires that both computer and
  medium hardware be installed.

13
Installation Tasks (cont.)

• Software Installation
• The software installation process consists of
  three phases
• LAN operating system software installation
• application software installation
• utility software installation
• Conversion and Data Preparation
• After all application and system software is
  installed, you must load the data. Sometimes,
  data is converted from an existing computer
  system, and sometimes you must manually enter new
  data.
• Creation of the Operating Environment
• Installing software and user profiles is one
  aspect of creating the operating environment.
  Setting up security, user Ids, groups, and so on
  is another important aspect.

14
Installation Tasks (cont.)

• Testing and Acceptance
• The objective of testing is to determine whether
  the system works according to contractual
  stipulations.
• Functional testing determines whether or not the
  system components work correctly, both
  individually and collectively.
• Performance testing tests to see if the network
  can sustain the anticipated load.
• Cutover
• Cutover is the process of moving users from the
  old system or way of doing things to the new
  system.
• Usually, a new system is run parallel to the old
  system for some time to confirm that the new
  system works the way it should.
• The phased approach to cutover adds users to the
  network in groups. Phased implementation allows
  you to build the network slowly, from both the
  users and administrators perspectives.

15
Installation Tasks (cont.)

• Training
• Three general classes of LAN users must receive
  training
• administrators
• group managers
• users
• The least amount of training is needed for users.
  However, conducting user training can be
  difficult because users are usually trained
  on-the-job and training can be interrupted by
  work demands, and users tend to have less
  computer expertise than the other groups of
  trainees.
• A group manager must know everything that users
  know, as well as group management tasks.
• The LAN administrator must know everything that
  users and group managers know, and a lot more.
  When a LAN is first implemented, the organization
  ordinarily hires an experienced LAN administrator
  or sends one of its employees to
  LAN-administration course oriented specifically
  toward the LAN chosen.

16
LAN Administration Responsibilities
Hardware options System software
installation Group administration Application
installation Capacity planning Software
options Diagnostics and troubleshooting Printer
administration
Backup and recovery System tuning Hardware
installation User administration Security Problem
reporting Systems programming
17
LAN Administration Users, Groups, and Security
18
Section Preview
In this section you will study

• Users and groups
• System programming
• Security
• Virus protection

19
Users and Groups

• Users
• From the LAN administrators perspective, the
  term users applies only to employees who use the
  LAN in doing their jobs. Because LAN users
  usually do not all have the same access
  privileges, it is important to be able to
  distinguish one user from another.
• The user ID is a users form of identification to
  the system. The ID is used to log in to the LAN.
  Exactly what access is allowed depends on the
  users access rights.
• Many LAN systems automatically establish two
  types of users at installation time. One type of
  user has a common user ID with few or no network
  privileges. The other type of user is
  all-powerful, with all rights and privileges on
  the system.
• The LAN administrator should devise a plan for
  creating consistent user names, matching those
  user names with the users or functions that use
  them, and setting up user-access rights.

20
Users and Groups (cont.)

• Groups
• A group is a collection of users. In some
  systems, each user must belong to exactly one
  group. In other systems, a user can belong to
  none, one, or several groups. The function of a
  group is to combine many users into a single
  entity and to use the group to implement security
  or grant capabilities common to groups of users.
• Users and groups can do certain things on a LAN
  because they have been given access rights, or
  permissions.
• The LAN administrator must devise a way to give
  proper access rights to all users.

21
User-Access Rights
Rights Extended to Everyone Rights Extended to
All Members of a Personnel Group Rights
Extended to Only a Few Members of a Personnel
Group Rights Extended to Specific Member of a
Software Development Group
Logon and logoff Send and receive electronic
mail Change employee addresses, telephone
numbers, and names Retrieve employee
data Change employee ratings Promote
employees Create files Update source program
Run word processing and spreadsheet programs Add
new employees Use department printers
Delete employees Delete files Delete source
files
22
System Programming

• The meaning of system programming depends on
  whether the system is a mainframe or a LAN.
• On a LAN, system programming consists primarily
  of running the network, solving network problems,
  installing new software, writing network
  utilities, and personalizing users environments.
• In NetWare, part of a users environment is
  created with a logon script. Through logon
  script, the LAN administrator can usually carry
  out the following
• map server directories to the client's OS drive
  designators, such as F
• print messages to the user
• run one or more programs
• set the users default drive and directory
• synchronize the clients time to the servers
  time
• set up printing

23
Security

• Setting up effective network security is a
  critical task of the LAN administrator. Although
  security does guard against different types of
  outside intrusions, most commonly security
  protects an organization from accidental or
  intentional disruption from its own employees.
• Too much security makes a system hard to use. Too
  little security can result in the loss of data,
  money, or opportunity because everyone has access
  to everything. A good security system provides
  the necessary safeguards without unduly
  inhibiting the use of the system.
• A comprehensive security program provides both
  physical security and data access security.

24
Password Administration

• A properly secured LAN requires all users to
  identify and authenticate themselves.
  Authentication is most commonly done via
  passwords.
• The security of your LAN system depends to a
  great extent on your policy for creating and
  changing passwords.
• One way to handle unsuccessful logons is to use a
  timeout value, which causes the system to refuse
  to accept another logon attempt from a user ID,
  station, or both until after a designated
  interval.
• Some installations like to maintain centralized
  control of the security system. One way of doing
  this is to prevent users from changing their own
  passwords. The LAN administrator is responsible
  for assigning all passwords.

25
Suggested Password Policy
Change passwords regularlyat least once per
month. Passwords should be at least six
characters long. Use at least one nonalphabetic
character in passwords. D not write password
down. Do not use initials, month abbreviations,
birthdates, and so on when making up a
password. Change a password if you suspect
someone else knows it. Make successive passwords
unique that is , do not use sequence numbers or
letters. Report any instances of suspected
unauthorized logons. Do not leave your
workstation unattended while you are logged on.
26
Logon Restrictions

• Security can be further enhanced by controlling
  an authenticated users access to the system.
  This requires the LAN administrator to restrict
  how and where users log on.
• An organization may restrict users to specific
  workstations. A good security policy might be to
  limit logons for payroll user IDs to workstations
  in the payroll department area and for personnel
  user IDs to be limited to logging on from
  workstations in the personnel department.
• A major breach of security occurs when a user
  leaves his or her workstation without logging
  off. It is a good idea to have workstations set
  to automatically log off in the absence of input.

27
Password/User Controls in NetWare and Windows NT
Control
NetWare
Windows NT
Password expiration Minimum password age Minimum
password length Password uniqueness Lockout after
specified number of unsuccessful logins Station
restrictions for login Time restrictions for
login Allow user to change password Require
passwords for users Limit concurrent logins Allow
grace logins (number of, after password expires)
X - X X X X X X X X X
X X X X X X X X X - -
28
Encryption

• If you cannot prevent users from gaining
  unauthorized access to data, you can take another
  measure, encryption, to prevent those users from
  using that data. Encryption is the process of
  taking data in its raw form, called plain text,
  and transforming it into a scrambled form, called
  cipher text.
• The most common encryption techniques are the
  data encryption standard (DES), originally
  established by the U.S. Bureau of Standards, and
  public key encryption.
• You almost always find encryption being used on
  LAN files that contain user passwords. Because
  passwords are stored in a file, access to the
  passwords in that file seriously jeopardizes
  system security if the passwords are stored in
  clear text. To overcome this problem, almost all
  systems encrypt the passwords before storing them
  on disk.

29
Access Matrix

• An access matrix is a grid where users are listed
  over columns, and files are listed at the
  beginning of a row, similar to a spreadsheet
  format. At the intersection of a row and column
  is a cell defining that users rights to that
  file. The rights represented are read (r), write
  (w), execute (e), and delete (d) a dash means no
  capability

30
Sample Matrix
User-1
User-2
User-3
rw-- ----
r--- ----
File-1 File-2
rwed r---
31
Novell NetWare File and Directory Rights
Supervisory Read Write Create Erase File
scan Modify Access control
Supervisory rights to the directory file and all
subdirectories Read an open file Write to an open
file Create a new file Delete an existing
file List names of files or subdirectories in
directory Change file attributes, rename files,
and rename directories Pass rights to directory
or file to another user
S R W C E F M A
32
File/Directory Tree Structure
Root
Directories
Database
Customer
SUB 1
Notes
33
Some Windows NT Rights
Access this computer from the network Add
workstations to a domain Back up files and
directories Change the system time Force shutdown
from a remote system Load and unload device
drivers Log on locally Manage auditing and
security log Restore files and directories Shut
down the system Take ownership of files
34
Windows NT Share Permissions
No Accessno permissions granted for
share Readread directories, files, run
programs Changeread access, plus can modify
files, delete and create directory entries Full
Controlread and change, plus change permissions
and take ownership
35
Security Policy Topics
Password administration Auditing
policy Consequences of employees intentionally
trying to subvert security Encryption
implementation Virus detection procedures Data
backup/restore policy Introduction of
software/data by employees, I.e., using media
from outside the organization Access to outside
networks/nodes Control of external access, e.g.,
switched and Internet connections Disaster
recovery Designation of personnel for monitoring
and implementing security Managing security
threats Security training Documentation Security
review procedures
36
Viruses

• A LAN administrator must protect the system from
  viruses. This is no easy task. In 1991,
  approximately 500 different viruses had been
  detected. By 1999, one antivirus software company
  had over 45,000 viruses registered.
• Viruses disrupt systems in a variety of ways, and
  some are more destructive than others. All
  viruses hinder normal system operations.

37
Virus Detection

• Viruses are detected in two ways. The most
  obvious but least desirable way is to experience
  the consequences of having a virus. The best way
  to detect a virus is to find it before it
  activates itself. A variety of antivirus programs
  are available for this purpose.
• Some anitvirus programs are run on demand,
  whereas others are constantly running. Programs
  that are constantly running use memory (and
  contribute to system overhead), but generally
  provide better protection than on-demand
  anitvirus programs.
• It is best to have a stand-alone computer
  conveniently available for virus detection. After
  data has been received, it and the stand-alone
  computer can be checked for viruses. After
  checking for viruses and removing any that are
  found, the administrator can move the data to the
  LAN.

38
How an Antivirus Program Works
Workstation
1. Workstation application issues request to
access a file. 2. Antivirus software examines
file being accessed. 3. Antivirus software writes
message to log file and system console. 4.
Antivirus software does one of the following (a)
removes virus form file, (b) erases file, (c)
moves file to disk area for infected files, (d)
renames files, (e) does nothing and allow file to
be accessed
Server
39
LAN Administration Backup and Recovery
40
Section Preview
In this section you will study

• Data backup
• Data recovery
• Problem detection
• Problem resolution
• Diagnostic hardware and software
• Disaster planning

41
Data Backup

• A good LAN-administration policy must provide a
  method of data recovery to correct data problems.
• Recovery
• If data in a database becomes corrupted or a text
  file is accidentally deleted, an organization
  will want to restore the data to a usable state.
  Restoring from backup is almost always the
  preferred way to do this.
• Archiving
• Records, or other data, that you no longer
  regularly need can be archived that is stored in
  another location than your hard drive.

42
Ways in which Data Can Be Corrupted
An application program with a logic bug can
change data incorrectly. A user can accidentally
erase a file.A user can accidentally destroy a
file by copying a new file over it. A user can
maliciously destroy a file or data in a file. A
system failure can leave the database in a state
of partial update. A disk failure can destroy
data or render it inaccessible. An undetected
virus can erase or otherwise destroy data. A bug
in system software, such as the database
management system, can cause data loss,
unreliable results, or data corruption.
43
Types of Backups

• Incremental Backup
• This type of backup, also called a partial
  backup, backs up all files that have changed
  since the preceding backup
• With an incremental backup, only files with the
  archive bit set are backed up.
• Differential Backup
• A differential backup backs all files that have
  changed since the last full backup.
• A differential backup will not reset the archive
  bit.

44
Comparison of Incremental and Differential Backups
Incremental Backup Contents
Differential Backup Contents
Files Updated
Day
Full backup completed FileA, FileB, FileC FileA,
FileD FileE FileA, FielC, FileF FileA
FileA, FileB, FileC FileA, FileD FileE FileA,
FielC, FileF FileA
FileA, FileB, FileC FileA, FileB, FileC,
FileD FileA, FileB, FileC, FileD, FileE FileA,
FileB, FileC, FileD, FileE, FileF FileA, FileB,
FileC,FileD, FileE, FileF
Sunday Monday Tuesday Wednesday Thursday Frid
ay
45
Backup Generations
First Generation of Backups
First Generation of Backups
Tape 1
Tape 2
Grandfather
Grandfather
Tape 2
Tape 3
Father
Father
Tape 3
Tape 4
Son
Son
Tape 4
Tape 1
Unused
Next to Be Used
46
A Sample Backup Retention Policy
Backup Policy
Back up all files changed since the backup of the
preceding day. Make two copies store one copy
off-site. Back up all files. Make two copies
store one copy off-site. Back up all files as of
midnight, December 31. Back up all files as of
midnight at the end of the fiscal year. Make two
copies store one copy off-site.
Daily Weekly End of year
Retention Policy
Retain weekly backups and daily backups for 1
month. Retain the first backup of each month for
1 year. Retain the end-of-year backups for 5
years.
47
Backup Frequency

• Static data should be backed up at least twice,
  and the two versions should be stored in separate
  locations.
• Dynamic files must be backed up more often. Some
  installations do daily backups others find that
  a weekly backup is adequate.
• Failure rates and timeliness of recovery are
  factors to consider as well. If failure rates and
  the need to immediately return to operational
  status are high, then backups should be more
  frequent than if failure is uncommon and
  timeliness is not a major factor.

48
How and When to Make Backups

• Because most of todays LAN backup utilities do
  not provide data integrity protection for on-line
  backups, it is usually best to create the backups
  when data is not being modified.
• In many situations, the LAN is not used at all
  over night. Unattended backups are possible
  through the backup software itself or through
  separate software utilities.
• If a companys software does not provide
  unattended backup, the LAN administrator may
  still be able to start the backup remotely.

49
Data Inconstancy During File Backup
File 1
File 2
Time
Record A-1,000
Record X-1,500
Backup Starts
Record A-1,000
File 1 Backup Completes
Transaction Starts
Record A-500
Record X-1,500
Record A-500
Record X-2,000
Transaction Ends
File 2 Backup Begins
Record X-2,000
Backup is inconsistent, Record A show a balance
of 1,000 and Record X shows a balance of 2,000
Record A-500
Record X-2,000
50
Use of a Before Image in a Transaction
Before Images
Time
File 1
File 2
1,000
500
Begin Transaction
1. Capture before image of record being changed.
File 1 1,000
2. Deduct 300 from record and write new balance.
700
3. Capture before image of record being changed.
File 2 500
4. Add 300 to balance of record in File 2.
800
End Transaction
If for some reason the transaction cannot be
completed, the before images are used to back up
database changes that have been made and thus
restore the integrity of the database.
51
Database After Images
Time
File 1
File 2
After Images
1,000
500
Begin Transaction
1. Capture after image of record being changed.
File 1 700
Transfer 300 from File 1 to File 2.
2. Deduct 300 from record and write new balance.
700
3. Capture after image of record being changed.
File 2 800
4. Add 300 to balance of record in File 2.
800
End Transaction
If a failure occurs that destroys data in File 1
and/or File 2, the current state of the database
can be reconstructed through backup tapes and the
after images of completed transactions. The
backup is first restored, and then the after
images are written in chronological order to
bring the database forward to a current,
consistent state.
52
Synchronization of Backups and the After-Image
Audit Trail
After-Image Audit Trail
Time
Record 1 File 3 Record 20 File 2 Record 2003
File1 Record 992 File 1 . . .
Backup begins.
Current after-image audit trial is closed.
After-Image Audit Trail
Backup Tape
Record 123 File 4 Record 1209 File 1 Record 25671
File 1 Record 46013 File 3 . . .
New after-image audit trail started. The new
after-image audit trail is synchronized with the
backup just completed
Backup Tape
Backup completes.
53
Recovery Steps
Identify and correct the source of the
problem. Back up the data that has been
corrupted. Restore the most recent, valid backup
version of the lost data. Bring the data forward
I time until it is both consistent and
current. Run diagnostic tests to ensure that the
recovery has indeed corrected the problem and
that the data is consistent. Document the problem
experience, corrective actions, and problems
encountered during recovery. Create and implement
procedures to prevent similar future occurrences.
54
Disaster Planning

• A disaster plan addresses situations that disable
  major portions of the system. Disaster planning
  covers situations arising from fires,
  earthquakes, floods, and intentional acts of
  system destruction.
• A key aspect of a disaster plan is off-site data
  storage and hardware replacement.
• After planning for software and data recovery,
  the LAN administrator should also have plans for
  rebuilding the system. This may include items
  such as sources of compatible hardware,
  identification of hardware at other corporate
  locations that might be borrowed for emergency
  use, identification of alternative locations for
  temporarily or permanently installing the new
  system, and identification of companies
  specializing in all aspects of LAN hardware,
  software, cabling, installation, and data
  recovery.

55
Items Included in Disaster Plan
Amount of insurance coverage for software,
hardware, and cabling Insurance carrier Steps
required to begin replacing/repairing insured
components Location of off-site storage of
software Currency of off-site software
backups Device used to create off-site
storage Sources of replacement software Companies
specializing in recovering data from damaged
media (backup tapes and disk drives) Location of
off-site storage of data Currency of off-site
data backups Device used to create off-site data
storage Methods to bring off-site data forward to
a current status Companies specializing in
recovering data from damaged media (backup tapes
and disk drives)
Insurance Software Data
56
Items Included in Disaster Plan (cont.)
Workstation configurations Server
configurations LAN topology/wiring
diagrams Sources of replacement hardware Sources
for repairing broken hardware Location of spare
hardware Alternative locations for establishing a
new network environment Minimum requirements for
establishing a new network environment Names of
companies specializing in data recovery, setting
up a new network, data entry, cabling repair, and
so on
Hardware Environment Outside Help
57
LAN Administration Reactive and Proactive
Management
58
Section Preview
In this section you will study

• Problem identification and correction
• System tuning
• Capacity planning
• Managing system expansion
• Network management systems
• Network management protocols

59
Reactive Network Management

• Information gathering
• Any failure experienced by a user can be the
  result of user errors, software errors, hardware
  errors, inappropriate environment settings, or
  faulty security. The first step in problem
  resolution, information gathering, involves the
  identification of various possible causes of the
  failure.
• Diagnosis and Analysis
• The objective of problem diagnosis and analysis
  is to isolate the source of the problem. This
  leads to problem identification and solution.
• Identification and Resolution
• Once the LAN administrator has correctly
  identified the problem, it must be corrected. The
  problem dictates the solution.
• Documentation
• Sometime one problem occurs several times. Having
  good documentation of previous problems and their
  solutions can significantly reduce the time it
  takes to correct a problem that appears again.

60
Features of Remote Control Software
Remote screen display Remote keyboard
entry Ability for many viewers to be connected to
on node Ability of one viewer to view multiple
nodes Password protection Audio tone to indicate
when someone begins viewing File transfer Ability
to discover and report the host
configuration Ability to print a memory map of a
host Chat mode, allowing users at both ends to
exchange messages over the connection
61
Cable Tester Functions
Cable connectors Cable types Protocols Printer
interface Faults detected
AUI ARCnet Length Crossed pairs Attenuation
R145 Twisted-pairUTP, STP, CAT
3-5 Ethernet Serial Opens Pair length
mismatch Terminator resistance
BNC Coaxial cable Token ring Parallel Shorts Nea
r end crosstalk (NEXT) Category conformance
62
Protocol Analyzer Functions
Utilization statistics Number of packets received
by a node Data logging Packet filtering Logging
of data portion of packets Alarms Support for
multiple protocols
Number of packets sent by a node Packet
errors Test packet transmission Logging of
protocol headers Network load statistics Cable
testing Printed reports
63
Proactive Network Management

• Ideally, the network administrator anticipates
  problems and corrects them before they occur.
  This type of administration is called proactive
  network management. This is not always possible
  because an administrator cannot usually
  anticipate hardware and software failures.
• A good LAN administrator notices small changes in
  performance of the system and takes steps to
  avoid their becoming major problems for LAN
  users.
• Another LAN-administration task is capacity
  planning, which basically is planning for the
  future.

64
Tuning a System

• One of the primary tools used to tune a network
  is a network management system (NMS). A good NMS
  has both data collection and analysis components
  and creates monitors that raise alarms if
  performance degenerates below certain levels.
• Another tool used in tuning is a network
  analyzer. The network analyzer reports on the
  type and number of packets being sent, the number
  of transmission errors encountered, and so on.

65
Tuning a System (cont.)

• The general process of tuning is outlined as
  follows
• 1. Measure system performance collect and
  analyze data.
• 2. Identify possible solutions to problems.
• 3. Choose one solution that has the highest
  merit the best gain in efficiency and returned
  performance per cost of implementation, or the
  quickest and easiest to implement.
• 4. Install and test the selected solution.
• 5. Evaluate the results.
• 6. If performance is still poor, go back to step
  1.
• 7. Implement and document the solution.

66
Capacity Planning

• Capacity planning is a key responsibility of the
  network administrator. Capacity planning is the
  art of anticipating the workload of the network
  months or years in advance and taking steps to
  ensure that the network is able to withstand
  future loads.
• Among the many tools that have been developed for
  capacity planning on microcomputers, three are
  particularly effective
• performance monitors
• simulation models
• workload generators

67
Simulation Models

• Simulation models allow the user to describe
  network hardware configurations and application
  activities. The model analyzes how the system can
  be expected to perform under the described
  conditions. This is useful for estimating
  response times, processor use, line congestion,
  and potential bottlenecks.

68
Workload Generators

• Whereas the simulation model estimates system use
  and can be run on a single microcomputer, a
  workload generator actually generates transaction
  loads for execution on the proposed
  configuration. A workload generator together with
  a performance monitor can illustrate how the
  system will actually function in the proposed
  configuration.
• A workload generator requires that you build the
  network to test it out. It is therefore used more
  often when acquiring a new LAN.

69
Configuration of Hardware and Software Upgrades

• Installing hardware and software upgrades affects
  existing LAN users, whereas initial LAN
  installation is not impeded by the needs of
  existing users. LAN administrators must plan
  upgrades carefully to minimize the disruption to
  LAN users.
• Ideally, the administrator can first install and
  test all hardware and software upgrades on an
  experimental LAN, that is, a small LAN separate
  from the production LAN. Many installations do
  not have the luxury of an experimental LAN and
  make all changes directly to the operational
  system.

70
Network Management System Functions
Event logging Graphic user interface Message
traffic statistics Workstation status
monitoring Meter use of software licenses Expert
system problem diagnosis User logon
statistics Media monitoring
Alerts and alarms Virus protection Server status
monitoring Automatic log backup Trend
analysis Network topology graphs Intruder
detection
71
Network Management Systems

• Monitors, or agents, located throughout the
  network, can be dedicated hardware or software
  devices, or they can be intelligent network
  devices such as bridges, hubs, or intelligent
  microcomputer device controllers.
• Network management software collects data from
  the monitors. The data is usually stored in a
  database for later analysis.
• The filter receives warning messages, reformats
  them, forwards the messages to one or more
  control centers, and suppresses redundant
  messages.

72
Network Management Systems (cont.)

• An alarm can be an audio signal, a flashing
  light, a call to a pager, a FAX message, or a
  message to a remote system. An alert is less
  obvious than an alarm. An alert may indicate
  potential problems by using colors on a color
  monitor.
• The report generator allows network
  administrators to analyze data that has been
  captured in the network database.

73
Simple Network Management Protocol

• The simple network management protocol (SNMP) is
  based on the transmission control
  protocol/internet protocol (TCP/IP)
• SNMP has four key components
• the protocol itself
• structure of management information (SMI)
• management information base (MIB)
• network management system (NMS)

74
Common Management Information Protocol

• In competition with SNMP is the International
  Standards Organizations (ISOs) common management
  information protocol (CMIP).
• CMIP has a more complex protocol for exchanging
  messages among network components and has a
  richer command language and management
  information base. Therefore, CMIP has the
  potential for better control and the ability to
  overcome the limitations of SNMP.
• There are currently no provisions for
  interoperability of SNMP and CMIP, and it will
  take some time for CMIP to overcome the impetus
  of SNMP

75
SNMP Environment
Device Being Monitored
SNMP Protocol
Network Management Station
Bridge