Mekelle University Faculty of Business &

Economics

Computer Science Department

ICT132: Networks and Digital Communications

Handout 7 Network Operating Systems

1. Introduction to network operating systems

Just as a computer cannot operate without a

computer operating system, a network of
computers cannot operate without a network
operating system. Without a network operating
system of some kind, individual computers cannot
share resources, and other users cannot make use of
those resources. This handout provides a general
introduction to network operating systems
(sometimes referred to as NOSs). It describes the
basic features and functions of a NOS and contrasts
these with the capabilities of a stand-alone
operating system.

Novell's NetWare is the most familiar and popular

example of a NOS in which the client computer's
networking software is added on to its existing
computer operating system. The desktop computer
needs both operating systems in order to handle
stand-alone and networking functions together.

Network operating system software is integrated

into a number of popular operating systems
including Windows 2000 Server/Windows 2000
Professional, Windows NT Server/Windows NT
Workstation, Windows 98, Windows 95, and
AppleTalk.

A computer's operating system coordinates the

interaction between the computer and the programs
(applications) it is running. It controls the
allocation and use of hardware resources such as:
Memory
CPU time
Disk space
Peripheral devices

In a networking environment, servers provide

resources to the network clients, and client network
software makes these resources available to the
client computer. The network and the client
operating systems are coordinated so that all
portions of the network function properly.
2. Multitasking

A multitasking operating system, as the name

suggests, provides the means for a computer to
process more than one task at a time. A true
multitasking operating system can run as many
tasks as there are processors (CPUs). If there are
more tasks than processors, the computer must
arrange for the available processors to devote a
certain amount of time to each task, alternating
between tasks until all are completed. With this
system, the computer appears to be working on
several tasks at once.

There are two primary forms of multitasking:

Pre-emptive: In pre-emptive multitasking, the
operating system can take control of the CPU
whenever it wants to, without the task's
cooperation.
Non-pre-emptive (cooperative): In non-pre-
emptive multitasking, the task itself decides
when to give up the CPU. Programs written for
non-pre-emptive multitasking systems must
include provisions for yielding control of the
processor. No other program can run until the
 non-pre-emptive program has given up control
of the processor.

Because the interaction between the stand-alone

operating system and the NOS is ongoing, a pre-
emptive multitasking system offers certain
advantages. For example, when the situation
requires it, the pre-emptive system can shift CPU
activity from a local task to a network task.

3. Client software

In a stand-alone system, when the user types a

command that requests the computer to perform a
task, the request goes over the computer's local bus
to the computer's CPU. For example, if you want to
see a directory listing on one of the local hard
disks, the CPU interprets and executes the request
and then displays the results in a directory listing in
the window. In a network environment, however,
when a user initiates a request to use a resource that
exists on a server in another part of the network,
the request has to be forwarded, or redirected, away
from the local bus, out onto the network, and from
there to the server with the requested resource. This
forwarding is performed by the redirector.

3.1 The redirector

A redirector processes forwarding requests.
Depending on the networking software, this
redirector is sometimes referred to as the "shell" or
the "requester." The redirector is a small section of
code in the NOS that:
Intercepts requests in the computer
Determines if the requests should continue in
the local computer's bus or be redirected over
the network to another server

Redirector activity originates in a client computer

when the user issues a request for a network
resource or service. Figure 1 shows how a
redirector forwards requests to the network. The
user's computer is referred to as a client because it
is making a request of a server. The request is
intercepted by the redirector and forwarded out
onto the network. The server processes the
connection requested by client redirectors and
gives them access to the resources they request. In
other words, the server services - or fulfils - the
request made by the client.
 Figure 1 The operation of a redirector in the
client operating system

Using the redirector, users don't need to be

concerned with the actual location of data or
peripherals, or with the complexities of making a
connection.

4. Server software

The role of the NOS on a server is to process and

act upon requests from clients (redirectors) for
network resources managed by the server. For
example, in Figure 2, a user is requesting a
directory listing on a shared remote hard disk. The
request is forwarded by the redirector on to the
network, where it is passed to the file and print
server containing the shared directory. The request
is granted, and the directory listing is provided.
Figure 2 A request for a directory listing over
a network

The server is also responsible for controlling the

way in which resources are shared over the
network. Sharing is the term used to describe
resources made publicly available for access by
anyone on the network. Most NOSs not only allow
sharing, but also determine the degree of sharing.
For example, an office manager wants everyone on
the network to be familiar with a certain document
(file), so she shares the document. However, she
controls access to the document by sharing it in
such a way that:
Some users will be able only to read it
Some users will be able to read it and make
changes in it

4.1 Security models

It is the responsibility of the network administrator

to ensure that network resources will be safe from
both unauthorised access and accidental or
deliberate damage. Policies for assigning
permissions and rights to network resources are at
the heart of securing the network.
Two security models have evolved for keeping data
and hardware resources safe:
Password-protected shares
Access permissions
These models are also called "share-level security"
(for password-protected shares) and "user-level
security" (for access permissions).

Implementing password-protected shares requires

assigning a password to each shared resource.
Access to the shared resource is granted when a
user enters the correct password. In many systems,
resources can be shared with different types of
permissions. The password-protected share system
is a simple security method that allows anyone who
knows the password to obtain access to that
particular resource.

Access-permission security involves assigning

certain rights on a user-by-user basis. A user types
a password when logging on to the network. The
server validates this user name and password
combination and uses it to grant or deny access to
shared resources by checking access to the resource
against a user- access database on the server.
Access-permission security provides a higher level
of control over access rights. It is much easier for
one person to give another person a printer
password, as in share-level security. It is less likely
for that person to give away a personal password.
Because user-level security is more extensive and
can determine various levels of security, it is
usually the preferred model in larger organizations.

4.2 Managing users

Network operating systems also allow a network

administrator to determine which people, or groups
of people, will be able to access network resources.
A network administrator can use the NOS to:
Create user privileges, tracked by the network
operating system, that indicate who gets to use
the network
Grant or deny user privileges on the network
Remove users from the list of users that the
network operating system tracks

To simplify the task of managing users in a large

network, NOSs allow for the creation of user
groups. By classifying individuals into groups, the
administrator can assign privileges to the group.
All group members have the same privileges,
which have been assigned to the group as a whole.
When a new user joins the network, the
administrator can assign the new user to the
appropriate group, with its accompanying rights
and privileges.
5. Overview of NOSs

The major server-based network operating systems

are Microsoft Windows NT 4 and Windows 2000
Server, Novell NetWare 3.x, 4.x and 5.x, and UNIX
(including Linux and Solaris). The principal peer-
to-peer network operating systems are AppleTalk,
Windows 95 and 98, and UNIX. Each operating
system has its own strengths and weaknesses, and
its own supporters and detractors.

6. Windows 2000 Server

Windows 2000 Server is one of the most popular

server-based network operating systems. When you
install and configure Windows 2000 Server it
establishes a domain. The domain contains
information such as what users are allowed to use
the network and what computers are parts of the
network. Computers must be joined to the domain
before they can start to access its resources. The
server that is in charge of managing the domain is
called the domain controller. The domain
controller provides a number of different services
(i.e. programs) that carry out different network
management functions. Three of the most useful
are the Active Directory, the Dynamic Host
Configuration Protocol, and the Domain Name
Service.
6.1 Active Directory

The Active Directory service performs a number of

functions. One of these is to keep a track of which
users are allowed to log on to the network, and
what privileges and restrictions have been placed
on these users. As was discussed above it is usually
desirable to restrict the network privileges of some
or all users, to prevent unauthorised access to
sensitive information. Different user accounts will
have different sets of privileges and restrictions.
There is normally one special account, the
administrator, which has access to do everything
on the network. Only the network administrator
knows the password for this account.

Another function of the Active Directory is to

manage which computers are joined to the domain.
Just because a computer is physically connected to
the domain controller via some form of cabling it
does not mean that it is able to access all of the
network resources available from it. First it must
request permission to join from the domain
controller. This permission is only granted if the
user attempting to join it is using the administrator
account, or another account with sufficient
privileges.
6.2 Dynamic Host Configuration Protocol

Every computer on a network must have a unique

address. This address is attached to any packets of
data that are intended for transmission to the
computer. If the network is using the TCP/IP
protocol, these addresses will be IP addresses (i.e.
they will consist of 4 numbers between 0 and 255
separated by dots).

There are two ways of assigning IP addresses to

computers. The first is static addressing. In static
addressing the network administrator manually
assigns a different IP address to each computer.
The computer will keep this IP address until the
network administrator changes the software
settings. If two computers have the same IP address
a conflict will occur. If the conflict goes undetected
then both computers will compete to receive
packets of data sent to their IP address. However,
normally the NOS will detect when an IP conflict
has occurred and warn the administrator. Static
addressing is a simple and easy solution and is
commonly used in small networks where
significant expansion is not envisaged.

The second way of assigning IP addresses is called

dynamic addressing. In dynamic addressing a
program run on the server is responsible for
assigning IP addresses to each computer. When a
computer is first joined to the servers domain, it
requests an IP address from this program, which
then assigns an address chosen from a pool of free
addresses that it maintains. The address is typically
leased to the computer, i.e. it is not permanently
assigned. Eventually the computers IP address
lease will expire, and it will need to request a new
one. This is why the scheme is called dynamic
addressing: the IP address of a given computer can
change over time, whereas in the static addressing
scheme it is fixed, or static.

In Windows 2000 Server the program that is

responsible for leasing IP addresses is called the
Dynamic Host Configuration Protocol (DHCP).
DHCP maintains an address pool (a list of free IP
addresses) and a list of address leases (the
addresses that have already been leased).

6.3 Domain Name Service

As well as having a unique IP address, each

computer on a network has a unique computer
name. On a local network, this name can just be a
single word, for example FBE-SERVER or
AWASA. On the Internet the name will consist of a
sequence of words separated by dots, for example
www.yahoo.com or www.bbc.co.uk. There is a
one-to-one mapping between these computer
names and IP addresses: every IP address
corresponds to a single computer name and vice
versa. The reason for using computer names
instead of just IP addresses to identify computers is
that they are easier for people to understand and
remember.

If this one-to-one mapping exists then clearly the

NOS must maintain a list of which IP address maps
to which computer name, so that it can translate
between the two. For instance, if a user requests a
directory listing from the computer AWASA then
the NOS must first find out the IP address that
corresponds to the name AWASA, and then send a
request for the directory listing to that IP address.
The process of translating a computer name into an
IP address is known as name resolution.

In Windows 2000 Server the Domain Name

Service (DNS) is responsible for keeping the list of
IP addresses and computer names and for providing
a translation service between the two for client
computers.
6.3.1 Naming hierarchies

Although there is a one-to-one correspondence

between URLs and IP addresses, it is important to
remember that the positions of the dots in each of
them are not significant. For example, if
www.bbc.co.uk corresponds to the IP address
27.21.225.129, then it does not follow that 129
represents .uk, and 225 represents .co, and so
on. The naming hierarchy is decided on by the
local network administrator, based normally upon
the structure of the organisation it represents. For
example, Figure 3 shows a sample naming
hierarchy for the .et domain. If there were a
computer called fbe-server in the fbe subdivision of
the domain, it would have the name fbe-
server.fbe.mekelle.edu.et. The number of different
segments to a computer name (in this example it is
5) is determined by the naming hierarchy. There is
no global standard. Each organisation can choose
how to structure names in its hierarchy.

Figure 3 A sample naming hierarchy for the

.et domain

6.3.2 Distributed lookup

The Internet contains a number of DNS servers.
None of these servers knows the names and
addresses of every computer on the Internet. DNS
uses a system known as distributed lookup to
enable every DNS server to be able to translate any
address. This means that each DNS server is
responsible for providing a translation service for a
certain subset of computers only. If it receives a
request that it cannot answer, it will forward the
request to another DNS server that will know the
answer. For example, in Figure 3 the DNS server at
mekelle.edu.et provides a translation service for the
.edu.et subdivision. If it receives a request for an
address that it does not end in edu.et it will
forward it to the root DNS server for the et
domain.

Summary of Key Points

Without a network operating system of some

kind, individual computers cannot share
resources, and other users cannot make use of
those resources
A network operating system can be part of a
computer operating system (e.g. Windows
2000) or a separate application that runs on top
of the computer operating system (e.g. Novell
NetWare)
 By multitasking, computers can perform more
than one task at a time
Multitasking can be either pre-emptive or non-
pre-emptive
Server software is the means by which an NOS
provides services to other computers on a
network
A redirector is used to forward client requests
to the network
Network planning must include plans for
security. The level of security needed depends
on the size of the organization and the
sensitivity of the data.
The two security models that keep data and
hardware resources safe are password-
protected shares and access permissions
In password-protected shares, each network
resource has its own password. If a user knows
that password they can access the resource.
In the access-permissions model, network
rights and restrictions are assigned on a user-
by-user basis. Each user has to enter a
password when logging on to the network; the
server then assigns that users rights and
restrictions.
In Windows 2000 Server, the Active Directory
service is responsible for keeping track of what
computers are currently joined to the domain,
 and which users are allowed to log on to the
network.
Every computer on a network must have a
unique address. If two computers have the
same address an address conflict occurs.
There are two ways of assigning addresses to
computers on a network: static and dynamic
addressing.
In static addressing, the networking
administrator is responsible for manually
assigning a unique address to each computer.
The computer keeps this address indefinitely.
In dynamic addressing, a program run on the
server is responsible for leasing an address to
each computer. Eventually the lease will expire
and a new address must be requested.
In Windows 2000, the Dynamic Host
Configuration Protocol (DHCP) is the program
responsible for leasing addresses.
Every computer also has a unique name.
Computers names have a one-to-one mapping
to their addresses.
In Windows 2000 Server, the program that is
responsible for translating between addresses
and names (and vice versa) is called the
Domain Name Service (DNS).
The process of translating between computer
names and IP addresses is called name
resolution.
 Notes prepared by: FBE Computer Science
Department.

Sources: Networking Essentials Plus,

Microsoft Press
An Introduction to Computer
Networking, Mansfield & Antonakos
Mastering Windows 2000 Server,
Minasi et al