Training Report - Analysis of Network Setup Along With Server Installation and Development

By FaaDoOEngineers.
com
PROJECT REPORT
OF
TWO MONTHS PRACTICAL TRAINING UNDERTAKEN
AT
BHARAT HEAVY ELECTRICALS LIMITED
ON
ANALYSIS OF NETWORK SETUP OF BHEL along

with SERVER INSTALLATION and
DEVELOPMENT AND IMPLEMENTATION OF
CHAT SERVER using RMI ON THE NETWORK
By FaaDoOEngineers.com
ACKNOWLEDGMENT
No academic endeavor can be single handedly accomplished. This work is no exception.
Nothing concrete can be achieved without an optimal combination of inspiration and
perspiration. No work can be accomplished without taking the guidance of the experts. It
is only the critiques from ingenious intellectuals that help transform a product into a
quality product.
Last, but not least, I would like to thank all my companions for their help, which was in
abundance when asked for, making this project a success.
PREFACE
I pursued this dissertation on the subject ANALYSIS OF NETWORK SETUP OF

BHEL along with SERVER INSTALLATION and DEVELOPMENT AND
IMPLEMENTATION OF CHAT SERVER using RMI ON THE NETWORK as a part
of my B.Tech Course. I have tried to complete it with full dedication.
This project is divided into small modules starting with Basic Networking terms and
concepts. It deals with familiar terms with their brief and easy explanation. After getting
familiarized with basic networking knowledge we proceed into the analysis and study of
the network structure setup of the company. Here we study how the network works. Next
we proceed into the server installation and data migration. It includes basic steps involved
during server installation with due knowledge of various components used in the process.
Last we develop and implement a chat server using rmi on the lan setup of the company.
This chat server system is many-to-many arrangement; every-one is able to "talk" to
anyone else. Messages may be sent to special individuals via private chatting through
server.
TABLE OF CONTENTS
PAGES
COMPANY PROFILE
Module 1: Basics of Networking
Definition
Types of Networks
Intro. to Protocols
TCP/IP Model
Switching-Def. and Types
Internet Protocol
IP Addressing
Subnet And Masking
IPv6
Broadcasting Methods
Switch and Hub
Module 2: Analysis of Network setup
N/W Setup Sketch
Overview
Routing
Switching Process
DNS-Def , Working
Address Resolve Mechanism
Proxy servers
VPN
ISDN
IPS
DME Overview
MPLS Switching
DMZ
Module 3: Server Installation
Overview and Scope of Work
HP Proliant DL580 G4
Storage Description
Key Benefits
RAM
o AMB
o FB DIMM Arch. and Adv.
Hard Disk Drive
KVM
ILO-Integrated Lights Out Mgmt. N/w
o Options and Setup
o Advantages of ILO
RAID-Def. , Types
Module 4: Development and Implementation of Chat Server using RMI

Overview
Introduction to RMI
Problem Description
Problem Solution
Design Client , Server
User Interface
Hardware Interface
Software Interface
User characteristics
Assumptions
Implementing the server
Implementing the client
Limitations of the project
CONCLUSION
REFERENCES
COMPANYS PROFILE
BHEL is the largest engineering and manufacturing enterprise in India in the energyrelated/infrastructure sector, today. BHEL was established more than 40 years ago,
ushering in the indigenous Heavy Electrical Equipment industry in India a dream that
has been more than realized with a well recognized track record of performance. The
company has been earning profits continuously since 1971-72 and paying dividends since
1976-77.
BHEL manufactures over 180 products under 30 major products group and caters to core
sectors of the Indian Economy viz., Power Generation & Transmission, Industry,
Transportation, Telecommunications Renewable Energy etc. The wide network of
BHELs 14 manufacturing divisions, four Power Sector regional centers, over 100 project
sites, eight service centers and 18 regional offices, enables the Company to promptly
serve its customer and provide them with suitable products, systems and services
efficiently and at competitive prices. The high level of quality & reliability of its products
is due to the emphasis on design, engineering and manufacturing to international
standards by acquiring and adapting some of the best technologies from leading
companies in the world, together with technologies developed in its own R&D centers.
BHEL has acquired certifications to Quality Management Systems ( ISO 9901),
Environmental Management Systems (ISO 14001), and Occupational Health & Safety
Management Systems (OHSAS 18001) and is also well on its journey towards Total
Quality Management.
BHEL has
Installed equipments FOR OVER 90,000 mw OF GENERATION For Utilities,
Captive and Industrial users.
Supplied over 2, 25,000 MVA transformer capacity and other equipment
operating in Transmission & distribution network up to 400 kV (AC & DC).
Supplied over 25,000 motors with Drive Control Systems to Power projects,
Petrochemicals, Refineries, Steel, Aluminum, Fertilizers, cement plants etc.
Supplied Traction electrics and electrics and AC/DC locos to power over 12,000
kms Railway network.
Supplied over one million Valves to Power Plants and other industries.
BHELs operations are organized around three business sectors, namely Power, Industry
including Transmission, Transportation, Telecommunication & Renewable Energy
and Overseas Business. This enables BHEL to have a strong customer orientation, to be
sensitive to his needs and respond quickly to the changes in the market.
BHELs vision is to become a world-class engineering enterprise, committed to
enhancing stakeholder value. The company is striving to give shape to its aspirations and
fulfill the expectations of the country to become a global player.
The greatest strength of BHEL is its highly skilled and committed 42,600 employees.
Every employee is given an equal opportunity to develop himself and grow in his career.
Continuous training and retraining, career planning, a positive work culture and
participative style of management all these have engendered development of a
committed and motivated workforce setting new benchmarks in terms of productivity,
quality and responsiveness.
The above information was about the company. Now about the department I worked in
the department is CIT, BHEL. This department only deals with the IT support and
maintenance of network all over India. There is a wireless network established which is
covering the offices of BHEL all over the country. This network enables many additional
features like audio conferencing, video conferencing and use of IP phones which offers a
free talk. There are IP phones installed at every office of BHEL and the main server
which is controlling the whole process is placed at Noida and Delhi. Therefore this
department looks after the maintenance of these servers; there are many other servers
which are used for different purposes.
Module1
Basics of Networking
NETWORKS:A network is a set of devices (often referred as node) connected by communication links.
A node can be a computer, printer, or any other device capable of spending and/or
receiving data generated by other nodes on networks.
BASIC TYPES OF NETWORKS TOPOLOGIES:
Bus (Linear, Distributed Bus)

Star
Ring
Mesh
o partially connected mesh (or simply 'mesh')
o fully connected mesh
Tree
Hybrid
Bus (Linear, Linear Bus):

Linear bus: The type of network topology in which all of the nodes of the network are
connected to a common transmission medium which has exactly two endpoints. All data
that is transmitted between nodes in the network is transmitted over this common
transmission medium and is able to be received by all nodes in the network virtually
simultaneously.
Distributed bus: The type of network topology in which all of the nodes of the network
are connected to a common transmission medium which has more than two endpoints
that are created by adding branches to the main section of the transmission medium the
physical distributed bus topology functions in exactly the same fashion as the physical
linear bus topology.
Star:
The type of network topology in which each of the nodes of the network is connected to a
central node with a point-to-point link in a 'hub' and 'spoke' fashion, the central node
being the 'hub' and the nodes that are attached to the central node being the 'spokes' all
data that is transmitted between nodes in the network is transmitted to this central node,
which is usually some type of device that then retransmits the data to some or all of the
other nodes in the network.
Ring:
The type of network topology in which each of the nodes of the network is connected to
two other nodes in the network and with the first and last nodes being connected to each
other, forming a ring all data that is transmitted between nodes in the network travels
from one node to the next node in a circular manner and the data generally flows in a
single direction only
Mesh:
The value of fully meshed networks is proportional to the exponent of the number of
subscribers, assuming that communicating groups of any two endpoints, up to and
including all the endpoints.
Fully connected: The type of network topology in which each of the nodes of the network
is connected to each of the other nodes in the network with a point-to-point link this
makes it possible for data to be simultaneously transmitted from any single node to all
of the other nodes.
Partially connected: The type of network topology in which some of the nodes of the
network are connected to more than one other node in the network with a point-to-point
link this makes it possible to take advantage of some of the redundancy that is provided
by a physical fully connected mesh topology without the expense and complexity
required for a connection between every node in the network.
Tree:
The type of network topology in which a central 'root' node (the top level of the
hierarchy) is connected to one or more other nodes that are one level lower in the
hierarchy (i.e., the second level) with a point-to-point link between each of the second
level nodes and the top level central 'root' node, while each of the second level nodes that
are connected to the top level central 'root' node will also have one or more other nodes
that are one level lower in the hierarchy (i.e., the third level) connected to it.
Hybrid:
The hybrid topology is a type of network topology that is composed of one or more
interconnections of two or more networks that are based upon different physical
topologies or a type of network topology that is composed of one or more
interconnections of two or more networks that are based upon the same physical
topology.
BASIC TYPES OF NETWORKS:
Personal Area Network (PAN)

Local Area Network (LAN)
Wide Area Network (WAN)
Global Area Network (GAN)
Personal Area Network (PAN) : A personal area network (PAN) is a computer
network used for communication among computer devices close to one person. Some
examples of devices that are used in a PAN are printers, fax machines, telephones, PDAs
or scanners. The reach of a PAN is typically within about 20-30 feet (approximately 6-9
meters).
Local Area Network (LAN): A network covering a small geographic area, like a home,
office, or building. Current LANs are most likely to be based on Ethernet technology. For
example, a library will have a wired or wireless LAN for users to interconnect local
devices (e.g., printers and servers) and to connect to the internet. All of the PCs in the
library are connected by category 5 (Cat5) cable, running the IEEE 802.3 protocol
through a system of interconnection devices and eventually connect to the internet. The
cables to the servers are on Cat 5e enhanced cable, which will support IEEE 802.3 at 1
Gbit/sec.
Wide Area Network (WAN): A WAN is a data communications network that covers a
relatively broad geographic area (i.e. one city to another and one country to another
country) and that often uses transmission facilities provided by common carriers, such as
telephone companies.
Multiple LAN Extenders Can Connect to the Host Router through a WAN
Global Area Network (GAN): Global area networks (GAN) specifications are in
development by several groups, and there is no common definition. In general, however,
a GAN is a model for supporting mobile communications across an arbitrary number of
wireless LANs, satellite coverage areas, etc.
DIAGRAM OF A COMMON NETWORK SYSTEM IS SHOWN ON THE NEXT
PAGE:
PROTOCOLS:A protocol is a set of rules that govern data communication. A protocol defines what is
communicated, how it is communicated, and when it is communicated. The key elements
of a protocol are syntax, semantics and timing.
SYNTAX: The term syntax refers to the structure or format of the data, meaning the
order in which they are presented .For example, a simple protocol might expect the first 8
bits to be the address of the sender, the second 8 bits to be the address of the receiver, and
the rest of the stream to be the message itself.
SEMANTICS: It refers to the meaning of each section of bits. How is a particular pattern
to be interpreted, and what action is to be taken based on that interpretation? For
example, does an address identify the route to be taken or the final destination of the
message?
TIMING: The term timing refers to two characteristics: when data should be sent and
how fast they can be sent. For example, if a sender produces data at 100Mbps but the
receiver can process data at only 1Mbps, the transmission will overload the receiver and
some data will be lost.
INTERNET PROTOCOL SUITE (TCP/IP):
The Internet protocol suite (commonly TCP/IP) is the set of communications protocols
that implement the protocol stack on which the Internet and most commercial networks
run. It is named from two of the most important protocols in it: the Transmission Control
Protocol (TCP) and the Internet Protocol (IP),
The original tcp/ip protocol suite was defined as having four layers: host-to-host, internet,
transport, and application. However, when it is compared to OSI, we can say that the
host-to-host layer is equivalent to the combination of physical and data link layer. The
internet layer is equivalent to network layer, and the application layer is roughly doing
the job of session, presentation and application layer with the transport layer in TCP/IP
taking care of part of duties of session layer.
Physical and data link layers: At the physical and data link layer, TCP/IP does not
define any specific protocol. It supports all the standard and proprietary protocols.
Networks in a TCP/IP interwork can be a local-area network or wise-area networks.
Network layer: At the network layer TCP/IP suit supports the inter networking
protocol.IP, in turn, uses four supporting protocols: ARP, RARP, ICMP and IGMP.
Address resolution protocol (ARP): is used to associate a logical address with a physical
address. On a typical physical network, such as LAN, each device on a link is identified
by a physical or station address, usually imprinted on the network interface card (NIC).
ARP is used to find the physical address when its internet address in known.
Reverse address resolution protocol (RARP): allows a host to discover its internet address
when its knows only its physical address. It is used when a computer is connected to a
network for the first time or when a diskless computer is booted.
Internet control message protocol (ICMP): is a mechanism used by hosts and gateways to
send notification of datagram problems back to sender. ICMP sends query and error
reporting message.
Internet group message protocol (IGMP): is use to facilitate the simultaneous
transmission of a message to a group of recipients.
Transport layer: UDP and TCP are transport level protocols responsible for delivery of
a message from a process (running program) to another process.
User datagram protocol (UDP): is a simpler of the two standard TCP/IP transport
protocols. It is a process-to-process protocol that adds only port address, checksum error
protocol, and length information to the data from the upper level.
Transmission control protocol (TCP): provides full transport-layer services to application.
Application layers: the application layer in TCP/IP is equivalent to the combined
session, presentation, and application layer in osi model. Many protocols are defined in
this layer.
APPLICATION
SMT
P
Presentation
FTP
HTT
P
SNM
P
DNS
TELEN
T
Session
Transport
Network
(Internet)
SCTP
ICMP
TCP
IGMP
UDP
IP
RARP
Data link
ARP
Protocols defined by the

Underlying networks
(Host-to-network)
Physical
FIGURE: This figure shows basic structure of TCP/IP model.
SWITCHING TECHNIQUE:
Switching is a communications method in which packets (discrete blocks of data) are
routed between nodes over data links shared with other traffic. In each network node,
packets are queued or buffered, resulting in variable delay.
Switching techniques used in networks:

Circuit switching:
In circuit switching, a caller must first establish a connection to a cal lee before any
communication is possible. During the connection establishment, resources are allocated
between the caller and the cal lee. Generally, resources are frequency intervals in a
Frequency Division Multiplexing (FDM) scheme or more recently time slots in a Time
Division Multiplexing (TDM) scheme. The set of resources allocated for a connection is
called a circuit. A path is a sequence of links located between nodes called switches. The
path taken by data between its source and destination is determined by the circuit on
which it is flowing, and does not change during the lifetime of the connection. The circuit
is terminated when the connection is closed. Resources remain allocated even if no data
is flowing on a circuit, hereby wasting link capacity when a circuit does not carry as
much traffic as the allocation permits. If no circuit can be established between a sender
and a receiver because of a lack of resources, the connection is blocked.
Packet switching:
Packet switching introduces the idea of cutting data on a flow into packets which are
transmitted over a network without any resource being allocated. If no data is available at
the sender at some point during a communication, then no packet is transmitted over the
network and no resources are wasted. Packet switching is the generic name for a set of
two different techniques: datagram packet switching and virtual circuit packet switching.
Datagram packet switching: Datagram packet switching does not require establishing
circuits prior to transmission of data and terminating circuits after the transmission of
data. The switches, called routers, have to make a lookup in the forwarding table, called
routing table, for each incoming packet. A routing table contains a mapping between the
possible final destinations of packets and the outgoing link on their path to the
destination. Routing tables can be very large because they are indexed by possible
destinations, making lookups and routing decisions computationally expensive, and the
full forwarding process relatively slow compared to circuit switching. In datagram packet
switching networks, each packet must carry the address of the destination host and use
the destination address to make a forwarding decision. Consequently, routers do not need
to modify the destination addresses of packets when forwarding packets.
Since each packet is processed individually by a router, all packets sent by a host to
another host are not guaranteed to use the same physical links. If the routing algorithm
decides to change the routing tables of the network between the instants two packets are
sent, then these packets will take different paths and can even arrive out of order. In
Figure for instance, packets use two different paths to go from User 1 to User 5. Second,
on a network topology change such as a link failure, the routing protocol will
automatically recomputed routing tables so as to take the new topology into account and
avoid the failed link.
Virtual circuit packet switching: Virtual circuit packet switching (VC-switching) is a
packet switching technique which merges datagram packet switching and circuit
switching to extract both of their advantages. VC-switching is a variation of datagram
packet switching where packets flow on so-called logical circuits for which no physical
resources like frequencies or time slots are allocated. Each packet carries a circuit
identifier which is local to a link and updated by each switch on the path of the packet
from its source to its destination. A virtual circuit is defined by the sequence of the
mappings between a link taken by packets and the circuit identifier packets carry on this
link. This sequence is set up at connection establishment time and identifiers are
reclaimed during the circuit termination.
Internet Protocol (IP): The Internet Protocol (IP) is a network-layer (Layer 3)
protocol that contains addressing information and some control information that enables
packets to be routed. IP is documented in RFC 791 and is the primary network-layer
protocol in the Internet protocol suite. Along with the Transmission Control Protocol
(TCP), IP represents the heart of the Internet protocols. IP has two primary
responsibilities: providing connectionless, best-effort delivery of datagrams through an
internetwork; and providing fragmentation and reassembly of datagrams to support data
links with different maximum-transmission unit (MTU) sizes.
IP Packet Format: An ip packet contains several types of information, as
illustrated in. Fourteen fields comprise an ip packet.
The following discussion describes the IP packet fields illustrated in:
Versionindicates the version of IP currently used.
IP Header Length (IHL)indicates the datagram header length in 32-bit words.
Type-of-Servicespecifies how an upper-layer protocol would like a current

datagram to be handled, and assigns datagrams various levels of importance.
Total Lengthspecifies the length, in bytes, of the entire IP packet, including the
data and header.
Identificationcontains an integer that identifies the current datagram. This field is
used to help piece together datagram fragments.
Flagsconsist of a 3-bit field of which the two low-order (least-significant) bits
control fragmentation. The low-order bit specifies whether the packet can be fragmented.
The middle bit specifies whether the packet is the last fragment in a series of fragmented
packets. The third or high-order bit is not used.
Fragment Offsetindicates the position of the fragment's data relative to the
beginning of the data in the original datagram, which allows the destination IP process to
properly reconstruct the original datagram.
Time-to-Livemaintains a counter that gradually decrements down to zero, at which
point the datagram is discarded. This keeps packets from looping endlessly.
ProtocolIndicates which upper-layer protocol receives incoming packets after IP
processing is complete.
Header Checksumhelps ensure IP header integrity.
Source Addressspecifies the sending node.
Destination Addressspecifies the receiving node.
OptionsAllows IP to support various options, such as security.
DataContains upper-layer information.
IP Addressing: As with any other network-layer protocol, the IP addressing

scheme is integral to the process of routing IP datagrams through an internetwork. Each
IP address has specific components and follows a basic format. These IP addresses can be
subdivided and used to create addresses for sub networks, as discussed in more detail
later in this chapter.
Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided
into two main parts: the network number and the host number. The network number
identifies a network and must be assigned by the Internet Network Information Center
(InterNIC) if the network is to be part of the Internet. An Internet Service Provider (ISP)
can obtain blocks of network addresses from the InterNIC and can itself assign address
space as necessary. The host number identifies a host on a network and is assigned by the
local network administrator.
IP Address Format: The 32-bit IP address is grouped eight bits at a time, separated
by dots, and represented in decimal format (known as dotted decimal notation). Each bit
in the octet has a binary weight (128, 64, 32, 16, 8, 4, 2, 1). The minimum value for an
octet is 0, and the maximum value for an octet is 255. illustrates the basic format of an IP
address.
An IP address consists of 32 bits, grouped into four octets.
IP Address Classes: IP addressing supports five different address classes: A, B, C,

D, and E. Only classes A, B, and C are available for commercial use. The left-most (highorder) bits indicate the network class. Provides reference information about the five IP
address classes.
Reference Information about the Five IP Address Classes
IP
Address
Class Format
Purpose
HighOrder
No. Bits
Bit(s) Address Range Network/Host
Max.
Hosts
N.H.H.H1 Few large

0
organizations
1.0.0.0 to
126.0.0.0
7/24
167772142
(224 - 2)
N.N.H.H Medium-size 1, 0
organizations
128.1.0.0 to
191.254.0.0
14/16
65534 (216
- 2)
N.N.N.H Relatively
1, 1, 0 192.0.1.0 to
small
223.255.254.0
organizations
21/8
254 (28 2)
N/A
Multicast
1, 1,
groups (RFC 1, 0
1112)
224.0.0.0 to
N/A (not for
239.255.255.255 commercial
use)
N/A
N/A
Experimental 1, 1,
1, 1
240.0.0.0 to
N/A
254.255.255.255
N/A
N = Network number, H = Host number.
One address is reserved for the broadcast address, and one address is reserved for the
network.
Illustrates the format of the commercial IP address classes. (Note the high-order bits in
each IP address formats A, B and C are available for commercial use.
The class of address can be determined easily by examining the first octet of the address
and mapping that value to a class range in the following table. In an IP address of
172.31.1.2, for example, the first octet is 172. Because 172 fall between 128 and 191,
172.31.1.2 is a Class B address. This summarizes the range of possible values for the first
octet of each address class.
A range of possible values exists for the first octet of each address class.
IP Subnet Addressing: IP networks can be divided into smaller networks called
sub networks (or subnets). Subnetting provides the network administrator with several
benefits, including extra flexibility, more efficient use of network addresses, and the
capability to contain broadcast traffic (a broadcast will not cross a router).
Subnets are under local administration. As such, the outside world sees an organization as
a single network and has no detailed knowledge of the organization's internal structure.
A given network address can be broken up into many sub networks. For example,
172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0 are all subnets within network
171.16.0.0. (All 0s in the host portion of an address specifies the entire network.)
IP Subnet Mask: A subnet address is created by "borrowing" bits from the host
field and designating them as the subnet field. The number of borrowed bits varies and is
specified by the subnet mask. Shows how bits are borrowed from the host address field to
create the subnet address field. Bits are borrowed from the host address field to create the
subnet address field.
Subnet masks use the same format and representation technique as IP addresses. The
subnet mask, however, has binary 1s in all bits specifying the network and sub network
fields, and binary 0s in all bits specifying the host field. Here is the illustration of a
sample subnet mask. A sample subnet mask consists of all binary 1s and 0s.
Subnet mask bits should come from the high-order (left-most) bits of the host field, as
illustrates. Details of Class B and C subnet mask types follow. Class A addresses are not
discussed in this chapter because they generally are subnetted on an 8-bit boundary.
Subnet mask bits come from the high-order bits of the host field.
Various types of subnet masks exist for Class B and C subnets.

The default subnet mask for a Class B address that has no subnetting is 255.255.0.0,
while the subnet mask for a Class B address 171.16.0.0 that specifies eight bits of
subnetting is 255.255.255.0. The reason for this is that eight bits of subnetting or 28 - 2 (1
for the network address and 1 for the broadcast address) = 254 subnets possible, with 28 2 = 254 hosts per subnet.
The subnet mask for a Class C address 192.168.2.0 that specifies five bits of subnetting is
255.255.255.248.With five bits available for subnetting, 25 - 2 = 30 subnets possible, with
23 - 2 = 6 hosts per subnet.
The reference charts shown in table can be used when planning Class B and C networks
to determine the required number of subnets and hosts, and the appropriate subnet mask.
Class B Subnetting Reference Chart
Number of
Bits
Number of
Subnets
Subnet Mask
Number of
Hosts
255.255.192.0
16382
255.255.224.0
8190
255.255.240.0
14
4094
255.255.248.0
30
2046
255.255.252.0
62
1022
255.255.254.0
126
510
255.255.255.0
254
254
255.255.255.128 510
126
10
255.255.255.192 1022
62
11
255.255.255.224 2046
30
12
255.255.255.240 4094
14
13
255.255.255.248 8190
14
255.255.255.252 16382
Class C Subnetting Reference Chart

Number of
Bits
Subnet Mask
Number of
Subnets
Number of
Hosts
255.255.255.192 2
62
255.255.255.224 6
30
255.255.255.240 14
14
255.255.255.248 30
How Subnet Masks are used to determine the Network Number:
The router performs a set process to determine the network (or more specifically, the sub
network) address. First, the router extracts the IP destination address from the incoming
packet and retrieves the internal subnet mask. It then performs a logical AND operation to
obtain the network number. This causes the host portion of the IP destination address to
be removed, while the destination network number remains. The router then looks up the
destination network number and matches it with an outgoing interface. Finally, it
forwards the frame to the destination IP address. Specifics regarding the logical AND
operation are discussed in the following section.
Logical AND Operation: Three basic rules govern logically "ANDing" two
binary numbers. First, 1 "ANDed" with 1 yield 1. Second, 1 "ANDed" with 0 yields 0.
Finally, 0 "ANDed" with 0 yields 0. The truth table provided in table illustrates the rules
for logical AND operations.
Rules for Logical AND Operations

Input
Input
Output
Two simple guidelines exist for remembering logical AND operations: Logically
"ANDing" a 1 with a 1 yields the original value, and logically "ANDing" a 0 with any
number yields 0. This illustrates that when a logical AND of the destination IP address
and the subnet mask is performed, the sub network number remains, which the router
uses to forward the packet.
Applying a logical AND the destination IP address and the subnet mask produces the sub
network number.
IPv6:
One of the newest major standards on the horizon is IPv6. Although IPv6 has not
officially become a standard, it is worth some overview. Internet Protocol Version 4 is
the most popular protocol in use today although there are some questions about its
capability to serve the Internet community much longer. IPv4 was finished in the 1970s
and has started to show its age. The main issue surrounding IPv6 is addressingor, the
lack of addressingbecause many experts believe that we are nearly out of the four
billion addresses available in IPv4. Although this seems like a very large number of
addresses, multiple large blocks are given to government agencies and large
organizations. IPv6 could be the solution to many problems, but it is still not fully
developed and is not a standardyet!
Expanded addressing moves us from 32-bit address to a 128-bit addressing method. It
also provides newer unicast and broadcasting methods, injects hexadecimal into the IP
address, and moves from using "." to using ":" as delimiters. Figure shows the IPv6
packet header format.
Figure IPv6 Packet Header Format
Description of IPv6 Packet Header: The simplified header is 40 bits long and
the format consists of Version, Class, Flow Label, Payload Length, Next Header, Hop
Limit, Source Address, Destination Address, Data, and Payload fields.
Hexadecimal "Hex: At its simplest, hex numbers are base 16. Decimal is base 10,
counting from 0 to 9, as we do in decimal, and then adding a column to make 10.
Counting in hex goes from 0 to F before adding a column. The characters A through F
represent the decimal values of 10 through 15, as illustrated in Figure.
Figure Hex Characters A Through F Represent the Numbers 10 Through 15
Counting in hex goes as follows: 0 1 2 3 4 5 6 7 8 9 A B C D E F 10 11 12 13 14 15 16

17 18 19 1A 1B 1C 1D 1E 1F 20 21 and up, as far as you want to go.
Addressing Description: Lets look at an example of IPv6 address. The address is an
eight-part hex address separated by colons (" :"). Each part n can equal a 16-bit number
and is eight parts long, providing a 128-bit address length (16
1080:0:0:0:8:800:200C:417A Unicast address

FF01:0:0:0:0:0:0:101 Multicast address
Broadcasting Methods:
Included in IPv6 are a number of new broadcasting methods:
Unicast
Multicast
Anycast
Unicast: Unicast is a communication between a single host and a single receiver. Packets
sent to
a unicast address are delivered to the interface identified by that address, as seen in
Figure Unicast Sends Packets to a Specified Interface
Multicast: Multicast is communication between a single host and multiple receivers.

Packets are sent to all interfaces identified by that address, as seen in Figure .
Figure Multicast Sends Packets to a Subnet, and Defined Devices Listen for Multicast
Packets
Anycast :Packets sent to an anycast address or list of addresses are delivered to the
nearest interface identified by that address. Anycast is a communication between a single
sender and a list of addresses, as shown in Figure Anycast Sends Packets to Specified
Interface List and Can Contain End Nodes and Routers
Some of the benefits of IPv6 seem obvious: greater addressing space, built-in QoS, and
better routing performance and services.
Difference between Hubs, Switches and Routers:

Hub: Its just like a mains multiplug unit. There is no intelligence or circuitry in it. More
complex units may incorporate an amplifier or repeater. The network signal goes into one
port and out of all the others. This is a Layer 1 device.
Switches: A Switch has a small level of intelligence, in that it can open a message, check
the IP address, and direct the message packets to the port on which the device with that IP
address resides. It cannot modify IP addresses or see addresses outside of the range of the
'home' network. This is a Layer 2 device.
Routers: Router can read IP addresses, and direct the messages to another network with
different IP addresses to the originating network. The Router software can build up an
address table, so that it 'knows' where other devices are. This is a Layer 3 device.
Module2
Analysis of Network Setup Of BHEL
internet
Internet router
IPS
VLAN server
PROXY vv
Load
DNS
Balancer
Ether net channel
MPLS
Distribution switch
Distribution switch
Isdn
cloud
Access switch
Access switch
wan
Power
Block
ACCESS SWITCH
Local host
ACCESS SWITCH
Local server
ACCESS SWITCH
Local proxy
ACCESS
SWITCH
Local host
OVERVIEW
The figure shown in the previous page is the rough representation of the network setup of
BHEL .There are various terms in the diagram which are described below in the current
module. Brief explanation about working of the setup will be discussed after getting
familiarized with various components as explained below.
COMPONENTS OF NETWORK STRUCTURE:

Routing:
Routing is the act of moving information across an internetwork from a source to a
destination. Along the way, at least one intermediate node typically is encountered.
Routing Components
Routing involves two basic activities: determining optimal routing paths and transporting
information groups (typically called packets) through an internetwork. In the context of
the routing process, the latter of these is referred to as packet switching. Although packet
switching is relatively straightforward, path determination can be very complex.
Path Determination
Routing protocols use metrics to evaluate what path will be the best for a packet to travel.
A metric is a standard of measurement, such as path bandwidth, that is used by routing
algorithms to determine the optimal path to a destination. To aid the process of path
determination, routing algorithms initialize and maintain routing tables, which contain
route information. Route information varies depending on the routing algorithm used.
Routing algorithms fill routing tables with a variety of information. Destination/next hop
associations tell a router that a particular destination can be reached optimally by sending
the packet to a particular router representing the "next hop" on the way to the final
destination. When a router receives an incoming packet, it checks the destination address
and attempts to associate this address with a next hop. Figure depicts a sample
destination/next hop routing table.
Destination/Next Hop Associations Determine the Data's Optimal
Path
Routing tables also can contain other information, such as data about the desirability of a
path. Routers compare metrics to determine optimal routes, and these metrics differ
depending on the design of the routing algorithm used. Routers communicate with one
another and maintain their routing tables through the transmission of a variety of
messages. The routing update message is one such message that generally consists of all
or a portion of a routing table. By analyzing routing updates from all other routers, a
router can build a detailed picture of network topology.
SWITCHING PROCESS
Switching algorithms is relatively simple; it is the same for most routing protocols. In
most cases, a host determines that it must send a packet to another host. Having acquired
a router's address by some means, the source host sends a packet addressed specifically to
a router's physical (Media Access Control [MAC]-layer) address, this time with the
protocol (network layer) address of the destination host.
As it examines the packet's destination protocol address, the router determines that it
either knows or does not know how to forward the packet to the next hop. If the router
does not know how to forward the packet, it typically drops the packet. If the router
knows how to forward the packet, however, it changes the destination physical address to
that of the next hop and transmits the packet.
The next hop may be the ultimate destination host. If not, the next hop is usually another
router, which executes the same switching decision process. As the packet moves through
the internetwork, its physical address changes, but its protocol address remains constant,
as illustrated in Figure.
The preceding discussion describes switching between a source and a destination end
system. The International Organization for Standardization (ISO) has developed a
hierarchical terminology that is useful in describing this process. Using this terminology,
network devices without the capability to forward packets between sub networks are
called end systems (ESs), whereas network devices with these capabilities are called
intermediate systems (ISs). ISs are further divided into those that can communicate
within routing domains (intradomain ISs) and those that communicate both within and
between routing domains (interdomain ISs). A routing domain generally is considered a
portion of an internetwork under common administrative authority that is regulated by a
particular set of administrative guidelines. Routing domains are also called autonomous
systems. With certain protocols, routing domains can be divided into routing areas, but
interdomain routing protocols are still used for switching both within and between areas.
Numerous Routers May Come into Play During the Switching

Process
Domain Name System

The Domain Name System (DNS) associates various information with domain names;
most importantly, it serves as the "phone book" for the Internet by translating humanreadable computer hostnames, e.g. www.example.com, into IP addresses, e.g.
208.77.188.166, which networking equipment needs to deliver information. A DNS also
stores other information such as the list of mail servers that accept email for a given
domain. By providing a worldwide keyword-based redirection service, the Domain Name
System is an essential component of contemporary Internet use.
Short for Domain Name System (or Service or Server), an Internet service that translates
domain names into IP addresses. Because domain names are alphabetic, they're easier to
remember. The Internet however, is really based on IP addresses. Every time you use a
domain name, therefore, a DNS service must translate the name into the corresponding IP
address. For example, the domain name www.example.com might translate to
198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to
translate a particular domain name, it asks another one, and so on, until the correct IP
address is returned.
Uses
Above all, the DNS makes it possible to assign Internet names to organizations (or
concerns they represent) independent of the physical routing hierarchy represented by the
numerical IP address. Because of this, hyperlinks and Internet contact information can
remain the same, whatever the current IP routing arrangements may be, and can take a
human-readable form (such as "example.com"). These Internet names are easier to
remember than the IP address 208.77.188.166. People take advantage of this when they
recite meaningful URLs and e-mail addresses without caring how the machine will
actually locate them.
The Domain Name System distributes the responsibility for assigning domain names and
mapping them to IP networks by allowing an authoritative name server for each domain
to keep track of its own changes, avoiding the need for a central register to be continually
consulted and updated.
Additionally other arbitrary identifiers such as RFID tags, UPC codes, International
characters in email addresses and host names, and a variety of other identifiers could all
potentially utilize DNS
How DNS works in theory
Domain names, arranged in a tree, cut into zones, each served by a name server.
The domain name space
The domain name space consists of a tree of domain names. Each node or leaf in the tree
has zero or more resource records, which hold information associated with the domain
name. The tree sub-divides into zones beginning at the root zone. A DNS zone consists of
a collection of connected nodes authoritatively served by an authoritative DNS name
server. (Note that a single name server can host several zones.)
When a system administrator wants to let another administrator control a part of the
domain name space within the first administrators zone of authority, control can be
delegated to the second administrator. This splits off a part of the old zone into a new
zone, which comes under the authority of the second administrator's name servers. The
old zone ceases to be authoritative for the new zone.
Parts of a domain name

A domain name usually consists of two or more parts (technically a label), which is
conventionally written separated by dots, such as example.com.
The rightmost label conveys the top-level domain (for example, the address
www.example.com has the top-level domain com).
Each label to the left specifies a subdivision, or subdomain of the domain above
it. Note: subdomain expresses relative dependence, not absolute dependence.
For example: example.com comprises a subdomain of the com domain, and
www.example.com comprises a subdomain of the domain example.com. In
theory, this subdivision can go down 127 levels. Each label can contain up to 63
octets. The whole domain name does not exceed a total length of 253 octets. [4] In
practice, some domain registries may have shorter limits.
A hostname refers to a domain name that has one or more associated IP addresses;
ie: the 'www.example.com' and 'example.com' domains are both hostnames;
however, the 'com' domain is not.
DNS servers
The Domain Name System consists of a hierarchical set of DNS servers. Each domain or
subdomain has one or more authoritative DNS servers that publish information about that
domain and the name servers of any domains "beneath" it. The hierarchy of authoritative
DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root
name servers: the servers to query when looking up (resolving) a top-level domain name
(TLD).
DNS resolvers
A resolver looks up the resource record information associated with nodes. A resolver
knows how to communicate with name servers by sending DNS queries and heeding
DNS responses.
A DNS query may be either a recursive query or a non-recursive query:
A non-recursive query is one where the DNS server may provide a partial answer
to the query (or give an error). DNS servers must support non-recursive queries.
A recursive query is one where the DNS server will fully answer the query (or
give an error). DNS servers are not required to support recursive queries.
The resolver (or another DNS server acting recursively on behalf of the resolver)
negotiates use of recursive service using bits in the query headers.
Resolving usually entails iterating through several name servers to find the needed
information. However, some resolvers function simplistically and can communicate only
with a single name server. These simple resolvers rely on a recursive query to a recursive
name server to perform the work of finding information for them.
Address Resolution Mechanism

In theory a full host name may have several name segments, (e.g.
ahost.ofasubnet.ofabiggernet.inadomain.example). In practice, full host names will
frequently consist of just three segments (ahost.inadomain.example, and most often
www.inadomain.example). For querying purposes, software interprets the name segment
by segment, from right to left, using an iterative search procedure. At each step along the
way, the program queries a corresponding DNS server to provide a pointer to the next
server which it should consult.
A DNS recursor consults three name servers to resolve the address www.wikipedia.org.
As originally envisaged, the process was as simple as:
1. The local system is pre-configured with the known addresses of the root servers in
a file of root hints, which need to be updated periodically by the local
administrator from a reliable source to be kept up to date with the changes which
occur over time.
2. Query one of the root servers to find the server authoritative for the next level
down (so in the case of our simple hostname, a root server would be asked for the
address of a server with detailed knowledge of the example top level domain).
3. Querying this second server for the address of a DNS server with detailed
knowledge of the second-level domain (in domain. example in our example).
4. Repeating the previous step to progress down the name, until the final step which
would, rather than generating the address of the next DNS server, return the final
address sought.
The mechanism in this simple form has a difficulty: it places a huge operating burden on
the root servers, with every search for an address starting by querying one of them. Being
as critical as they are to the overall function of the system, such heavy use would create
an insurmountable bottleneck for trillions of queries placed every day.
Proxy Server
In computer networks, a proxy server is a server (a computer system or an application
program) which services the requests of its clients by forwarding requests to other
servers. A client connects to the proxy server, requesting some service, such as a file,
connection, web page, or other resource, available from a different server. The proxy
server provides the resource by connecting to the specified server and requesting the
service on behalf of the client. A proxy server may optionally alter the client's request or
the server's response, and sometimes it may serve the request without contacting the
specified server. In this case, it would 'cache' the first request to the remote server, so it
could save the information for later, and make everything as fast as possible.
A proxy server that passes all requests and replies unmodified is usually called a gateway
or sometimes tunneling proxy.
A proxy server can be placed in the user's local computer or at specific key points
between the user and the destination servers or the Internet.
FIGURE: Schematic representation of a proxy server where the computer in the middle
acts as the proxy server between the other two.
Types and functions
Proxy servers implement one or more of the following functions:
Caching proxy server

A proxy server can service requests without contacting the specified server, by retrieving
content saved from a previous request, made by the same client or even other clients.
This is called caching. Caching proxies keep local copies of frequently requested
resources, allowing large organizations to significantly reduce their upstream bandwidth
usage and cost, while significantly increasing performance.
Web proxy
A proxy that focuses on WWW traffic is called a "web proxy". The most common use of
a web proxy is to serve as a web cache. Most proxy programs (e.g. Squid, Net Cache)
provide a means to deny access to certain URLs in a blacklist, thus providing content
filtering. This is usually used in a corporate environment, though with the increasing use
of Linux in small businesses and homes, this function is no longer confined to large
corporations. Some web proxies reformat web pages for a specific purpose or audience
(e.g., cell phones and PDAs).
Content Filtering Web Proxy

A content filtering web proxy server provides administrative control over the content that
may be relayed through the proxy. It is commonly used in commercial and noncommercial organizations (especially schools) to ensure that Internet usage conforms to
acceptable use policy.
Common methods used for content filtering include: URL or DNS blacklists, URL regex
filtering, MIME filtering, or content keyword filtering. Some products have been known
to employ content analysis techniques to look for traits commonly used by certain types
of content providers.
A content filtering proxy will often support user authentication, to control web access. It
also usually produces logs, either to give detailed information about the URLs accessed
by specific users, or to monitor bandwidth usage statistics. It may also communicate to
daemon based and/or ICAP based antivirus software to provide security against virus and
other malware by scanning incoming content in real time before it enters the network.
Anonymizing proxy server

An anonymous proxy server (sometimes called a web proxy) generally attempts to
anonymizing web surfing. These can easily be overridden by site administrators, and thus
rendered useless in some cases. There are different varieties of anonymizers.
Access control: Some proxy servers implement a logon requirement. In large
organizations, authorized users must log on to gain access to the web. The organization
can thereby track usage to individuals.
Hostile proxy
Proxies can also be installed by online criminals, in order to eavesdrop upon the dataflow
between the client machine and the web. All accessed pages, as well as all forms
submitted, can be captured and analyzed by the proxy operator. For this reason,
passwords to online services (such as web mail and banking) should be changed if an
unauthorized proxy is detected.
Intercepting proxy server

An intercepting proxy (also known as a "transparent proxy") combines a proxy server
with a gateway. Connections made by client browsers through the gateway are redirected
through the proxy without client-side configuration (or often knowledge).
Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable
use policy, and to ease administrative burden, since no client browser configuration is
required.
It is often possible to detect the use of an intercepting proxy server by comparing the
external IP address to the address seen by an external web server, or by examining the
HTTP headers on the server side.
Forced proxy
The term "forced proxy" is ambiguous. It means both "intercepting proxy" (because it
filters all traffic on the only available gateway to the Internet) and its exact opposite,
"non-intercepting proxy" (because the user is forced to configure a proxy in order to
access the Internet).
Forced proxy operation is sometimes necessary due to issues with the interception of
TCP connections and HTTP. For instance interception of HTTP requests can affect the
usability of a proxy cache, and can greatly affect certain authentication mechanisms. This
is primarily because the client thinks it is talking to a server, and so request headers
required by a proxy are unable to be distinguished from headers that may be required by
an upstream server (esp. authorization headers). Also the HTTP specification prohibits
caching of responses where the request contained an authorization header.
Reverse proxy server

A reverse proxy is a proxy server that is installed in the neighborhood of one or more
web servers. All traffic coming from the Internet and with a destination of one of the web
servers goes through the proxy server. There are several reasons for installing reverse
proxy servers:
Encryption / SSL acceleration: when secure web sites are created, the SSL
encryption is often not done by the web server itself, but by a reverse proxy that is
equipped with SSL acceleration hardware. See Secure Sockets Layer.
Load balancing: the reverse proxy can distribute the load to several web servers,
each web server serving its own application area. In such a case, the reverse proxy
may need to rewrite the URLs in each web page (translation from externally
known URLs to the internal locations).
Serve/cache static content: A reverse proxy can offload the web servers by
caching static content like pictures and other static graphical content.
Compression: the proxy server can optimize and compress the content to speed up
the load time.
Spoon feeding: reduces resource usage caused by slow clients on the web servers
by caching the content the web server sent and slowly "spoon feeds" it to the
client. This especially benefits dynamically generated pages.
Security: the proxy server is an additional layer of defense and can protect against
some OS and Web Server specific attacks. However, it does not provide any
protection to attacks against the web application or service itself, which is
generally considered the larger threat.
Extranet Publishing: a reverse proxy server facing the Internet can be used to
communicate to a fire walled server internal to an organization, providing extranet
access to some functions while keeping the servers behind the firewalls. If used in
this way, security measures should be considered to protect the rest of your
infrastructure in case this server is compromised, as it's web application is
exposed to attack from the Internet.
Circumventor
A circumventor is a method of defeating blocking policies implemented using proxy
servers. Ironically, most circumventors are also proxy servers, of varying degrees of
sophistication, which effectively implement "bypass policies".
A circumventor is a web-based page that takes a site that is blocked and "circumvents" it
through to an unblocked web site, allowing the user to view blocked pages. A famous
example is 'elgooG', which allowed users in China to use Google after it had been
blocked there. ElgooG differs from most circumventors in that it circumvents only one
block.
Students are able to access blocked sites (games, chat rooms, messenger, offensive
material, internet pornography, social networking, etc.) through a circumventor. As fast
as the filtering software blocks circumventors, others spring up. However, in some cases
the filter may still intercept traffic to the circumventor, thus the person who manages the
filter can still see the sites that are being visited.
Circumventors are also used by people who have been blocked from a web site.
Another use of a circumventor is to allow access to country-specific services, so that
Internet users from other countries may also make use of them. An example is countryrestricted reproduction of media and web casting.
The use of circumventors is usually safe with the exception that circumventor sites run by
an untrusted third party can be run with hidden intentions, such as collecting personal
information, and as a result users are typically advised against running personal data such
as credit card numbers or passwords through a circumventor.
Risks of using anonymous proxy servers

In using a proxy server (for example, anonymizing HTTP proxy), all data sent to the
service being used (for example, HTTP server in a website) must pass through the proxy
server before being sent to the service, mostly in unencrypted form. It is therefore
possible, as has been demonstrated, for a malicious proxy server to record everything sent
to the proxy: including unencrypted logins and passwords.
By chaining proxies which do not reveal data about the original requester, it is possible to
obfuscate activities from the eyes of the user's destination. However, more traces will be
left on the intermediate hops, which could be used or offered up to trace the user's
activities. If the policies and administrators of these other proxies are unknown, the user
may fall victim to a false sense of security just because those details are out of sight and
mind.
The bottom line of this is to be wary when using proxy servers, and only use proxy
servers of known integrity (e.g., the owner is known and trusted, has a clear privacy
policy, etc.), and never use proxy servers of unknown integrity. If there is no choice but
to use unknown proxy servers, do not pass any private information (unless it is properly
encrypted) through the proxy.
In what is more of an inconvenience than a risk, proxy users may find themselves being
blocked from certain Web sites, as numerous forums and Web sites block IP addresses
from proxies known to have spammed or trolled the site.
Virtual Private Networks
Virtual private networks (VPNs) are a fairly quixotic subject; there is no single defining
product, nor does even much of a consensus among VPN vendors as to what comprise a
VPN. Consequently, everyone knows what a VPN is, but establishing a single definition
can be remarkably difficult. Some definitions are sufficiently broad as to enable one to
claim that Frame Relay qualifies as a VPN when, in fact, it is an overlay network.
Although an overlay network secures transmissions through a public network, it does so
passively via logical separation of the data streams.
VPNs provide a more active form of security by either encrypting or encapsulating data
for transmission through an unsecured network. These two types of securityencryption
and encapsulationform the foundation of virtual private networking. However, both
encryption and encapsulation are generic terms that describe a function that can be
performed by a myriad of specific technologies. To add to the confusion, these two sets
of technologies can be combined in different implementation topologies. Thus, VPNs can
vary widely from vendor to vendor.
Integrated Services Digital Network

Integrated Services Digital Network (ISDN) is comprised of digital telephony and datatransport services offered by regional telephone carriers. ISDN involves the digitization
of the telephone network, which permits voice, data, text, graphics, music, video, and
other source material to be transmitted over existing telephone wires. The emergence of
ISDN represents an effort to standardize subscriber services, user/network interfaces, and
network and internetwork capabilities. ISDN applications include high-speed image
applications (such as Group IV facsimile), additional telephone lines in homes to serve
the telecommuting industry, high-speed file transfer, and videoconferencing. Voice
service is also an application for ISDN.
Intrusion prevention system

An intrusion prevention system is a computer security device that monitors network
and/or system activities for malicious or unwanted behavior and can react, in real-time, to
block or prevent those activities. Network-based IPS, for example, will operate in-line to
monitor all network traffic for malicious code or attacks. When an attack is detected, it
can drop the offending packets while still allowing all other traffic to pass. Intrusion
prevention technology is considered by some to be an extension of intrusion detection
(IDS) technology.
Intrusion prevention systems (IPS) were invented in the late 1990s to resolve ambiguities
in passive network monitoring by placing detection systems in-line. A considerable
improvement upon firewall technologies, IPS can make access control decisions based on
application content, rather than IP address or ports as traditional firewalls had done. As
IPS systems were originally a literal extension of intrusion detection systems, they
continue to be related.
Intrusion prevention systems may also serve secondarily at the host level to deny
potentially malicious activity. There are advantages and disadvantages to host-based IPS
compared with network-based IPS. In many cases, the technologies are thought to be
complementary.
An Intrusion Prevention system must also be a very good Intrusion Detection system to
enable a low rate of false positives. Some IPS systems can also prevent yet to be
discovered attacks, such as those caused by a Buffer overflow.
IPS, Application Firewalls, Unified Threat Management & Access

Control
The role of an IPS in a network is often confused with access control and applicationlayer firewalls. There are some notable differences in these technologies. While all share
similarities, how they approach network or system security is fundamentally different.
An IPS is typically designed to operate completely invisibly on a network. IPS products
do not typically claim an IP address on the protected network but may respond directly to
any traffic in a variety of ways. (Common IPS responses include dropping packets,
resetting connections, generating alerts, and even quarantining intruders.) While some
IPS products have the ability to implement firewall rules, this is often a mere
convenience and not a core function of the product. Moreover, IPS technology offers
deeper insight into network operations providing information on overly active hosts, bad
logons, inappropriate content and many other network and application layer functions.
Application firewalls are a very different type of technology. An application firewall uses
proxies to perform firewall access control for network and application-layer traffic. Some
application-layer firewalls have the ability to do some IPS-like functions, such as
enforcing RFC specifications on network traffic. Also, some application layer firewalls
have also integrated IPS-style signatures into their products to provide real-time analysis
and blocking of traffic. Application firewalls do have IP addresses on their ports and are
directly addressable. Moreover, they use full proxy features to decode and reassemble
packets. Not all IPS perform full proxy-like processing. Also, application-layer firewalls
tend to focus on firewall capabilities, with IPS capabilities as add-on. While there are
numerous similarities between the two technologies, they are not identical and are not
interchangeable.
Unified Threat Management (UTM), or sometimes called "Next Generation Firewalls"
are also a different breed of products entirely. UTM products bring together multiple
security capabilities on to a single platform. A typical UTM platform will provide
firewall, VPN, anti-virus, web filtering, intrusion prevention and anti-spam capabilities.
The main feature of a UTM is that it includes multiple security features on one appliance.
IPS is merely one feature.
Access Control is also an entirely different security concept. Access control refers to
general rules allowing hosts, users or applications access to specific parts of a network.
Typically, access control helps organizations segment networks and limit access. While
an IPS has the ability to block access to users, hosts or applications, it does so only when
malicious code has been discovered. As such, IPS does not necessarily serve as an access
control device. While it has some access control abilities, firewalls and network access
control (NAC) technologies are better suited to provide these features. Contrast with
Intrusion Detection Systems (IDS)
IPS systems have some advantages over intrusion detection systems (IDS). One
advantage is they are designed to sit inline with traffic flows and prevent attacks in realtime. In addition, most IPS solutions have the ability to look at (decode) layer 7 protocols
like HTTP, FTP, and SMTP which provides greater awareness. However, when
deploying network-based IPS (NIPS), consideration should be given to whether the
network segment is encrypted since not as many products are able to support inspection
of such traffic.
Types
Host-based
A host-based IPS (HIPS) is one where the intrusion-prevention application is resident on
that specific IP address, usually on a single computer. A HIP is a potential heir to
traditional finger-print-based and heuristic antivirus detection methods, since it does not
need continuous updates to stay ahead of new malware. As ill-intended code needs to
modify the system or other software residing on the machine to achieve its evil aims, a
truly comprehensive HIPS system will notice some of the resulting changes and prevent
the action by default or notify the user for permission.
If HIPS is coupled with anti-rootkit defenses, the comprehensive check becomes virtually
impossible for a malware to circumvent - unlike traditional heuristics, which can be
neutralized by an iterative process of refining the malicious code and testing it against
web-based AV-aggregate services (e.g. virustotal.com or jotti.org) until the virus passes
with few detections.
Extensive use of system resources is a drawback of existing comprehensive HIPS
systems, which integrate firewall, system-level action control and sandboxing into a
coordinated detection net, on top of a traditional AV product. This extensive protection
scheme may be warranted for a laptop computer frequently operating in untrusted
environments (e.g. on cafe or airport Wi-Fi networks), but the heavy defenses will take
their toll on battery life and noticeably impair the generic responsiveness of the computer.
Network Based
A network-based IPS is one where the IPS application/hardware and any actions taken to
prevent an intrusion on a specific network host(s) is done from a host with another IP
address on the network (This could be on a front-end firewall appliance.)
Network intrusion prevention systems (NIPS) are purpose-built hardware/software
platforms that are designed to analyze, detect, and report on security related events. NIPS
are designed to inspect traffic and based on their configuration or security policy, they
can drop malicious traffic.
Content Based
A content-based IPS (CBIPS) inspects the content of network packets for unique
sequences, called signatures, to detect and hopefully prevent known types of attack such
as worm infections and hacks.
DME Overview
Today, networked systems are the rule, not the exception, in commercial computing
environments. For all the promise of multi-vendor networks, however, most users have
achieved one thing only: connectivity. The goal of networking, sharing information, is
still distant for many.
Interoperability at an informational level requires two things: the ability to develop and
deploy applications which can take advantage of all the data and resources in a network,
regardless of location; and the ability to manage all the diverse systems in that
environment reliably.
While networking and system software have matured, approaches to system management
have yet to reach the same level of consistency, interoperability and scalability. What
system administrators need, a way to administer multi- vendor systems in networks, no
one organization has been able to provide -- until now.
The Open Software Foundation's Distributed Management Environment (DME)
represents a structure under which the management of systems and networks can be
brought together. It will form the foundation for the management of the distributed
systems of the 1990s, while retaining compatibility with existing solutions.
The OSF(tm) Distributed Management Environment is operating system- independent
and supports de facto and formal network and system management standards. It provides
building blocks for the development of management applications, as well as key
management services and proof-of- concept applications.
OSF's Key Role in Distributed Computing and Distributed Management
OSF has taken the lead in making distributed networks of mixed-vendor systems a reality
in commercial computing environments with its Distributed Computing Environment
(DCE).
With DCE, users are able to use their networked systems -- which already provide
connectivity -- to develop, distribute and maintain distributed applications. The
Distributed Management Environment will bring manageability and ease of use to
distributed computing, and allow network components, systems and applications to be
well maintained and managed.
The immediate beneficiaries of DME will be systems administrators, who require a more
efficient and reliable set of management applications to keep their distributed computing
environments operating. Another constituency, application developers, will benefit from
the rich set of tools and services provided by the DME framework for writing
management applications. And the ultimate beneficiaries will be end users everywhere,
who rely on the systems they use in their day-to-day work to perform to their best
potential.
The Definition of a Distributed Management Environment

To effectively manage networks made up of PCs, workstations, and mainframes running
a variety of operating systems and applications requires an approach which
accommodates standards and existing technology, while providing room for technical
innovation. Additionally, a distributed management environment must provide both
system and network management, and scale from a single system to an enterprise.
The OSF Distributed Management Environment has two main components: a set of
application services that provide some of the most critical system management functions,
and a framework, which provides the building blocks needed to develop applications to
manage diverse systems. This design provides consistency with existing solutions and
interoperability in multi- vendor, distributed networks.
Application Services
The DME offering contains distributed applications services, provided as a set of
modules and APIs, those address some of the most crucial management tasks in today's
distributed computing environments. The offering also provides the management
applications that use the underlying applications services to perform their tasks, and a
consistent user interface. This modular approach allows for the enhancement or
replacement of individual components by ISVs and system vendors. The DME
Management Applications are:
Software Management
Keeping the installed software base in a network up- to-date is one of the most
important tasks of a system administrator. DME Software Management will ease
the packaging, distribution, installation, and management of software. It will be
applicable to all kinds of software packages from operating systems to layered
software.
License Management
As the number of computers installed in distributed environments grows, the
management of software licenses becomes increasingly cumbersome. The
distributed license management system of the DME will offer an effective means
of tracking software licenses and provide revenue protection for the software
supplier, as well as improved management capabilities for the system manager.
Printing Services
The facilities for network printing available today are inadequate for sophisticated
distributed environments in terms of both functionality and manageability. The
DME printing system, designed with distribution and extensibility in mind, will
combine superior functionality with the flexibility needed in heterogeneous
computer networks.
MPLS Switching
In a normally routed environment, frames pass from a source to a destination in a hop-byhop basis. Transit routers evaluate each frame's Layer 3 header and perform a route table
lookup to determine the next hop toward the destination. This tends to reduce throughput
in a network because of the intensive CPU requirements to process each frame. Although
some routers implement hardware and software switching techniques to accelerate the
evaluation process by creating high-speed cache entries, these methods rely upon the
Layer 3 routing protocol to determine the path to the destination.
Unfortunately, routing protocols have little, if any, visibility into the Layer 2
characteristics of the network, particularly in regard to quality of service (QoS) and
loading. Rapid changes in the type (and quantity) of traffic handled by the Internet and
the explosion in the number of Internet users is putting an unprecedented strain on the
Internet's infrastructure. This pressure mandates new traffic-management solutions.
MPLS and its predecessor, tag switching, are aimed at resolving many of the challenges
facing an evolving Internet and high-speed data communications in general.
To meet these new demands, multiprotocol label switching (MPLS) changes the hop-byhop paradigm by enabling devices to specify paths in the network based upon QoS and
bandwidth needs of the applications. In other words, path selection can now take into
account Layer 2 attributes. Before MPLS, vendors implemented proprietary methods for
switching frames with values other than the Layer 3 header
MPLS Operations
This section illustrates the passage of a frame through an MPLS system to highlight the
function of several key MPLS components. Specifically, it illustrates MPLS through a
frame-based infrastructure as opposed to a cell-based (ATM) system.
In figure a series of LSRs (edge and core) interconnect, forming a physical path between
two elements, Station A and Station B are shown.
Figure: Series of LSRs Interconnect.
The frame generated by Station A follows the standard Ethernet format with a normal
Layer 2 header followed by a Layer 3 header. Because the destination address resides in a
different network, Station A targets the Layer 2 header to its default gateway. In this case,
the default gateway also serves as the edge LSR (ingress side). The ingress LSR
references its internal switch table (LFIB) and determines that it needs to forward the
frame out port 2 toward the next LSR.
Furthermore, the ingress LSR must insert a label between the Layer 2 and Layer 3
headers to indicate what path the frame should travel on its way to Station B. Router 2
looks at the frame entering port 1 and determines that there is a label embedded between
Layers 2 and 3. Therefore, the router treats the frame according to the configuration in its
LFIB, which says to forward the frame out port 2 and replace the label with a new value.
Each of the subsequent routers handles the frame in a similar manner until the frame
reaches the egress LSR. The egress edge LSR strips off all label information and passes a
standard frame to Station B. Because each of the routers between Stations A and B could
switch the frame based upon content in the LFIB and did not need to perform usual
routing operation, the frame was handled more quickly.
Demilitarized zone (DMZ)

In computer security, a demilitarized zone (DMZ), based on military usage of the term
but more appropriately known as a demarcation zone or perimeter network, is a physical
or logical sub network that contains and exposes an organization's external services to a
larger, untrusted network, usually the Internet. The purpose of a DMZ is to add an
additional layer of security to an organization's Local Area Network (LAN); an external
attacker only has access to equipment in the DMZ, rather than the whole of the network.
Rationale
In a network, the hosts most vulnerable to attack are those that provide services to users
outside of the LAN, such as e-mail, web and DNS servers. Due to the increased potential
of these hosts being compromised, they are placed into their own sub network in order to
protect the rest of the network if an intruder was to succeed. Hosts in the DMZ should not
be able to establish communication directly with any other host in the internal network,
though communication with other hosts in the DMZ and to the external network is
allowed. This allows hosts in the DMZ to provide services to both the internal and
external network while still protecting the internal network.
Services that belong in the DMZ

Generally, any service that is being provided to users in an external network should be
placed in the DMZ. The most common of these services are web servers, mail servers, ftp
servers and DNS servers. In some situations, additional steps need to be taken to be able
to provide secure services.
Web Servers
Web servers may need to communicate with an internal database to provide some
specialized services. Since the database server is not publicly accessible and may contain
sensitive information, it should not be in the DMZ. Generally, it is not a good idea to
allow the web server to communicate directly with the internal database server. Instead,
an application server can be utilized to act as a medium for communication between the
web server and the database server. This may be more complicated, but provides another
layer of security.
E-mail Servers
Due to the confidential nature of e-mail, it is not a good idea to store it in the DMZ.
Instead, e-mail should be stored on an internal e-mail server. The mail server in the DMZ
should pass incoming mail to the internal mail server and the internal mail server should
pass outgoing mail to the external mail server. Ideally, all communications should be
initiated by the internal mail server.
Architecture
There are many different ways to design a network with a DMZ. Two of the most basic
methods are with a single firewall, also known as the three legged model, and with dual
firewalls. These architectures can be expanded to create very complex architectures
depending on the network requirements.
Single Firewall
A single firewall with at least 3 network interfaces can be used to create a network
architecture containing a DMZ. The external network is formed from the ISP to the
firewall on the first network interface, the internal network is formed from the second
network interface, and the DMZ is formed from the third network interface. The firewall
becomes a single point of failure for the network and must be able to handle all of the
traffic going to the DMZ as well as the internal network.
Dual Firewalls
A more secure approach is to use two firewalls to create a DMZ. The first firewall (Also
called "front-end" firewall) must be configured to allow both traffic destined for the DMZ
as well as traffic for the internal network. The second firewall (Also called "back-end"
firewall) must be configured to only allow traffic destined for the internal network that is
originating from the DMZ. The first firewall must be able to handle a much larger
amount of traffic than the second firewall. It is recommended to use 2 different vendors.
If an attacker manages to break the first firewall defense, it will take him even more time
to break the second one if it is different. This architecture is more costly, but the
increased protection may offset cost.
DMZ host
Some home routers refer to a DMZ host. A home router DMZ host is a host on the
internal network that has all ports exposed, except those ports forwarded otherwise. By
definition this is not a true DMZ (Demilitarized Zone), since it provides no security
between the host and the internal network. That is, the DMZ host is able to connect to
hosts on the internal network, but hosts in a real DMZ are prevented from doing so by the
firewall that sits between them.
WORKING OF BHEL NETWORK SETUP
Still 2 be written
Module3
Server Installation
OVERVIEW
This module includes details of various parts of DL580 G4 HP servers which were
installed and configured. Various steps were involved through out the process which has
been mentioned below in the scope of work. Also details of few components of the server
and features like RAID and ILO have been explained.
SCOPE OF WORK
Proliant DL580 G4 Server
INTRODUCTION
The Proliant DL580 G4 server is an enterprise class designed for maximum scalability
and high availability. Its innovative chassis offers unsurpassed flexibility and
serviceability in a versatile, rack-optimized form factor. Based upon the latest industry
standard processing, memory, I/O and networking technologies, the Proliant DL580 G4
provides the highest levels of performance demanded by todays compute intensive
applications. Unparalleled high availability features, including front-accessible Hot Plug
RAID Memory, and hot-plug redundant components, guarantee maximum uptime.
Integrated Lights-Out 2 (iLO2) technology allows remote administration from a standard
web-browser without ever having to visit the server. Innovative features, such as the
ability to access processors, memory, hard drives, and power supplies while the unit
remains secured in the rack, enable rapid response to service events, radically decreasing
overall IT costs and server downtime.
STORAGE
1
2
3
4
5
Front-accessible DL580 G4 Memory Expansion

Boards, up to four configurable
Front-accessible USB 2.0 Ports
Slim line 1.44-MB Diskette Drive (ejectable,
optional)
Slim line DVD/CD-RW Drive (8X/24X)
(ejectable, standard)
Front-accessible DL580 G4 Processor Board
(allows front access to processors and Processor
Power Modules)
8-Bay SAS/SATA Drive Cage. Supports up to 8
Small Form Factor (SFF) SAS or SATA Hot
Plug Drives
FIGURE: This figure shows various parts of server which are hot swappable.
KEY BENEFITS
Following are the four key benefits of Proliant DL580 servers1) Hot Plug RAID Memory
2) Virtually Cable-less
3) Simplify Ownership
Hot Plug RAID Memory

The DL580 G4 builds on the strong track record of previous generation DL580 servers
with features such as dual-core 64-bit processing, and front-accessible Hot Plug RAID
Memory, providing higher return on investment.
Advanced Memory Protection provides higher levels of memory availability than
Standard ECC memory and protects up to 64GB of memory from unplanned downtime.
Hot
Plug RAID Memory eliminates service interruptions caused by multi-bit memory
errors and allows you to replace failed memory without ever taking down your server or
disengaging from the rack.
Dynamically add memory without powering down or rebooting the server.
Virtually cable-less
Tool-less maintenance and service access to external and internal hot plug components without
sacrificing internal expansion capacity.
Up to 64GB of memory, 2 Multibay media bays, 5 standard full-length PCI slots (expandable
with mezzanine), and 8 internal hard disk drives; provide the flexibility required to deploy and
redeploy in a variety of application environments.
Standard Ejectable Slim line DVD/CD-RW drive can be ejected for additional security
or supplemented with optional Floppy or additional optical drives. USB 2.0 up front
increases media options including the ability to boot from a USB Key.
Snap on rail kits and cable-less design built specifically for the 4U form factor allows
hassle-free rack deployments in tapped or square whole racks.
Internal and external diagnostic lighting indicators quickly and accurately diagnose
failed components like power supplies, fans, processors, DIMMs and hard drives for
warranty replacement.
System Insight Display provides instant visual indication of fault conditions within all
major subsystems of the server, allowing rapid response to service events which results
in major reductions in system downtime and IT service/maintenance costs.
Simplified ownership
Built-in Integrated Lights-Out 2 Standard combines secure, basic management

functions and diagnostics with essential virtual presence and control to manage Proliant
systems across the data center or across the world.
Proliant Essentials Foundation Pack, shipped with every Proliant server, enables to
quickly install and configure systems, proactively manage change and ensure
continuous server operations.
SmartStart configures hardware, loads optimized drivers and assists with software
installation to achieve optimum reliability, performance and system uptime.
SmartStart Scripting Toolkit radically simplifies high-volume server deployments by
including replication utilities that create and copy configuration and script files.
Expand your capabilities with new tools like the Proliant Essentials Rapid Deployment
Value Pack that automates the process of deploying and provisioning your unique
server software configurations.
DESCRIPTION OF VARIOUS PARTS and FEATURES OF
Proliant DL580 Server
RAM- Random Access Memory
FIGURE: This figure is of memory board of server which in itself is hot swappable.
(Taken during installation process)
TECHNOLOGY FB DIMM
Fully Buffered DIMM MemoryTypical DRAM memory use method that requires the data signals from the memory
controller be electrically connected to the data lines of every DRAM module on the bus.
With as many as 72 connections in today's server designs, the signals may degrade where
the bus and DRAM devices meet, causing errorsespecially as speeds increase. Until
now, server designers have had to choose between limiting memory density to reduce
high-speed errors and accepting slower speed to achieve high density. With the
introduction of FBDIMMs, designers get a no-compromise memory solution that
increases reliability, speed, and density. Fully Buffered DIMMs (FBDIMMs) extend
memory capacity new advanced channel features vastly improve performance.
FBDIMMs are the cost-effective, high-speed, high-density system memory solution for
servers, workstations, networking equipment, and high-end desktop computers.
AMB-Advanced Memory Buffer

Fully Buffered DIMMs uses an "Advanced Memory Buffer" chips that maintains signal
integrity and improved error detection methods that reduce soft errors make fully
buffered DIMMs an ideal system memory solution. Using a point-to-point architecture,
the advanced memory buffer (AMB) transmits signals among the controller, memory
devices, and other modules without sacrificing signal integrityor speed. Unlike
modules with parallel path (stub-bus) architecture, FBDIMMs move data serially
between the AMB and memory controller.
Their simplified structure means FBDIMMs boast a lower pin count and faster
transmission rates compared to conventional architectures. Plus, they can perform reads
and writes simultaneously, eliminating the read-to-read delay between data transfers.
With speeds up to 4.8 GB/s, FBDIMMs enable fast buffering that optimizes server
performance.
FIGURE: This figure shows Adv. Buffer Memory Chip
FIGURE: This figure shows the FB-DIMM ram with ABM in the middle
FB-DIMM Memory Architecture: The FB-DIMM technology direct signaling
interface between the memory controller and the DRAM chips is split into two
independent signaling interfaces with a buffer between them. The interface between the
buffer and DRAM chips is the same as today, supporting DDR2 in early FB-DIMM
platforms and DDR3 in the future. However, the interface between the memory controller
and the buffer is changed from a shared parallel interface to a point-to-point serial
interface.
The buffer is referred to as the AMB (advanced memory buffer) and a number of
suppliers, including Intel, are already making these. The AMB is designed to only take
action in response to memory controller commands. The AMB is expected to deliver
DRAM commands from the memory controller over the FB-DIMM interface without any
alteration to the DRAM devices over the parallel DDR-based interface.
ADVANTAGES OF FB DIMM
Reliability
FB-DIMM technology offers better RAS (reliability, availability, serviceability) by
extending the currently available ECC (error check code, a method of checking the
integrity of data in DRAM) to include protection of commands and address data.
Additionally, FB-DIMM technology automatically retries when an error is detected,
allowing for uninterrupted operation in case of transient errors.
Built-in for the Future

Since the FB-DIMM interface is based on serial differential signaling , a memory
controller can support multiple generations of FB-DIMM technology-based components.
Today's platforms can support backward compatibility of memory devices (for example,
both DDR and DDR2), extending the choice to on-site memory replacements and
increasing system flexibility for IT environments. Bottom line, with FB-DIMM systems,
an end user could have the flexibility of using first-generation FB-DIMMs with DDR2
DRAM or second-generation FB-DIMMs with DDR3 DRAM.
Reduced Total Cost

FB-DIMM technology delivers better TCO (total cost of ownership) to IT in a number of
ways: Compatibility of FB-DIMMs across generations means that IT can extend the
overall lifespan of DIMM investment through field swapping of DIMMs for new
systems. Over time, IT will be able to use a newer generation of DIMMs for better
performance or cost.
HARD DISK DRIVE
FIGURE: This figure is of hard disk of server which in itself is hot swappable.
TECHNOLOGYSerial Attached SCSI (SAS) is a data transfer technology designed to move data to and
from computer storage devices. In coming year it will double its present speed to 6
Gbit/s, allowing for much higher speed data transfers than previously available, and is
"downwards"-compatible with second generation SATA drives. SATA 3.0Gbps drives
may be connected to SAS backplanes, but SAS drives may not be connected to SATA
backplanes.
A typical Serial Attached SCSI system would consist of the following basic components:
1. An Initiator is a device that originates device service and task management
requests to be processed by a target device and receives responses for the same
requests from other target devices. Initiators may be provided as an on-board
component on the motherboard (as is the case with many server-oriented
motherboards) or as an add-on host bus adapter.
2. A Target is a device containing logical units and target ports that receives device
service and task management requests for processing and sends responses for the
same requests to initiator devices. A target device could be a hard disk or a disk
array system.
3. A Service Delivery Subsystem is the part of an I/O system that transmits
information between an initiator and a target. Typically cables connecting an
initiator and target with or without expanders and backplanes constitute a service
delivery subsystem.
4. Expanders are devices that are part of a service delivery subsystem and facilitate
communication between SAS devices. It facilitates connection of multiple SAS
End devices to a single initiator port.
KVM
FIGURE: This figure is of KVM which is external to server and used to communicate
many servers simultaneously.
A KVM switch (with KVM being an abbreviation for Keyboard, Video or Visual Display
Unit, Mouse) is a hardware device that allows a user to control multiple computers from a
single keyboard, video monitor and mouse. Although multiple computers are connected
to the KVM, single computer can be controlled at any given time. Following two figures
shows the LED display and back connections of KVM.
FIGURE: This figure is of KVM LED display which shows various servers currently
connected via AMBER light and the one currently being operated via BLUE light.
FIGURE: This figure is of KVM back panel which shows various servers
currently connected.
A user connects a monitor, keyboard, and mouse to the KVM device and then
uses special cables to connect the KVM device to the computers. Control is
switched from one computer to another by the use of a switch or buttons on the
KVM device, with the KVM passing the signals between the computers and the
keyboard, mouse and monitor depending on which computer is currently selected.
A KVM switch is useful where there are multiple computers, but no need for a
dedicated keyboard, monitor and mouse for each one. They are frequently used in
data centers where multiple servers are placed in a single rack with a single
keyboard, monitor and mouse. A KVM switch then allows data center personnel
to connect to any server in the rack.
FEATURES OF Proliant SERVER
ILO
HP Integrated Lights-Out 2 (iLO) Management Network
Overview
Server remote management is a necessity for IT organizations of all sizes today as they
strive to meet business demands for efficiency and responsiveness. HP has a long record
of undisputed leadership in lights-out remote management with Integrated Lights-Out
(iLO), an intelligent management processor integrated on most Proliant servers.
HP remote management gives virtual presence, i.e. complete control as if we are in front
of servers in datacenters or remote sites. This means we are always in control regardless
of server status or location. ILO delivers unique remote management simplicity and
agility that lowers operational costs, improves IT productivity and increases system
availability.
Integrated Lights-Out or iLO is an embedded server management technology

exclusive to Hewlett-Packard but similar in functionality to the Lights out management
(LOM) technology of other vendors. iLO makes it possible to perform activities on an HP
server from a remote location. The iLO card has a separate network connection (and its
own IP address) to which one can connect via HTTPS.
OPTIONS
reset the server (in case the server doesn't respond anymore via the normal
network card)
power-up the server (possible to do this from a remote location, even if the server
is shut down)
take over the screen
Mount remote physical CD/DVD drive or image.
access the server's IML (Integrated Management Log)
remote console
Setup Of iLO Network

1. The physical connection is an Ethernet port that can be found on most
Proliant servers of the 300 and above series.
2. This port can be enabled using the set-up utility which can be accessed
with the F8 key during POST.
3. It can be done when the server boots, press F8 and see the iLO prompt.
There are several options in this menu. Turn off "get a DHCP address" and
manually input private IP address.
4. In this screen an IP can be assigned via DHCP or static.
5. It is also important to create a user so this utility can be accessed.
6. Once the configuration has been done it has to be saved and the server
needs to be restarted.
7. To access the utility, be sure that a cable is connected to the iLO port on
the back of the server.
8. The iLO IP can be entered in the address bar of any web browser and a
login screen will be shown; put the username and password that has just
been create
Advantages Of iLO
Improved Administration
Integrated Lights-Out Advanced Pack shortens the time to complete deployment,
maintenance and remedial tasks on remote systems. The combination of iLO
graphical remote console and its integration with Microsoft Windows Server 2003
Remote Desktop for Administration gives users remote control of keyboard, mouse
and video on systems in nearby datacenters and distant remote locations regardless of
their state. Virtual media further shortens tasks by enabling local client media or
network based DVD/CD/floppy images to be connected as virtual USB devices on
systems in remote locations and datacenters. The new command line and scripted
virtual media further reduce the time to complete server installation or update
procedures.
Reduced Operational Cost

By using the remote features of iLO, customers can avoid travel costs for
maintenance and remedial activities on remote systems. The virtual graphical
remote console allows administrators to view system consoles and assume
complete control from any network access point. The end-to-end hardware based,
remote console eliminates the need to travel to systems in remote locations.
Virtual media also reduces travel related costs by allowing maintenance and
remedial functions to be performed remotely. End-to-end virtual media enables
use of remote floppy, DVD and CD devices or network based floppy, DVD and
CD images for boot or runtime tasks. For example, administrators can install OS
patches or upgrade firmware on remote systems without leaving the office or
relying on local assistance.
Advanced security
iLO integrates with enterprise-class directory services and digital certificate-based
two-factor authentication to provide secure, scalable and cost effective user
management. iLO advanced directory services solutions enable user authenticate
and authorization to Integrated Lights-Out processors using Microsoft Active
Directory and Novell eDirectory. This makes user administration more scalable
and access more secure by eliminating the need to manage shared passwords and
user lists on individual iLO processors. In addition, two-factor authentication
provides advanced security restricting access to administrators with smartcards
and USB flash drives containing embedded certificates. iLO Advanced enables
the industry's most efficient and effective security and identity management for
remote server management.
RAID
It stands for Redundant Array of Inexpensive Drives (as named by the inventor) or
Redundant Array of Independent Disks (a name which later developed within the
computing industry) is a technology that employs the simultaneous use of two or more
hard disk drives to achieve greater levels of performance, reliability, and/or larger data
volume sizes.
The "RAID" is a term for computer data storage schemes that can divide and replicate
data among multiple hard disk drives. RAID's various designs all involve two key design
goals: increased data reliability and increased input/output performance. When several
physical disks are set up to use RAID technology, they are said to be in a RAID array.
This array distributes data across several disks, but the array is seen by the computer user
and operating system as one single disk
RAID Levels and Types

These arrays of disk give more power, performance, fault tolerance and accessibility to
the data, as a single storage system. It's not mere combination of disks but all the disks
are combined providing standard MTBF (mean time before failure) reliability scheme;
otherwise chances are performance would be affected drastically if disks are not
combined as a single storage unit.
RAID Levels
All the RAID types and models are commonly classified as RAID levels, since RAID
represented by a higher number is regarded to be superior, more efficient, highperformance array than the low numbered RAID.
Hence, high security feature of RAID also depends on the RAID level you are using.
RAID arrays, not only, provide the users with maximum security and reliability but also
make sure that if a disk fails no data is lost.
RAID 0 - Striping:
It is the Stripped Disk Array with no fault tolerance and it requires at least 2 drives to be
implemented. Due to no redundancy feature, RAID 0 is considered to be the lowest
ranked RAID level.
RAID 1 - Mirroring:
It is the Mirroring (Shadowing) Array meant to provide high performance. RAID 1
controller is able to perform 2 separate parallel reads or writes per mirrored pair. It also
requires at least 2 drives to implement a non-redundant disk array. High level of
availability, access and reliability can be achieved by entry-level RAID 1 array. With full
redundancy feature available, need of readability is almost negligible.
RAID 0+1:
It is the RAID array providing high data transference performance with at least 4 disks
needed to implement the RAID 0+1 level. It's a unique combination of stripping and
mirroring with all the best features of RAID 0 and RAID 1 included such as fast data
access and fault tolerance at single drive level.
RAID 3:
RAID 3 works on the Parallel Transfer with Parity technique. The least number of
disks required to implement the RAID array is 3 disks. In the RAID 3, data blocks are
striped and written on data drives and then the stripe parity is generated, saved and
afterwards used to verify the disk reads. Read and write data transfer rate is very high in
RAID 3 array and disk failure causes insignificant effects on the overall performance of
the RAID.
RAID 4:
RAID 4 requires a minimum of 3 drives to be implemented. It is composed of
independent disks with shared parity to protect the data. Data transaction rate for Read is
exceptionally high and highly aggregated. Similarly, the low ratio of parity disks to data
disks indicates high efficiency.
RAID 5:
RAIDS 5 is Independent Distributed parity block of data disks with a minimum
requirement of at least 3 drives to be implemented and N-1 array capacity. It helps in
reducing the write inherence found in RAID 4. RAID 5 array offers highest data
transaction Read rate, medium data transaction Write rate and good cumulative transfer
rate.
The following Snapshots were taken during server configuration process using hp smart
start cd which is used to configure the RAID.
FIGURE: The above picture shows details while configuring a RAID .The picture below
shows various options like configuration , diagnostics etc.
Module4
Development And Implementation
Of Chat Server Using RMI
OVERVIEW:
Our chatting system will deal only with LAN's (static IP address) and it is made up of
two applications one runs on the server side (any computer on the network you
choose it to be the server) while the other is delivered and executed on the client PC.
Every time the client wants to chat he runs the client application, enter
his user name, password where the server application is running, and hits the go button
and start chatting. The system is many-to-many arrangement; every-one is able
to "talk" to anyone else. Messages may be sent to special individuals (private
chatting through server)
Introduction to RMI
The Java allows us to develop distributed applications using RMI. Distributed computing
refers to the application design paradigm in which programs, the data they process, and
the actual computations are spread over a network either to leverage the processing
power of multiple computers or due to the inherent nature of an application computing
different modules.
RMI (Remote method Invocation) allows object-to-object communication between
different Java Virtual Machines (JVMs).
JVMs can be distinct entities located on the same or separate computers yet one JVM
can invoke methods belonging to an object stored on another JVM. This enables
applications to call object methods located remotely, sharing resources, and processing
load across systems. Methods can even pass objects that a foreign virtual machine has
never encountered before, allowing the dynamic loading of new class as required.
Interfaces: The Heart of RMI

The RMI architecture is based on one important principle: the definition of behavior and
the implementation of that behavior are separate concepts. RMI allows the code that
defines the behavior and the code that implements the behavior to remain separate and to
run on separate JVMs.
This fits nicely with the needs of a distributed system where clients are concerned about
the definition of a service and servers are focused on providing the service.
Specifically, in RMI, the definition of a remote service is coded using a Java interface.
The implementation of the remote service is coded in a class. Therefore, the key to
understanding RMI is to remember that interfaces define behavior and classes define
implementation.
While the following diagram illustrates this separation,
Remember that a Java interface does not contain executable code. RMI supports two
classes that implement the same interface. The first class is the implementation of the
behavior, and it runs on the server. The second class acts as a proxy for the remote
service and it runs on the client. This is shown in the following diagram.
A client program makes method calls on the proxy object, RMI sends the request to the
remote JVM, and forwards it to the implementation. Any return values provided by the
implementation are sent back to the proxy and then to the client's program.
RMI Architecture Layers:

RMIs purpose is to make objects in separate JVMs look alike and act like local objects.
The JVM that calls the remote object is usually referred to as a client and the JVM that
contains the remote object is the server.
One of the most important aspects of the RMI design is its intended transparency.
Applications do not know whether an object is remote or local. A method invocation on
the remote object has the same syntax as a method invocation on a local object, though
under the hood there is a lot more going on.
In RMI the term Server does not refers to a physical server or application but to
a single remote object having methods that can be remotely invoked.
Similarly the Term Client does not refer to a client m/c but actually refers to the
object invoking a remote method on a remote object.
The same object can be both a client and a server. Although obtaining a reference to a
remote object is somewhat different from doing so for local objects. Once we have the
reference, we use the remote object as if it were local. The RMI infrastructure will
automatically intercept the method call, find the remote object and process the request
remotely. This location transparency even includes garbage collection. A remote object is
always accessed via its remote interface. In other words the client invokes methods on the
object only after casting the reference to the remote interface.
The following diagrams shows the RMI Architecture
The RMI implementation is essentially built from three abstraction layers:
The Stub/Skeleton Layer
The Remote Reference Layer
The Transport Layer
Stub/Skeleton Layer:
This layer intercepts method calls made by the client to the interface reference and
redirects these calls to a remote object. Stubs are specific to the client side, whereas
skeletons are found on the server side. To achieve location transparency, RMI introduces
two special kinds of objects known as stubs and skeletons that serve as an interface
between an application and rest of the RMI system. This Layers purpose is to transfer
data to the Remote Reference Layer via marshalling and unmarshalling. Marshalling
refers to the process of converting the data or object being transferred into a byte stream
and unmarshalling is the reverse converting the stream into an object or data. This
conversion is achieved via object serialization.
The Stub/ Skeleton layer of the RMI lies just below the actual application and is based on
the proxy design pattern. In the RMI use of the proxy pattern, the stub class plays the role
of the proxy for the remote service implementation. The skeleton is a helper class that is
generated by RMI to help the object communicate with the stub; it reads the parameters
for the method call from the link, makes the call to the remote service implementation
object, accepts the return value and then writes the return value back to the stub.
In short, the proxy pattern forces method calls to occur through a proxy that acts as a
surrogate, delegating all calls to the actual object in a manner transparent to the original
caller.
Stub
The stub is a client-side object that represents (or acts as a proxy for) the remote object.
The stub has the same interface, or list of methods, as the remote object. However when
the client calls a stub method, the stub forwards the request via the RMI infrastructure to
the remote object (via the skeleton), which actually executes it.
Sequence of events performed by the stub:
he value to the caller
In the remote VM, each remote object may have a corresponding skeleton.
Skeleton
On the server side, the skeleton object takes care of all the details of remoteness so that
the actual remote object does not need to worry about them. In other words we can pretty
much code a remote object the same
way as if it were local; the skeleton insulates the remote object from the RMI
infrastructure.
Sequence of events performed by the skeleton:
Unmarshals (reads) the parameters for the remote method (remember that these
were marshaled by the stub on the client side)
Invokes the method on the actual remote object implementation.
Marshals (writes and transmits) the result (return value or exception) to the caller
(which is then unmarshalled by the stub)
From the JDK 1.2 the JRMP protocol was modified to eliminate the need for skeletons
and instead use reflection to make connections to the remote services objects. Thus we
only need to generate stub classes in system implementation compatible with jdk 1.2 and
above. To generate stubs we use the Version 1.2 option with rmic.
Remote Reference Layer:

The Remote Reference Layers defines and supports the invocation semantics of the RMI
connection. This layer provides a RemoteRef object that represents the link to the remote
service implementation object.
The stub objects use the invoke() method in RemoteRef to forward the method call. The
RemoteRef object understands the invocation semantics for remote services.
Transport Layer:
The Transport Layer makes the connection between JVMs. All connections are streambased network connections that use TCP/IP.
Even if two JVMs are running on the same physical computer, they connect through their
host computer's TCP/IP network protocol stack. (This is why you must have an
operational TCP/IP configuration on your computer to run the Exercises in this course).
The following diagram shows the unfettered use of TCP/IP connections between JVMs.
LOCATING REMOTE OBJECTS:

Clients find remote services by using a naming or directory service. A naming or
directory service is run on a host and port number that the client is already aware of (for
example a well-known port on a public host). The RMI naming service, a registry, is a
remote object that serves as a directory service for clients by keeping a hash table like
mapping of names to other remote objects. It is not necessary to have a single registry on
a particular physical host. An object is free to start its own registry. The behavior of the
registry is defined by the interface java.rmi.registry.Registry. RMI itself includes a
simple implementation of this interface called the RMI Registry. RMI Registry runs on
each machine that hosts remote objects and accepts queries for services, by default on
port 1099.
In Simple terms, a remote object is associated with a name in the registry. Any time the
client wants to invoke methods on this remote object it obtains a reference to it by
looking up the name. The lookup returns a remote
Reference, a stub to the object. RMI also provides the java.rmi.Naming class that serves
as the clients interaction point with the object serving as the registry on the host for this
lookup. This can be thought of as a client of the RMI Registry.
The naming classs methods take, as one of their arguments, a name that is a URLformatted java.lang.String.
The following diagram shows how the client uses the java.rmi.Naming class to lookup
the stub/proxy of the remote object.
The program which creates the instance of the remote object also makes use of the
java.rmi.Naming class to bind the remote object to the RMI Registry.
The java.rmi.Naming class:

This class behaves as a client to the RMI Registry. It is used on the server side as well as
on the client side to interact with the RMI Registry. On the server side it is used to bind
the remote object to the RMI Registry. On the client side it is used to lookup the remote
object.
Methods
All the methods of this class are static.
public static void bind (String name, Remote obj) It binds the remote object to a
public static Remote lookup (String name) It returns a reference, a stub, for the
remote object associated with the specified name.
public static void rebind (String name, Remote obj) It rebinds (unbinds the name
if it is already bound and binds it again) the specified name if it already in use to a
new remote object. This could be dangerous if different applications use the same
name in the registry but is helpful in development.
public static void unbind (String name) It removes the binding with specified
name.
Once the client has a stub to the requested object, it can access the remote method
transparently, just like local client has a stub to the requested object, it can access the
remote method transparently, just like local methods.
Developing Chat server

DESCRIPTION OF THE PROBLEM:
As the major purpose of our application is to transfer data from client to server or from
server to client. To accomplish that we added few methods at client and the server side
but the difficulty that we faced was how to call a method defined on server side from
client side and vice versa. Because client also sends some data to the server.
The second problem was how to create an instance of a class at client side that
actually exists on server side. This was because in java we should have an instance to
access any method, so if the client wants to call a method that exists on server side it
should have an instance of the class implementing the method.
This client should be able to connect to various clients simultaneously whomsoever
online.
Thirdly the problem was how to maintain the database of the various clients with
their username and password that is required to authorize them to connect to the server.
It should also have a good graphical user interface thereby allowing easy access to
the application.
PROBLEM SOLUTION:
Now, the problem is being fully defined, the task that remains is to find a solution to the
problem. The following points are to be considered to provide a total solution to this
problem:
1. The system should be platform independent as it may run on multiple platforms.
2. A well structured and easy to maintain various files in accordance with the
principles of OOPS(object oriented programming).
3. It should also have a good graphical user interface.
To resolve the problem of creating an instance of a remote class we provided a common
interface at both the client as well as the server side which contains the declaration of all
those methods which client wants to access from server. The server side has an
implementing class which has implementations of all the server side methods. The server
binds instances of that implementing class to the RMI registry. Client can look for these
instances and can use them to access their methods.
For server to access the methods on clients side we again provide another common
interface at both the client as well as the server side which contains the declaration of all
those methods which server wants to access from client. The implementations of all those
client side methods are provided in implementing class on client side.
To perform the actual communication we used remote method invocation (RMI).
To maintain the database of the various clients with their username and password, which
is required to authorize them to connect to the server, we maintained an access database
which contains the record of all the users with their passwords and connected it with our
CHAT SERVER application using Java Database Connectivity (JDBC).
DESIGN CLIENT, SERVER

The project is divided into two parts server side and client side
CLIENT Description:
The client was designed using three java files. The list and functionality of these classes
are shown below:
1. iClient.java
- this is the client side interface, which is also

provided on the server side. This interface defines those
methods that can be used by the server to invoke client
functionality.
2. logIn.java
3. talkWindow.java
- this is the main file of the client side. This file is used
to establish client side RMI connection. To make various
windows. This class also implements the iclient interface.
This file have the main () function of the client side.
- this file contains the code for designing the window
in which the actual conversation will occur. This is called
by logIn.java file.
SERVER Description :
The server was designed using three java files. The list and functionality of these classes
are shown below:
1. iServer.java
2. implServer.java
3. chatServer.java
- this is the server side interface, which is also

provided on the client side. This interface defines those
methods that can be used by the clients.
- this is the file of the server side. This class
implements the iclient interface.
- this is the main file of the server side. This file establishes
RMI connection.
Server databases
1. logIn: is used to store the information about the clients including name password and
user id.
2. sendInvite: is used to store the information about various requests that either have
been acknowledged or are pending.
3. frenList : is used to store the information about the friend list of the client .
Every client communicate with the server through RMI( remote method invocation )
.There can be any number of clients .
Server has three databases. All the information about all registered clients is stored in
logIn database. Information about the friends of a client is stored in frenList database
and the information about any pending request or pending acknowledgment related to a
client is stored in sendInvite database. A client can register itself to the server and can
then send a login request. Whenever a client sign in, the server check for the validation of
the client from login database and also check for any pending request or acknowledgment
for that client using sendinvite database.
Any client can send invitation request to any other client,the other client can in turn either
accept the invitation or can ignore it. If the invitation was accepted both the clients are
added in each others friend lists.
If a client needs to connect with any another client than the message is transferred first
from client, who wants to connect, to the server and then from server to the client with
which the connection is to be established There is a chat table associated with each client
which stores the id of those clients that are in conversation with the client containing the
chat table.
.
USER INTERFACE:
The application provides following screens:
Server side:
Server Window: It shows status of all the clients that are online.
Client side:
Login Window: it has a username field and a password field where user
can enter his username and password. it also has a sign in button for user
to connect.
Register Window: this window is for new users. New users can enter
their username and password so that the server can identify him further.
Chat Window: this window is used by the client to chat with each other.
Login window
Chat window
HARDWARE INTERFACE:
It will work well with 800X600 screen resolution.

It needs to have an access to any network which contains server for proper
functioning. It can run on standalone a computer, given a server runs on that
computer.
Minimum Hardware configuration:

Processor Type
RAM
: Pentium-III or above
: 128 MB or above
SOFTWARE INTERFACES:
a) The following software must be installed on the computer to use this
application.
To run this application -JRE 1.6/JRE 1.5
To modify the application JDK 1.6/JDK 1.5
b) Any operating system like Windows 98/NT/XP, UNIX or LINUX will do.
USER CHARACTERISTICS:
Educational level: At least graduate with knowledge of English.

Technical expertise- Should have a basic knowledge of computer and require some
chatting experience ..
ASSUMPTIONS:
Some assumptions were made while making the application
The system is not provided with any security measures in the policy file.
There is Microsoft access installed on the computer.
DSN names are already created on the computer before the application to start.
IMPLIMENTING THE SERVER:

1--- compile
-open dos shell and make current working directory as the dir in which server code is
present
-write
javac *.class //to compile all files at one time you can compile separately also
2--- make stub of implServer class
-in dos shell write
rmic implServer
//class name only
3--- make Database connectivity
-you have to create three systems DSN
1-frenDsn
2-logInDsn
3-sendDsn
To create frenDsn go to control panel>administrative tools>data source(ODBC) and then
go to system DSN
-click add and then carefully click Microsoft Access Driver (*.mdb) as there are two
drivers with same name, then click finish and a window will appear.
-Write frenDsn in text field for Data Source Name and click select button
-select the path where the database is present and then click ok.
Similarly create logInDsn and sendDsn
4--- make policy file
in dos shell write
policytool
-- a window will appear
-do not write anything,just add permition to all permition and click ok
-before closing this window save these settings as ".java.policy" file in the root directory
eg "c:/document and settings/varun"
5-- to start server
-write
java chatServer port_no
-here port_no must be an integer e.g. "java chatServer 3232"
-this port number is to tell the port where server can open rmiregistry, a server can bind
objects to be exported in this registry.
IMPLIMENTING THE CLIENT:
1--- compile
-open dos shell and make current working directory as the dir in which client code is
present
-write
javac *.class //to compile all files at one time, you can compile separately also
2--- make stub of logIn class
-in dos shell write
rmic logIn
//class name only
3--- make policy file
in dos shell write
policytool
-- a window will appear
-do not write anything,just add permition to all permition and click ok
-before closing this window save these settings as ".java.policy" file in the root directory
eg "c:/document and settings/varun"
4-- to start client
-write
java logIn serveraddress portno
-here server address must be the ip address of server and port no. must be an integer
representing the port where the server has opened its registry
e.g. "java logIn 172.16.6.25 3232"
You can open as many client u want.
LIMITAIONS OF THE SYSTEM:
There is no procedure for deleting the record of the client that do not want to chat
any more.
User cannot edit his account details including password.
CONCLUSION
Study of network setup of the company has been successfully done. Servers installation
process was completed and data was migrated from older to new servers. Now they are in
testing mode. Chat server was developed and implemented on LAN setup of the
company.
REFERENCES
Write the name of n/w book

Manual Issued By HP of Proliant Server
Chat server ke likh

Training Report - Analysis of Network Setup Along With Server Installation and Development

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Training Report - Analysis of Network Setup Along With Server Installation and Development

Cargado por

Copyright:

Formatos disponibles

By FaaDoOEngineers.

ANALYSIS OF NETWORK SETUP OF BHEL along

I pursued this dissertation on the subject ANALYSIS OF NETWORK SETUP OF

Module 4: Development and Implementation of Chat Server using RMI

BASIC TYPES OF NETWORKS TOPOLOGIES:

Bus (Linear, Distributed Bus)

Bus (Linear, Linear Bus):

BASIC TYPES OF NETWORKS:

Personal Area Network (PAN)

DIAGRAM OF A COMMON NETWORK SYSTEM IS SHOWN ON THE NEXT

Protocols defined by the

FIGURE: This figure shows basic structure of TCP/IP model.

Switching techniques used in networks:

The following discussion describes the IP packet fields illustrated in:

Versionindicates the version of IP currently used.

IP Header Length (IHL)indicates the datagram header length in 32-bit words.

Type-of-Servicespecifies how an upper-layer protocol would like a current

Header Checksumhelps ensure IP header integrity.

Source Addressspecifies the sending node.

Destination Addressspecifies the receiving node.

OptionsAllows IP to support various options, such as security.

DataContains upper-layer information.

IP Addressing: As with any other network-layer protocol, the IP addressing

IP Address Classes: IP addressing supports five different address classes: A, B, C,

N.H.H.H1 Few large

N = Network number, H = Host number.

Various types of subnet masks exist for Class B and C subnets.

Class C Subnetting Reference Chart

Rules for Logical AND Operations

Counting in hex goes as follows: 0 1 2 3 4 5 6 7 8 9 A B C D E F 10 11 12 13 14 15 16

1080:0:0:0:8:800:200C:417A Unicast address

Multicast: Multicast is communication between a single host and multiple receivers.

Difference between Hubs, Switches and Routers:

Ether net channel

COMPONENTS OF NETWORK STRUCTURE:

Numerous Routers May Come into Play During the Switching

Domain Name System

How DNS works in theory

Parts of a domain name

Address Resolution Mechanism

Caching proxy server

Content Filtering Web Proxy

Anonymizing proxy server

Intercepting proxy server

Reverse proxy server

Risks of using anonymous proxy servers

Integrated Services Digital Network

Intrusion prevention system

IPS, Application Firewalls, Unified Threat Management & Access

The Definition of a Distributed Management Environment

Demilitarized zone (DMZ)

Services that belong in the DMZ

Proliant DL580 G4 Server

Front-accessible DL580 G4 Memory Expansion

Hot Plug RAID Memory

Built-in Integrated Lights-Out 2 Standard combines secure, basic management

RAM- Random Access Memory

AMB-Advanced Memory Buffer

FIGURE: This figure shows Adv. Buffer Memory Chip

Built-in for the Future

Reduced Total Cost

FEATURES OF Proliant SERVER

Integrated Lights-Out or iLO is an embedded server management technology