CT (Os) T - Iii
CT (Os) T - Iii
AT - 01- 12
STUDENTS’ TEXT
           COMPUTER TECHNOLOGY
            (OPERATING SYSTEM)
                (Comn Tech)
                                  MAR 2022
                                IPT / TERM-III
As Per Syllabus Approved By: AIR HQ/18910/4/TRGGII BM-II dated 15 Jun 21.
                                  RESTRICTED
                  RESTRICTED
                      2
Edited by : WO D Singh
                  RESTRICTED
                            RESTRICTED
                                3
                                                             AT-01-12
                            CONTENTS
Chap              Subject                   Syllabus Index   Pg
 No.                                                         No.
                                 TERM-III
 12    Server Operating System       COMN TECH/CT-OS-12       5
 13    Server Class Machine in IAF   COMN TECH/CT-OS-13      91
 14    Virtualization                COMN TECH/CT-OS-14      110
 15    PC Audit Tools                COMN TECH/CT-OS-15      156
 16    Remote Audit Tool             COMN TECH/CT-OS-16      164
 17    IAP 3903 (Revised)            COMN TECH/CT-OS-17      172
 18    Revision                      COMN TECH/CT-OS-18      190
                            RESTRICTED
                            RESTRICTED
                                4
Due for Revision on:   Jun 2024
AMENDMENT RECORD
                           RESTRICTED
                                     RESTRICTED
                                         5
COMTECH/COMP/OS-III/12
                            CHAPTER-12
                   MICROSOFT WINDOWS SERVER 2019
Objective
12.1
                                     RESTRICTED
                            RESTRICTED
                                   6
both. An event-driven system switches between tasks based on their
priorities or external events while time-sharing operating systems switch
tasks based on clock interrupts.
                            RESTRICTED
                                 RESTRICTED
                                     7
3.    Uses of Operating System.      There are many uses those are performed
by the operating system but the main goal of operating system is to provide the
interface between the user and the hardware means provides the interface for
working on the system by the user.
4.   The various uses those are performed by the operating system are as
explained below:
     (b) Storage Management.             Operating system also controls the all the
     storage operation means how the data or files will be stored into the
     computers and how the files will be accessed by the users etc. All the
     operations those are responsible for storing and accessing the files is
     determined by the operating system. Operating system also allows us
     creation of files, creation of directories and reading and writing the data of
     files and directories and also copies the contents of the files and the
     directories from one place to another place.
                                 RESTRICTED
                                  RESTRICTED
                                       8
       (f)  Networking. Most current OS has a built in support for TCP/IP
       networking protocols. This means that computers running dissimilar
       operating systems can participate in a common network for sharing
       resources such as computing, files, printers, and scanners using either
       wired or wireless connections.
       (g) Security. All current OS provide some or other form of security level.
       They provide mechanism to protect your computer as well as the data
       stored in the computer. They provide password protection to keep
       unauthorized user from accessing your system. Some operating system
       also maintains activity logs and accounting of the user’s time for billing
       purposes. An OS also provide backup and recovery utilities to use the
       system in case of system failures.
12.2
6. Other Requirements.
                                  RESTRICTED
                              RESTRICTED
                                    9
7.   Before Installing Window Server 2019.
     (a) Verify that your hardware is compatible with the operating system in
     consideration for server class machine.
     (b) Determine how the system will be configured as per role and features
     of server.
(c) Decide how partition you require and what file system to be used.
     (a) Insert the Windows Server 2019 DVD, and once you get the following
     message press Enter to boot from the setup. See Fig 12.1
                                RESTRICTED
                           RESTRICTED
                                 10
(c) Once the setup files are loaded, the setup will start with the following
screen. You can change these to meet your needs (the default values
should be fine for now. See Fig 12.3
(d) Once you click “Next”, you can start the installation, click "Install now".
See Fig 12.4
                             RESTRICTED
                            RESTRICTED
                                  11
(e) You will see the following screen, wait until it finishes loading. See Fig
12.5
(f)  In the following setup screen, you will see four options. Select
Windows Server 2019 Data Center Evaluation. (Desktop Experience). See
Fig 12.6
                            RESTRICTED
                              RESTRICTED
                                   12
(g) After you click Next from previous screen, Read the License terms,
tick the "I accept the license terms" and click Next. See Fig 12.7
(h) Now It will ask you for the drive (or partition) you want to install
Windows on. Here I'm installing it on the one partition I have here. NOTE:
This will remove the content of the partition. Either you create a partition to
install windows on, or you can test this on a testing machine. See Fig 12.8
                            RESTRICTED
                             RESTRICTED
                                    13
(j) Now once we picked our partition, clicking on next from previous
screen will start the setup. This process might take a while. See Fig 12.9
(k) Once the setup is done, it will restart and start your Windows Server
2012 for the first time. It will ask you then to set up a password for the
Administrator user. See Fig 12.10
                           RESTRICTED
                            RESTRICTED
                                 14
(l) The setup will finalize your settings, might take a couple of minutes.
See Fig 12.11
(m) Once the setup is done, you can log in for the first time to your
Windows Server, as the screen says, press Ctrl+Alt+Delete to log in, and
use the password you set in the setup process. See Fig 12.12
                           RESTRICTED
                              RESTRICTED
                                  15
       (n) Once you Log in, Windows Server 2019 will show the Server
       Manager. See Fig 12.13
       (p) Congratulations! you have now Windows server 2019 Installed with
       Datacenter.
12.3
                                 RESTRICTED
                                 RESTRICTED
                                      16
computer in which the Server process resides. The network ties the server and
client together, providing the medium through which the clients and the server
communicate. The Fig. 12.14 given below shows a basic Client /Server
computing model.
From the Fig. 12.14 it is clear that services can be provided by variety of
computers in the network. The key point to Client /Server power is where the
request processing takes place. For example: Client /Server Database. In case
of Client /Server database system, the functionality is split between the server
system and multiple clients such that networking of computers allows some
tasks to be executed on the client system.
                                  RESTRICTED
                                 RESTRICTED
                                       17
11.   Client /Server: Stateless or Stateful
(a) The main operations of the client system are listed below:
                                   RESTRICTED
                                    RESTRICTED
                                        18
                                    RESTRICTED
                                 RESTRICTED
                                       19
         (ii) Multiple clients, single server: This topology is shown in the
         Fig. 12.16 given below. In this topology, several clients are directly
         connected to only one server.
                               RESTRICTED
                            RESTRICTED
                                   20
(b) Workstation independence. Users are not limited to one type of
system or platform. In an ORACLE-based Client/Server system the
workstations can be IBM – compatible PCs, Macintoshes, UNIX
workstations, or any combinations of the three. In addition, they can run
any of a number of operating systems such as MS-DOS, Windows, IBM’s
OS/2, Apple’s System 7 etc. That is, application independence is achieved
as the workstations don’t all need to use the same DBMS application
software. Users can continue to use familiar software to access the
database, and developers can design front-ends tailored to the workstation
on which the software will run, or to the needs of the users running them.
                           RESTRICTED
                            RESTRICTED
                                  21
(h) Integrated services. In Client/Server model all information that the
client is entitled to use is available at the desktop, through desktop
interface, there is no need to change into a terminal mode or to logon into
another processor to access information. The desktop tools – e-mail,
spread sheet, presentation graphics, and word processing are available
and can be used to deal with the information provided by application and
database server’s resident on the network. Desktop user can use their
desktop tools in conjunction with information made available from the
corporate systems to produce new and useful information using the
facilities DDE/OLE, Object-oriented design.
     (i)    They can provide data entry, storage, and reporting by using a
     distributed set of clients and servers.
(k) Masked physical data access. SQL is used for data access from
database stored anywhere in the network, from the local PC, local server
or WAN server, support with the developer and user using the same data
request. The only noticeable difference may be performance degradation if
the network bandwidth is inadequate. Data may be accessed from CD-
ROM, HDD, Magnetic disk, and optical disk with same SQL statements.
Logical tables can be accessed without any knowledge of the ordering of
column. Several tables may be joined to create a new logical table for
application program manipulation without regard to its physical storage
format.
                           RESTRICTED
                                RESTRICTED
                                      22
    to the hardware or OS location providing the data. The developer of
    business logic deals with a standard process logic syntax without
    considering the physical platform.
    (b) Training cost. Training can also add to the start-up costs as the
    DBMS may run on an operating system that the support personnel are
    unfamiliar with.
                               RESTRICTED
                                   RESTRICTED
                                        23
     (d) Software cost.           The overall cost of the software is usually
     higher than that of traditional PC based multi-user DBMS.
     (a) Physical security holes: These results when any individual gains
     unauthorized access to a computer by getting some user’s password.
     (b) Software security holes: These result due to some bug in the
     software, due to which the system may be compromised into giving wrong
     performance.
     (c) Inconsistent usage holes:        These may result when two different
     usages of a systems contradict over a security point.
17. Of the above three, software security holes and inconsistent usage holes
can be eliminated by careful design and implementation. For the physical
security holes, we can employ various protection methods. These security
methods can be classified into following categories:
                                   RESTRICTED
                                  RESTRICTED
                                       24
18. Development Tools In today’s rapid changing environment, choosing the
right tools to develop Client/Server applications is one of the most critical
decisions. As a rule of thumb, managers tend to choose a tool that has a long-
term survival potential. However, the selection of a design or application
development tool must also be driven by system development requirements.
Once such requirements have been delineated, it is appropriate to determine
the characteristics of the tool that you would like to have. Client/Server tools
include:
(j) Support for third party development tools (CASE, libraries, and so on)
(m) Support for middle ware protocols (ODBC, IDAPI, APPC, and so on).
                                 RESTRICTED
                                    RESTRICTED
                                           25
19. There is no single best choice for any application development tool. For
one thing, not all tools will support all the GUI’s, operating system, middleware,
and databases. Managers must choose a tool that fits the application
development requirements and that matches the available human resources, as
well as the hardware infrastructure. Chances are that the system will require
multiple tools to make sure that all or most of the requirements are met.
Selecting the development tools is just one step. Making sure that the system
meets its objectives at the client, server, and network level is another issue
12.4
N-Tier Architecture
       (a) A client, i.e. the computer, which requests the resources, equipped
       with a user interface (usually a web browser) for presentation purposes
                                 RESTRICTED
                                RESTRICTED
                                      26
     (b) The application server (also called middleware), whose task it is to
     provide the requested resources, but by calling on another server
     (c) The data server, which provides the application server with the data it
     requires.
Multi-Tiered Architecture.
22. In 3-tier architecture, each server (tier 2 and 3) performs a specialized task
(a service). A server can therefore use services from other servers in order to
provide its own service. As a result, 3-tier architecture is potentially an n-tiered
architecture.
23. Technology that separates computers and application software into two
categories clients, and servers tobetter employ available computing resources
and share data processing loads. A client computer provides the user
interaction-facility (interface) and some or all application processing, while the a
server computer might provide high-volume storage capacity, heavy data
crunching, and / or high resolution graphics. Typically, several client computers
are connected through a network (or networks) to a server which could be a
large PC, minicomputer, or a mainframe computer. Every computer connected
to a website acts as a client while the website's computer acts as a server. Also
called client-server environment.
                                  RESTRICTED
                           RESTRICTED
                                 27
Comparison Between Architecture.
       (b) Increased security, as security can be defined for each service, and
       at each level.
12.5
TCP/IP.
                                     RESTRICTED
                                  RESTRICTED
                                       28
dedicated connection for the call duration). Being stateless frees network paths
so that everyone can use them continuously. (Note that the TCP layer itself is
not stateless as far as any one message is concerned. Its connection remains in
place until all packets in a message have been received.)
29. Many Internet users are familiar with the even higher layer application
protocols that use TCP/IP to get to the Internet. These include the World Wide
Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP),
Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail
Transfer Protocol (SMTP). These and other protocols are often packaged
together with TCP/IP as a "suite."
30. Personal computer users with an analog phone modem connection to the
Internet usually get to the Internet through the Serial Line Internet Protocol
(SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP
packets so that they can be sent over the dial-up phone connection to an access
provider's modem.
31. Protocols related to TCP/IP include the User Datagram Protocol (UDP),
which is used instead of TCP for special purposes. Other protocols are used by
network host computers for exchanging router information. These include the
Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP),
the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).
FTP.
32. File Transfer Protocol (FTP) is a standard Internet protocol for transmitting
files between computers on the Internet. Like the Hypertext Transfer Protocol
(HTTP), which transfers displayable Web pages and related files, and the
Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an
application protocol that uses the Internet's TCP/IP protocols. FTP is commonly
used to transfer Web page files from their creator to the computer that acts as
their server for everyone on the Internet. It's also commonly used to download
programs and other files to your computer from other servers.
33. As a user, you can use FTP with a simple command line interface (for
example, from the Windows MS-DOS Prompt window) or with a commercial
program that offers a graphical user interface. Your Web browser can also make
FTP requests to download programs you select from a Web page. Using FTP,
you can also update (delete, rename, move, and copy) files at a server. You
need to logon to an FTP server. However, publicly available files are easily
accessed using anonymous FTP.
                                 RESTRICTED
                                RESTRICTED
                                      29
34. Basic FTP support is usually provided as part of a suite of programs that
come with TCP/IP. However, any FTP client program with a graphical user
interface usually must be downloaded from the company that makes it.
HTTP.
35. Short for HyperText Transfer Protocol, the underlying protocol used by the
World Wide Web. HTTP defines how messages are formatted and transmitted,
and what actions Web servers and browsers should take in response to various
commands. For example, when you enter a URL in your browser, this actually
sends an HTTP command to the Web server directing it to fetch and transmit the
requested Web page.
36. The other main standard that controls how the World Wide Web works is
HTML, which covers how Web pages are formatted and displayed. HTTP is
called a stateless protocol because each command is executed independently,
without any knowledge of the commands that came before it. This is the main
reason that it is difficult to implement Web sites that react intelligently to user
input. This shortcoming of HTTP is being addressed in a number of new
technologies, including ActiveX, Java, JavaScript and cookies.
HTTPS.
37. If you're going to run an online store or ecommerce Web site, you should
be aware of HTTPS or HyperText Transfer Protocol with Secure Sockets Layer.
HTTPS is a protocol to transfer encrypted data over the Web. There are two
primary differences between an HTTPS and an HTTP connection work:
     (b) HTTPS encrypts the data sent and received with SSL, while HTTP
     sends it all as plain text
38. Most Web customers know that they should look for the https in the URL
and the lock icon in their browser when they are making a transaction. So if your
storefront is not using HTTPS, you will lose customers. But even still, it is
common to find Web sites that collect money including credit card data over a
plain HTTP connection.
39. As said above, HTTP sends the data collected over the Internet in plain
text. This means that if you have a form asking for a credit card number, that
credit card number can be intercepted by anyone with a packet sniffer. Since
there are many free sniffer software tools, this could be anyone at all. By
                                  RESTRICTED
                                   RESTRICTED
                                        30
collecting credit card information over an HTTP (not HTTPS) connection, you
are broadcasting that credit card information to the world. And the only way your
customer will learn it was stolen is when it's maxed out by a thief.
SMTP.
40. Pronounced as separate letters Short for Simple Mail Transfer Protocol, a
protocol for sending e-mail messages betweenservers. Most e-mail systems that
send mail over the Internet use SMTP to send messages from one server to
another; the messages can then be retrieved with an e-mail client using either
POP or IMAP. In addition, SMTP is generally used to send messages from a
mail client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e-mail application.
12.6
Role of server
41. Window server can be designed to play many roles and each role is having
some important features to perform the specific task as per configuration of
server role.
42. Roles.
                                       RESTRICTED
                                 RESTRICTED
                                     31
      (d)   Fax Server.
43. The Active Directory Domain Services role enables the server to be
configured as a domain controller to centrally manage, authenticate, and
authorize users, groups, and computers on the network.
44. The Application Server role supports hosting and managing high-
performance distributed business applications through the .NET Framework,
web services, and application communications services.
45. The DHCP Server role allows the server to provide IP addresses and other
settings to network clients.
46. The DNS Server role allows the server to provide host name to IP address
resolution for Internet names, as well as hosting name resolution for local
domains.
47. The File Services role supports file sharing, DFS, NFS, and SMB.
                                 RESTRICTED
                               RESTRICTED
                                   32
48. The Hyper-V role supports hosting and managing virtual machines,
including both Windows and non-Windows guests.
49. The Network Policy and Access Services role supports RADIUS
authentication, routing, and remote access through VPNs.
51. The Terminal Services role supports access to remote desktop services,
remote applications, and may function as a gateway to remote clients.
52. The Web Server role allows the server to host HTTP, HTTPS, and FTP
sites.
55. The .NET Framework 3.5.1 feature installs support for .NET 2.0 and .NET
3.0 applications through the .NET Framework.
56. The Remote Assistance feature supports requesting and offering GUI-
based remote assistance.
58. The Telnet Client feature installs a Telnet client, useful for both connecting
to Telnet servers (including routers and switches), and testing text-based
network services such as HTTP and SMTP.
                                  RESTRICTED
                                  RESTRICTED
                                      33
12.7
DNS
61. Domain Name Servers (DNS) are the Internet's equivalent of a phone
book. They maintain a directory of domain names and translate them to Internet
Protocol (IP) addresses.This is necessary because, although domain names are
easy for people to remember, computers or machines, access websites based
on IP addresses.
62. Information from all the domain name servers across the Internet are
gathered together and housed at the Central Registry. Host companies and
Internet Service Providers interact with the Central Registry on a regular
schedule to get updated DNS information.
63. When you type in a web address, e.g., www.jimsbikes.com, your Internet
Service Provider views the DNS associated with the domain name, translates it
into a machine friendly IP address (for example 216.168.224.70 is the IP for
jimsbikes.com) and directs your Internet connection to the correct website.
64. After you register a new domain name or when you update the DNS
servers on your domain name, it usually takes about 12-36 hours for the domain
name servers world-wide to be updated and able to access the information. This
36-hour period is referred to as propagation.
Domain controller.
                                  RESTRICTED
                                  RESTRICTED
                                      34
66. With Windows NT 4 Server, one domain controller per domain was
configured as the primary domain controller (PDC); all other domain controllers
were backup domain controllers (BDC).
67. Because of the critical nature of the PDC, best practices dictated that the
PDC should be dedicated solely to domain services, and not used for file, print
or application services that could slow down or crash the system. Some network
administrators took the additional step of having a dedicated BDC online for the
express purpose of being available for promotion if the PDC failed.
68. A BDC could authenticate the users in a domain, but all updates to the
domain (new users, changed passwords, group membership, etc.) could only be
made via the PDC, which would then propagate these changes to all BDCs in
the domain. If the PDC was unavailable (or unable to communicate with the user
requesting the change), the update would fail. If the PDC was permanently
unavailable (e.g. if the machine failed), an existing BDC could be promoted to
be a PDC.
69. Windows 2000 and later versions introduced Active Directory ("AD"), which
largely eliminated the concept of PDC and BDC in favor of multi-master
replication. However, there are still several roles that only one domain controller
can perform, called the Flexible single master operation roles. Some of these
roles must be filled by one DC per domain, while others only require one DC per
AD forest. If the server performing one of these roles is lost, the domain can still
function, and if the server will not be available again, an administrator can
designate an alternate DC to assume the role in a process known as "seizing"
the role.
                                  RESTRICTED
                                  RESTRICTED
                                      35
12.8
Active Directory
71. Active Directory is a directory service. The term directory service refers to
two things — a directory where information about users and resources is stored
and a service or services that let you access and manipulate those resources.
Active Directory is a way to manage all elements of your network, including
computers, groups, users, domains, security policies, and any type of user-
defined objects. It melds several NT services and tools that have functioned
separately so far — User Manager for Domains, Server Manager, Domain
Name Server — and provides additional functions beyond these services and
tools.
72. Active Directory is built around Domain Name System (DNS) and
lightweight directory access protocol (LDAP). DNS because it is the standard on
the Internet and is familiar, LDAP because most vendors support it. Active
Directory clients use DNS and LDAP to locate and access any type of resource
on the network. Because these are platform-independent protocols, Unix,
Macintosh, and other clients can access resources in the same fashion as
Windows clients.
                                  RESTRICTED
                                  RESTRICTED
                                      36
     number of domains.
     (c) Full Support for Long Queries. With AD, you do not need to know
     which resource is available at which server. In order words, you do not
     need to go in depth of topology know-how. You have to type your query to
     get and manage the relevant information.
74. In the world of Active Directory, clients and servers interact in the following
manner:
     (b) The dynamic DNS server provides the network address of the domain
     controller responsible for the name. This is similar to the way static DNS
     currently operates — it provides an IP address in response to a name
     query.
     (c) The client receives the domain controller’s address and uses it to
     make an LDAP query to the domain controller. The LDAP query finds the
     address of the system that has the resource or service that the client
     requires.
     (d) The domain controller responds with the requested information. The
     client accepts this information.
     (e) The client uses the protocols and standards that the resource or
     service requires and interacts with the server providing the resource.
                                  RESTRICTED
                               RESTRICTED
                                     37
environment based on Active Directory, we can find several classifications of its
components. Here we discuss the physical components of Active Directory in a
domain. Active Directory comprises of two physical components. They are
Domain Controllers and Sites.
     (b) Sites.        Sites are the second major physical component of Active
     Directory, which organises the network into different physical or
     geographical locations. If your network span is only within a single building,
     Active Directory can work with a Single Site. But if your organization spans
     into multiple buildings or geographical locations, it’s required to split the
     Active Directory into multiple sites. It mainly helps reducing high network
     utilization during replication across WAN links.
     (a) Domain. A group of computer and other resources that are part of a
     windows server2008 network and share a common directory database.
                                 RESTRICTED
                                    RESTRICTED
                                        38
           (ii)   Multiple Forest
Types Of Trust.
     (c) Trusting Domain.           The domain that allows access to users from a
     trusted domain.
     (d) Trusted Domain.        The domain that is trusted; whose users have
     access to the trusting domain.
     (e) Transitive Trust.      A trust that can extend beyond two domains to
     other trusted domains in the forest.
     (f) Intransitive Trust.        A one way trust that does not extend beyond
     two domains.
     (g) Explicit Trust      A trust that an admin creates. It is not transitive and
     is one way only.
                                    RESTRICTED
                                   RESTRICTED
                                       39
80. Windows Domain Join is a feature that lets users establish a remote and
secure connection to a work domain using credentials from the enterprise,
allowing them to effectively "join" that domain.
81. Windows Domain Join was introduced in Windows 7 and can still work
even if there is no immediate connection. The offline domain join feature eases
the deployment of desktops in large enterprises.In Windows Server 2008 R2, a
command called Djoin.exe was introduced so administrators could have an
easier time running Windows Domain Join. The Windows Domain Join feature
received an upgrade with release of Windows Server 2019 R2. The upgrade is
called Workplace Join.
     (d) Under Computer name, domain and workgroup settings, click change
     settings. You need the administrator password to be able to do this.
                                   RESTRICTED
                                 RESTRICTED
                                     40
(g) Type in the name of the Domain you want to join, then click OK.
     (h) You will now need to enter your username and password for the
     domain.
84. Group Policy, in part, controls what users can and cannot do on a
computer system: for example, to enforce a password complexity policy that
prevents users from choosing an overly simple password, to allow or prevent
unidentified users from remote computers to connect to a network share, to
block access to the Windows Task Manager or to restrict access to certain
folders. A set of such configurations is called a Group Policy Object (GPO).
                                 RESTRICTED
                               RESTRICTED
                                     41
like ZENworks Desktop Management) for distribution. Active Directory can
distribute GPOs to computers which belong to a Windows domain.
88. Group Policy Objects are processed in the following order (from top to
bottom):
     (b) Site. Any Group Policies associated with the Active Directory site in
     which the computer resides. (An Active Directory site is a logical grouping
     of computers, intended to facilitate management of those computers based
     on their physical proximity.) If multiple policies are linked to a site, they are
     processed in the order set by the administrator.
     (c) Domain. Any Group Policies associated with the Windows domain
     in which the computer resides. If multiple policies are linked to a domain,
     they are processed in the order set by the administrator.
89. The resulting Group Policy settings applied to a given computer or user are
known as the Resultant Set of Policy (RSoP). RSoP information may be
displayed for both computers and users using the gpresult command.
                                  RESTRICTED
                                  RESTRICTED
                                          42
creates a policy that has inheritance blocked by a lower level administrator
(domain administrator), this policy will still be processed.
91. Where a Group Policy Preference Settings is configured and there is also
a uivalent Group Policy Setting configured, then the value of the Group Policy
Setting will take precedence.
12.9
DHCP
Introduction
                                 RESTRICTED
                                RESTRICTED
                                    43
96. The following four basic phases are required in DHCP operations between
a DHCP server and DHCP client (e.g. a PC) in order for the client to get/lease
network configuration data, such as IP address from the DHCP server.
     (b) DHCP Offer. When a DHCP server receives the DHCP Discover
     message from the client, it also broadcasts a DHCP Offer message over
     the Ethernet network (because the client IP address has not been
     allocated yet), informing the client that it is available. This message
     contains the network information, such as client IP address, subnet mask,
     default gateway IP address, DNS IP address, IP lease time and DHCP
     server IP address. The DHCP Offer message broadcasted is delivered to
     all the clients on the same subnet network, including the one that sent the
     DHCP Discover message.
     (c) DHCP Request.            The client, having received the DHCP Offer
     message, recognizes there is a DHCP server available on the same
     subnet. Then it broadcasts a DHCP Request message to the server over
     the Ethernet network, requesting network configuration data including an
     IP address for itself. If more than one DHCP server responds on the same
     subnet and hence the client receives multiple DHCP Offer messages, it
     selects one of the DHCP servers, and enters the IP address of the
     selected DHCP server in the DHCP Server Identifier (option 54) field of the
     DHCP Request message. Then it informs all the DHCP servers on the
     subnet network about such selection by broadcasting the DHCP Request
     message. Typically, all DHCP servers internally store the network
     configuration data (i.e. IP address for the client and other information)
     when they send a DHCP Offer message. So, the client broadcasts the
     DHCP Request message to all the DHCP servers, so that those not
     selected can also receive the message and delete the stored network
     configuration data from their memory.
     (d) DHCP Ack.      The DHCP server which received the DHCP
     Request message from the client checks if the IP address shown in the
     DHCP Server Identifier (option 54) field matches its own. If it does, it
                                RESTRICTED
                                RESTRICTED
                                     44
     broadcasts a DHCP Ack message ensuring the client can receive the
     message (Note: the client has NOT been allocated an IP address yet).
     (e) At this time, the DHCP server transfers all the network configuration
     data including the client IP address – the same data sent along with the
     DHCP Offer message - to the client. Then the client configures a network
     interface using the transferred data, finally connecting to the Internet. The
     typical network configuration data includes:
(i) IP address
          (v) Lease time (during which a client can use the IP address
          allocated/leased by a DHCP server)
97. A DHCP Ack message is the last message sent in the “IP address
allocation/lease” procedure. It contains the IP Lease Time (option 51)
parameter, and a client can use an allocated IP address only for the time period
(lease duration) specified in the option parameter. Thus, to use the IP address
beyond the lease duration, the client has to request approval from the DHCP
server to renew the IP address.
     (a) DHCP Request.           The lease time is given as 1 hour. When half of
     it has passed (i.e. 1,800 seconds/30 minutes in Figure 3), the client sends
     a DHCP Request message to the DHCP server to renew its lease time
     (Note: In case of IP renewal, no DHCP Discover/Offer process is required).
     Unlike in the IP address allocation/lease procedure, the client does not
     broadcast the DHCP Request message (Destination MAC=FF:
     FF:FF:FF:FF:FF, Destination IP=255.255.255.255), but unicasts it
     (Destination MAC=DHCP Server MAC (m2), Destination IP=DHCP Server
     IP (1.1.1.254)). That is because the DHCP server and client have already
     known each other’s IP address. The DHCP Request message for IP
     address renewal should include the IP address of the client requesting the
     renewal in the “Client IP Address (ciaddr)” field, but should exclude
     Requested IP Address (option 50) and DHCP Sever Identifier (option 54)
     fields.
                                 RESTRICTED
                                 RESTRICTED
                                        45
     (b) DHCP Ack.         Upon accepting the DHCP Request message (for IP
     address renewal) received from the client, the DHCP server also unicasts,
     and does not broadcast, a DHCP Ack message (Destination MAC=PC
     MAC (m1), Destination IP=PC IP (1.1.1.10)), including network
     configuration data such as the client IP address, subnet mask, default
     gateway IP address, DNS IP address and lease time, to the client. Once
     this process is completed, the client can keep its current IP address for the
     extended lease time as specified in the DHCP Ack message.
     (a) DHCP Release. If the client does not need its allocated IP address
     any longer, it unicasts a DHCP Release message (Destination
     MAC=DHCP Server MAC (m2), Destination IP=DHCP Server IP
     (1.1.1.254)) to the DHCP server. The server then releases the client IP
     address (1.1.1.10) listed in the Client IP field of the received message.
     (c) IP address renewal: When half of the lease time set through “IP
     address allocation/lease” procedure has passed, it unicasts a DHCP
     Request message to the DHCP server for renewal of its IP address. The
     DHCP server, upon receiving the DHCP Request message, accepts the
     request by responding with a unicast DHCP Ack message.
     IP address release: Once the client is logged-off, it returns the allocated IP
     address to the DHCP server by unicasting a DHCP Release message to
     the DHCP server.
                                 RESTRICTED
                                RESTRICTED
                                    46
Installation and configuration of DHCP
To Install DHCP role, you will have to follow the steps given below.
                                  RESTRICTED
                               RESTRICTED
                                     47
Step 3 − Select the Role-based or feature-based installation option → click
Next. See Fig 12.22
Step 4 − We will install a Local DHCP Role as it will Select a server from the
Server Pool → then click Next See Fig 12.23
                                 RESTRICTED
                               RESTRICTED
                                   48
Step 5 − From the Roles lists, check the DHCP Server role → click Add
Features See Fig 12.24 & 12.25
                               RESTRICTED
                               RESTRICTED
                                   49
                               RESTRICTED
                                 RESTRICTED
                                     50
                                 RESTRICTED
                                 RESTRICTED
                                     51
Post-deployment Configuration
Step 1 − Click on the warning icon and then click on “Complete DHCP
Configuration”. See Fig 12.30
                                 RESTRICTED
                                 RESTRICTED
                                        52
Step 3 − Select a domain user account that has permissions to create objects in
the Net Services container in Active directory or a domain admin account →
click Next. See Fig 12.32
                                RESTRICTED
                                  RESTRICTED
                                      53
12.10
File server
101. File servers function primarily to provide a location to store shared files to a
given client within a network. These files could be virtually anything, multimedia
from text documents to sound files to photographs, as long as it is stored in a
file. The clients typically consist of individual workstations, often as employees in
a business or students at a school.
102. File servers will often double as other types of servers as well, such as
print servers or other types of peripheral servers. File servers are also a type of
server computer, that is, where the entire computer is dedicated to the operation
of a server, as opposed to the server-client relation being relatively “macro" or
“micro" in nature.
103. File servers tend to have large hard drives to store all of these files,
especially in large file server systems as may be encountered in a business.A
file server may be either dedicated or non-dedicated.
     (i)   A dedicated file server means that there may be a specific computer
     server that fulfills this function, typically for a larger network, and has
     specialized hardware and software to handle the greater workload. This
     may include more hard drive memory storage, better cooling systems,
     better security such as limited physical access, and specialized software
     contained within special server operating systems.
     (ii) A non-dedicated file server just means that the computer functioning
     as a file server isn't used exclusively as such, and may also be used for
     other purposes, such as a workstation. This is more typical of small-scale
     systems, such as at home or in a small business.
                                  RESTRICTED
                                RESTRICTED
                                    54
     (iv) Monitor Your Employees Dedicated File Servers also offer support
     through which you can monitor your employees. It means tracking the
     users’ activities. This means protecting vital files and monitoring any data
     which is sent into or from your organization. You would also be able to
     have a look at the websites which your network users are accessing to
     protect from malicious file downloads that may create a lot of havoc.
                                RESTRICTED
                                 RESTRICTED
                                       55
     (v) Increase User Control        The File Server ensures management of
     all passwords from central location. You would be able to create new users
     within no time. Similarly deleting a user form the system would ensure
     access denied to the entire system of files. So if you have fired a
     disgruntled employee, you do not need to worry about unauthorized
     access. The employee would not be able to do any harm to your business.
12.11
107. The Outlook and Outlook on the web clients also provide access to public
folders. Public folders look like regular mail folders in your mailbox, except that
they are in an area where they can be shared by all users within the
organization. A folder can have specialized forms associated with it to allow the
sharing of contacts, calendar entries, or even other specialized forms. Further,
each public folder can be secured so that only certain users can view or modify
data in that folder.
     (a) A message transport system that moves messages from one place to
     another. Examples include the Simple Mail Transport Protocol (SMTP).
     (b) A message storage system that stores messages until a user can
     read or retrieve them. Messages may be stored in a client/server
     database, a shared file database,or even in individual files.
                                  RESTRICTED
                                RESTRICTED
                                       56
     (c) A directory service that allows a user to look up information about the
     mail system's users, such as a user's email address.
     (d) A client access interface on the server that allows the clients to get to
     their stored messages. This might include a web interface, a client/server
     interface, or the Post Office Protocol (POP).
     (e) The client program that allows users to read their mail, send mail,
     and access the directory. This may include Outlook, Outlook on the web,
     and a mobile device
110. The transaction log that is always written to is the current transaction log
for that particular database (e00.log, for example). Each transaction log file is
exactly 1 MB insize, so when the transaction log is filled up, it is renamed to the
next sequential number. For example, an old transaction log file might be named
like this: e000004032.log. The actual period that data is retained in memory will
depend on how much cache memory is available, what types of operations are
happening in the data, and how busy the server is.
                                  RESTRICTED
                                  RESTRICTED
                                        57
111. The important operation, though, is to make sure that as soon as the data
is sent to the Exchange server, it is immediately flushed to the transaction log
files. If the server crashes before the data is written to the database file, the
database engine (the store process) will automatically read the transaction log
files once the server is brought back up and compare them to the data that's
stored in the corresponding mailbox databases. Any inconsistency is resolved
by replaying the missing data operations from the transaction logs back into the
database, assuming that the entire transaction is present; if it's not, the
operations are not written. This helps ensure that the integrity of the mailbox
database is preserved and that half-completed data operations aren't written
back into the database and allowed to corrupt good data. The transaction log
files are important for a number of reasons. They are used by Microsoft
replication technologies, but they can also be used in disaster recovery.
112. The transaction logs are not purged off the log disk until a full backup is
run; therefore, every transaction that occurred to a database (new data,
modifications, moves, deletes) is stored in the logs. If you restore the last good
backup to the server, Exchange Server can replay and rebuild all the missing
transactions back into the database—provided you have all the transactions
since the last full backup.In early versions of Exchange Server, it had two
separate mail store objects: the storage group, which was a logical container
that held an associated set of transaction logs, and the mailbox database, a set
of files that held the actual permanent copies of user mailboxes. Multiple
mailbox databases per storage group, meaning that one set of transaction logs
contained interwoven transaction data for multiple databases (which could have
detrimental effects on performance, space, and backups).
113. Exchange Server relies on Active Directory for information about its own
configuration, user authentication, and email-specific properties for mail-enabled
objects such as users, contacts, groups, and public folders. Look at Figure
12.35 to see some of the different types of interactions that occur between
Exchange Server and Active Directory. Because most of the Exchange Server
configuration data for an Exchange server is stored in Active Directory, all
Exchange Server roles must contact a domain controller to request its
configuration data; this information is stored in a special partition of Active
Directory database called the configuration partition.
                                 RESTRICTED
                                RESTRICTED
                                    58
12.12
IIS
115. Web server can refer to either the hardware (the computer) or the software
(the computer application) that helps to deliver content that can be accessed
through the Internet.
116. The most common use of web servers is to host web sites but there are
other uses such as data storage or running enterprise applications.
117. The primary function of a web server is to deliver web pages on the
request to clients. This means delivery of HTML documents and any additional
content that may be included by a document, such as images, style sheets and
scripts.
                                RESTRICTED
                                  RESTRICTED
                                      59
Features of IIS
119. The architecture of IIS 7 is modular. Modules, also called extensions, can
be added or removed individually so that only modules required for specific
functionality have to be installed. IIS 7 includes native modules as part of the full
installation. These modules are individual features that the server uses to
process requests and include the following:
                                  RESTRICTED
                                RESTRICTED
                                      60
    (f)   Logging and Diagnostics Modules.           Used to perform tasks
    related to logging and diagnostics in the request-processing pipeline, such
    as passing information and processing status to HTTP.sys for logging,
    reporting events, and tracking requests currently executing in worker
    processes.
120. IIS releases new feature modules between major version releases to add
new functionality. The following extensions are available for IIS 7.5:
    (a) FTP Publishing Service. Lets Web content creators publish content
    securely to IIS 7 Web servers with SSL-based authentication and data
    transfer.
     (g) WebDAV Lets Web authors publish content securely to IIS 7 Web
     servers, and lets Web administrators and hosters manage WebDAV
     settings using IIS 7 management and configuration tools.
     (h) Web Deployment Tool           Synchronizes IIS 6.0 and IIS 7 servers,
     migrates an IIS 6.0 server to IIS 7, and deploys Web applications to an IIS
     7 server.
                                RESTRICTED
                                   RESTRICTED
                                       61
Installation of Web Server (IIS)
121. Compatibility.
            Version                           Notes
             IIS 8.0
                          IIS 8.0 is only available in Windows Server
             IIS 7.5
                          2012 and Windows 8.
             IIS 7.0
123. Installing IIS 8 With The Default Settings         To install IIS, use the
following steps:
                                   RESTRICTED
                           RESTRICTED
                                 62
(c)   Select Role-based or Feature-based Installation. See Fig 12.37
(d) Select the appropriate server (local is selected by default). See Fig
12.38
                           RESTRICTED
                           RESTRICTED
                                 63
(e)   Select Web Server (IIS). See Fig 12.12 (d)
(f)  No additional features are needed for IIS, so click next. See Fig
12.39
                           RESTRICTED
                           RESTRICTED
                                64
(g)   Click Next. See Fig 12.40
(h) Customize your installation of IIS, or accept the default settings that
have already been selected for you, and then click Next. See Fig 12.41
                           RESTRICTED
                             RESTRICTED
                                   65
(j)   Click Install. See Fig 12.42
(k) When the IIS installation completes, the wizard reflects the
installation status. See Fig 12.43
                             RESTRICTED
                         RESTRICTED
                             66
WINDOWS SERVER 2012 FTP INSTALLATION AND CONFIGURATION
124. Today you step by step installation of Windows Server 2012 FTP Service.
     (a) Add a portion of the Role As a first step we select from the Server
     Manager, See Fig 12.44
                               RESTRICTED
                            RESTRICTED
                                  67
(c)   We choose the FTP Server service is part of IIS features are brought
about and the next. See Fig 12.46
 (d) After you install the required services will ever need to restart our
 server will start automatically re-emerges, and to approve a warning asks
 confirmation from us. We continue to YES,. See Fig 12.47
                            RESTRICTED
                           RESTRICTED
                               68
(f) As shown below, the installation process begins. See Fig 12.49
                           RESTRICTED
                         RESTRICTED
                             69
(g) Then right-click on the IIS manager on our server by clicking on the
'Add FTP Site' he will continue. See Fig 12.50
                         RESTRICTED
                            RESTRICTED
                                 70
(h)   Desire by giving a name to C:\FTP. See Fig 12.51
(j)   FTP service port and the addresses are selected to fulfill the
following screen. We left the default options. Of course if you want to be
able to bring this service to more secure by choosing SSL. See Fig 12.52
                           RESTRICTED
                            RESTRICTED
                                 71
(k) Active Directory Users and Computers interface will give the FTP
service allows users to permission of read and write. See Fig 12.53
(l)  Here we add the users are able to read or write rights. We also
wanted to give write access to users within the company added. See Fig
12.54
                         RESTRICTED
                           RESTRICTED
                                72
(m) The following screen 2nd screen on the right, select the FTP service
FTP Authorization Rules option to add users or groups that want to take
advantage of this service. We are created in the Active Directory group
called FTP Users added, See Fig 12.55
(p) Allow access to the case files for more as you can See Fig 12.56
                           RESTRICTED
                                 RESTRICTED
                                     73
Web Server Maintenance
     (c) Web Statistics. Commonly known as “web stats”, this is the program
     or service responsible for reporting who is visiting your website, how they
     got there and where they come from. You want to keep up to date on your
     website traffic so that you can improve your website.
     (e) Testing. If you website has any kind of form, login form or other
     kinds of functions, then those should be tested regularly to make sure they
     are working fine and data which is entered to be stored or fetched as per
     user requirement.
     (f) Link Checking. If your website has links going to other websites, you
     should make sure those links work fine so that your website continues to
     be a solid resource.
                                 RESTRICTED
                               RESTRICTED
                                      74
     (g) Backups. Check to see if backups of your website and database are
     being done. Also check that the backups work and can be restored without
     problems.
     (h) Design. Make sure that your website still looks fine in all of the
     latest versions of major website browsers like Internet Explorer, Firefox,
     Chrome and Safari. These browsers are updated often and if your website
     doesn’t adapt, then it might not show up looking nice (or show up at all) on
     certain browsers.
     (j) Website Errors.    Check all error log files and messages at
     Google Webmaster Tools and Bing Webmaster Tools to make sure there
     are not major errors.
     (k) Check Load Time.         Do some testing to make sure your website
     loads quickly.
12.13
(a) Cmdlets
                                  RESTRICTED
                              RESTRICTED
                                    75
     (b) PowerShell introduces a powerful new type of command. PowerShell
     commands (called cmdlets) share a common Verb-Noun syntax and offer
     many usability improvementsover standard commands.
129. PowerShell automates tasks using cmdlets. These are .NET application
programming interface (API) classes appearing as system commands and
implementing specific functions. They are the native commands in PowerShell
and process objects individually. They are used as recipients in a pipeline and
receive and output results as objects
                                RESTRICTED
                                 RESTRICTED
                                     76
12.14
Hosting of Website
132. Web hosting is a service that allows organizations and individuals to post a
website or web page onto the Internet. A web host, or web hosting service
provider, is a business that provides the technologies and services needed for
the website or webpage to be viewed in the Internet. Websites are hosted, or
stored, on special computers called servers.
                                 RESTRICTED
                                RESTRICTED
                                     77
133. When Internet users want to view your website, all they need to do is type
your website address or domain into their browser. Their computer will then
connect to your server and your webpages will be delivered to them through the
browser. Most hosting companies require that you own your domain in order to
host with them. If you do not have a domain, the hosting companies will help
you purchase one.
134. A web hosting service is a type of Internet hosting service that allows
individuals and organizations to make their website accessible via the World
Wide Web. Web hosts are companies that provide space on a server owned or
leased for use by clients, as well as providing Internet connectivity, typically in a
data center. Web hosts can also provide data center space and connectivity to
the Internet for other servers located in their data center, called colocation, also
known as Housing in Latin America or France.
TYPES OF HOSTING
     (a) Smaller hosting services.          The most basic is web page and
     small-scale file hosting, where files can be uploaded via File Transfer
     Protocol (FTP) or a Web interface. The files are usually delivered to the
     Web "as is" or with minimal processing. Many Internet service providers
     (ISPs) offer this service free to subscribers. Individuals and organizations
     may also obtain Web page hosting from alternative service providers.
                                  RESTRICTED
                                RESTRICTED
                                     78
     (d) Shared web hosting service. one's website is placed on the same
     server as many other sites, ranging from a few sites to hundreds of
     websites. Typically, all domains may share a common pool of server
     resources, such as RAM and the CPU.
     (e) Dedicated hosting service          the user gets his or her own Web
     server and gains full control over it (user has root access for Linux
     /administrator access for Windows); however, the user typically does not
     own the server. One type of dedicated hosting is self-managed or
     unmanaged. This is usually the least expensive for dedicated plans. The
     user has full administrative access to the server, which means the client is
     responsible for the security and maintenance of his own dedicated server.
     (f) Cloud hosting. Cloud hosting is a new type of hosting platform that
     allows customers powerful, scalable and reliable hosting based on
     clustered load-balanced servers and utility billing. A cloud hosted website
     may be more reliable than alternatives since other computers in the cloud
     can compensate when a single piece of hardware goes down. Also, local
     power disruptions or even natural disasters are less problematic for cloud
     hosted sites, as cloud hosting is decentralized. Cloud hosting also allows
     providers to charge users only for resources consumed by the user, rather
     than a flat fee for the amount the user expects they will use, or a fixed cost
     upfront hardware investment. Alternatively, the lack of centralization may
     give users less control on where their data is located which could be a
     problem for users with data security or privacy concerns.
137. Some specific types of hosting provided by web host service providers:
                                    RESTRICTED
                                 RESTRICTED
                                     79
Backup of server
138. Backup of server is required to safe guard the important data from disaster
or failure of hardware and timely updation if any failure of server occurred. You
can use the Configure Server Backup Wizard to protect your operating system,
business information, and application data. You can save backups to one or
multiple external storage drives. You can also schedule backups to run
automatically or manually.
(b) Make sure that Windows Server Backup is installed on the server.
     (a) Attach one or more external storage drives to the server. These are
     external storage drives that you can dedicate for storing backups.
     (b) The Configure Server Backup Wizard formats the external storage
     drives when it configures them for backup.
     (c) Decide whether to back up all the data on the server or only certain
     drives.
(d) Decide whether you want to run backups once-a-day or more often.
     (c) If you have not yet configured backup settings, In the task pane, click
     Configure server backup. The Configure Server Backup Wizard appears.
     See Fig 12.57
                                 RESTRICTED
                             RESTRICTED
                                 80
(d) If you have already configured backup settings and want to back up
the server immediately, in the task pane click Backup now.
(f) The external storage drive destinations that you want to back up to.
                             RESTRICTED
                                 RESTRICTED
                                     81
(g) The drives that contain the data that you want to back up.
(a) You can back up your data to any of the following storage devices:
(iv) Local hard disk drives that are installed on the server.
        (iii) In the task pane, click add or remove backup destinations. The
        backup destinations dialog box appears, and it displays a list of
        available storage drives.
                                 RESTRICTED
                           RESTRICTED
                                 82
    (c) To add or remove a storage drive for your backup, do one of the
    following:
        (iii) To view all supported storage drives, select Show all valid
        internal and external backup destinations.
    (c) In the task pane, click Add or remove backup items. The backup items
    dialog box appears, and it displays a list of drives that contain data.
                              RESTRICTED
                              RESTRICTED
                                     83
     (d) To add or remove a data drive for the backup, do one of the following.
     (e) To include a data drive in the server backup, select the adjacent
     check box, and then click OK.
     (f) To exclude a data drive from the server backup, clear the adjacent
     check box, and then click OK.
     (g) You cannot exclude from a backup any drives that contain operating
     system files or critical applications.
(h) To include all data drives in the server backup, click Back up all.
     (c) In the task pane, click change backup schedule. The backup schedule
     dialog box appears. See Fig 12.61
                                 RESTRICTED
                                  RESTRICTED
                                      84
          (ii)  Twice a day. Sets Backup to run at 5:00 P.M. and 11:00 P.M.
          by default.
(iii) Custom. Does not set a default time for Backup to run.
    (e) If you want to change the time that Backup runs, in the list of times,
    select the check box for each time of day that you want your backup to run.
    Clear the check box for any time that you do not want backup to run.
(f) When you have finished specifying the backup schedule, click OK.
144. Pause the Backup Schedule.       When you pause the backup schedule,
the next scheduled backup is disabled until you resume the backup schedule.
When backup is paused, the Windows SBS Console displays a status of
Paused in the next backup column.To pause and to resume schedule backup,
follow as:
(a) To Pause.
          (iv) Click yes to confirm that you want to pause the scheduled
          backup.
(b) To Resume.
          (iv) Click yes to confirm that you want to resume the scheduled
          backup.
                                  RESTRICTED
                             RESTRICTED
                                   85
      (a) Open the windows SBS console.
      (c) The list view displays the servers and client computers that are
      connected to your network.
      (d) Right-click the server for which you want to view backup history, and
      then click view backup history. The backup history dialog appears and
      displays a list of previous backups. See Fig 12.62
(e) To view the details for a listed backup, click the backup to select it.
                                   RESTRICTED
                                RESTRICTED
                                    86
Lesson Summary
 Window server can be designed to play many roles and each role is having
  some important features to perform the specific task as per configuration of
  server role.
 The DNS Server role allows the server to provide host name to IP address
  resolution for Internet names, as well as hosting name resolution for local
  domains.
 The DHCP Server role allows the server to provide IP addresses and other
  settings to network clients.
 The Hyper-V role supports hosting and managing virtual machines, including
  both Windows and non-Windows guests
 Backup of server is required to safe guard the important data from disaster
  or failure of hardware and timely updation if any failure of server occurred.
                                RESTRICTED
                                    RESTRICTED
                                        87
MCQ
                                    RESTRICTED
                                   RESTRICTED
                                       88
Q12. The ………. query finds the address of the system that has the resource or
service that the client requires.
                                   RESTRICTED
                                  RESTRICTED
                                      89
     (c) IIS                         (d) DHCP
Q17. IIS 7.5 includes the following additional or enhanced security feature(s):
__________________
Q20. The most basic is web page and small-scale file hosting, where files can
be uploaded via………………… or a Web interface.
Q21. …………..is a new type of hosting platform that allows customers powerful,
scalable and reliable hosting based on clustered load-balanced servers and
utility billing.
Ans:- 1(a) 2(c) 3 (d) 4(a) 5(a), 6(c), 7(b), 8(d) 9(d), 10(d) 11(a), 12(a) 13(a)
14(a),15 (a), 16.(a) 17.(d) 18.(b) 19(a),20(a), 21(d) 22 (a),
                                  RESTRICTED
                               RESTRICTED
                                   90
DTQ
                               RESTRICTED
                                 RESTRICTED
                                     91
COMTECH/COMP/OS-III/13
                          CHAPTER-13
                 DIFFERENT CLASS MACHINE IN IAF
Objective.
13.1
                                 RESTRICTED
                            RESTRICTED
                                92
                            RESTRICTED
                           RESTRICTED
                                 93
     (c) Samba: An open Source/Free Software suite that provides
     seamless file and print services to SMB/CIFS clients (i.e., Microsoft
     Windows clients).
                            RESTRICTED
                            RESTRICTED
                                94
                            RESTRICTED
                                  RESTRICTED
                                       95
       2008 provides remote access Services that allow the remote systems to
       establish a secure remote connection.
       15. Print Server. As a file and print server, the Server system can
       provide network users with centralized access to data files or can act as a
       print queue server to holt multiple printers. Several improvements have
       been made in Windows Server for file security, file server fault tolerance
       and the configuration of redundant print This machine manages user
       access to the shared output devices, such as printers. These are the
       earliest type of servers. Print services can run on a file server or on one or
       more separate print server machines.
       16. Fax Server         provides the facility to send and receive the Faxes
       through a single network connection. The Fax server can be a workstation
       with an installed FAX board and special software or a specialized device
       dedicated and designed for Fax Services. This machine manages flow of
       fax information to and from the network. It is similar to the mail server.
13.2
17. Server and Desktop are not just categories of processors but make up
separate platforms of which the processor is a part of.
(d) Server
18. There’s no official definition of what each of these platforms consist of, but
generally, they’ll be split into broad tiers of form-factors, hardware performance,
expandability & specialization, and intended use-case.
                                    RESTRICTED
                                    RESTRICTED
                                        96
19. The mainstream or consumer platforms are what you would use in a computer
built for light workloads like graphic design, word-processing, browsing, and general
everyday work. Desktop platforms are also evolving to perform better in multi-
threaded workloads, making them a cheaper alternative to workstation platforms.
One good example is CPU rendering, where this platform is starting to gain
popularity ever-increasing CPU core counts.
Workstation / HEDT
20. Workstation platforms are suited towards more demanding workloads which
require strong multi-threaded performance and better connectivity. By providing
many processing cores and access to more e.g. PCIe-Lanes, applications that are
well-parallelized run great on this platform.Workstation platforms fit into desktop
form-factors, making them ideal for use on a desk at work or home, where you are
actively working on the system.
Professional Workstation
21. The Professional workstation platform offers many features you would find in a
high-end server platform – the key difference being that it fits into a desktop form-
factor. This platform is ideal for applications like rendering, simulations, or workloads
that need access to even more PCIe-Lanes, ECC Memory, larger Memory
Capacities, or CPU Security features than the Workstation / HEDT Platform can
provide.
Server
22. The server platform is primarily made for reliability, flexibility, and scalability.
They are deployed mainly as rack-mounted units in data centers, allowing a large
amount of computing power to be packed into a small amount of space. Server
platforms are configured for multiple uses ranging from high-capacity storage to
performance-intensive applications with many processing cores and memory. They
are also rated to run 24/7 for long periods without suffering from instability or system
crashes and are not meant to be worked on directly.
                                    RESTRICTED
                                 RESTRICTED
                                     97
23. CPUs are unavoidably tied to their platform. You can’t slap a desktop CPU into
a server platform and you can’t install a server CPU into a desktop platform.The
differences between Server and Desktop CPUs lie in their platform
Form Factor
24. One visually apparent difference between the desktop and server platforms is
their form factor. Both the server and desktop platforms have standards for
measuring the space the system occupies.For desktop platforms, the typical form
factors are XL-ATX, E-ATX, ATX, M-ATX, and M-ITX in order of their size. ATX is
the most popular option for desktop PC systems, with M-ATX and M-ITX following
suit.
                                 RESTRICTED
                                      RESTRICTED
                                             98
25. The E-ATX form factor is often found in workstation and enthusiast systems.
The larger size lets them pack additional features, such as more PCIe and RAM
Slots, while still being within the constraints of a desktop case.
26. Desktop cases also come in different form factors. They are categorized into
Full Tower, Mid Tower, Mini Tower, and Small Form Factor (SFF). Compatibility with
hardware for a particular case depends on its size, with full tower cases supporting
most from factors while SFF cases only supporting M-ITX.
27. Most servers come in either the tower or rack mount configurations. The tower
configuration is similar to the desktop platform and is a good choice if you are
working with a small number of servers.
                                  RESTRICTED
                                 RESTRICTED
                                     99
28. Rack mount servers are made to use with standard 19” server racks, allowing
you to stack servers vertically and save space. Apart from servers, rack mount
storage arrays and network switches to add additional functionality to setup.
29. The size of rack mount components is determined in units of height ranging
from 1U up to 6U for general servers. Most server racks are 42U in height which
allows you to fit quite a lot of hardware in a small amount of space.
30. Although there are some Server Motherboards that abide by the general
Desktop PC Form-Factors, many are custom made to fit more efficiently into the
Server Case.
Memory
31. Server platforms support ECC or Error Correction Code memory across their
entire suite of processors. ECC support on desktop platforms is limited to a
professional workstation, workstation, and a select number of consumer platforms.
                                 RESTRICTED
                                  RESTRICTED
                                       100
32. On consumer platforms like AMD’s Ryzen on B550 and X570 motherboards,
ECC support does exist but is not validated for server or workstation use, and
compatibility varies by motherboard manufacturers.
33. ECC ram corrects memory corruption due to random bit flips, preventing
system crashes and data corruption. This is important system failures cannot afford
when using the computer 24/7 for an extended period.
35. The number of RAM channels available also varies between platforms. Server
and Pro workstations have eight channels, while workstation platforms have four
and consumer two. More memory channels improve the net bandwidth between
RAM and the processor.
                                                            Memory Max
Platform                       ECC Support
                                                            Channels Memory
Desktop Consumer/              No, some platforms have non- 2        128 GB
        Mainstream             certified support
        Workstation            Yes                          4        512 GB
        Professional           Yes                          8        2 TB
        Workstation
Server Server                  Yes                              8            2TB+
Multi-processor Support
36. A feature unique to the server platform is the support for multiple processors.
Multiple processors in a single system not only increases your core count but also
gives you access to more memory and PCIe lanes in a single system.
37. With a single system having multiple processors, you save a lot of space and
cost that separate systems would have occupied. This is great for e.g. render farms
that require many processing cores in a limited space.
                                  RESTRICTED
                                  RESTRICTED
                                     101
Expansion & Connectivity
38. Server and pro workstation platforms offer a large number of PCIe lanes.
These PCIe lanes are necessary for adding expansion cards like GPUs, NVMe
SSDs, SATA SSDs, HDDs, or network cards.
39. Server platforms are highly versatile in their allocation of PCIe lanes Need a
large amount of GPUs in a single system with support for more GPUs than most
desktop systems.
40. This just goes to show how versatile and easily configurable a server platform
is. Servers are easily configurable with many GPUs, NVMe drives, or hard disks, all
while keeping it compact.
41. Of course, servers aren’t optimized for quiet operation, so server tucked away
in a data center or separate room.
                                  RESTRICTED
                                   RESTRICTED
                                         102
constraints of the desktop form factor, which may force to use risers with expansion
cards like GPUs to make the best use of the platform.
43. Consumer systems have a lower number of PCIe lanes, which will limit
expansion to one or two GPUs and a couple of NVMe drives. Some specialized
systems support several GPUs via a single 1x riser link for applications like mining,
though it will severely impact performance in non-mining workloads.
44. Processors are bound to a specific platform and will be compatible with only
said platform. Take AMD’s consumer/workstation Ryzen and Epyc series, for
example. There exists no Ryzen processor for servers nor any Epyc CPUs for
desktops.
45. The CPU from each series is made for their own platform. Even processors
identical on paper (e.g. same core counts and clocks) will differ significantly when
taking into consideration the platform they work with.
                                  RESTRICTED
                                RESTRICTED
                                   103
Type of CPUs bounded to platform
46. Here’s a quick overview of what type of CPUs are bound to which platform
and their typical core counts:
                                                                        Core
Platform                          Manufacturer      Series
                                                                        Range
Desktop    Consumer/              AMD               Athlon              2-4
           Mainstream
                                                    Ryzen               4-16
                                  Intel             Pentium / Celeron   2-4
                                                    Core                2-10
           Workstation            AMD               Threadripper        8-64
                                  Intel             Core X              10-18
           Professional           AMD               Threadripper Pro    12-64
           Workstation
Server     Server                 AMD               Epyc                8-64
                                  Intel             Xeon                4-56
47. As discussed above, processors within their platforms offer several features
that help differentiate the two platforms. Now focus on the actual differences
between the processors.
                                RESTRICTED
                                  RESTRICTED
                                     104
48. Lower clock speeds also reduce the power draw, which may not seem to have
any benefit for a single CPU. However, plan to run hundreds or even thousands of
processors, it will have profound implications, even for a few watts per processor.
49. Server processors also need to run 24/7 on high load, which significantly
degrades their lifetime if run at high temperatures. That is why even low core-count
server processors run at lower clock speeds than comparable desktop chips.
Core Count
50. While desktop platforms match servers in the maximum number of cores in a
single processor, server processors have the unique advantage of being able to use
multi-processor configurations.
51. Intel’s Xeon Scalable is an excellent example of how easily pack a single
severs with many processing cores. Intel offers these processors in nodes that
easily fit into a 2U chassis offering up to 224 cores in a single server.
Core Clocks
52. Desktop / consumer processors feature higher clock speeds making them an
excellent option for active and single-threaded workloads that cannot be parallelized
easily, like graphic design and large parts of video editing or gaming.
53. Intel and AMD also allow manual overclocking on many of their desktop chips,
which provides additional performance at the cost of an increased power draw and
stability. The thermal output of a processor core scales exponentially with its clock
speed.
                                  RESTRICTED
                                  RESTRICTED
                                     105
Pricing Difference
54. Desktop processor pricing is straightforward, with the pricing generally being
proportional to the processor’s clock speed and core count.
56. Server platforms run in constrained environments where the only cooling
method is high flow rate air over a small heatsink. Add to that multiple, high core
count processors, and lower clock speeds to maintain temperatures for a stable,
long-duration operation.
57. Server CPUs usually consist of highly binned components, meaning they run
more stable and draw less power, making them more expensive even when
compared to desktop CPUs that seem to have the same specs on paper.
58. The CPU has to have on-chip logic to access all the platform features as well,
so it should come as no surprise that server CPUs that have access to e.g. more
memory channels or more PCIe-Lanes have increased pricing – all other factors the
same.
                                  RESTRICTED
                                  RESTRICTED
                                       106
The right CPU for you: Server or Desktop processors
59. When choosing between a server and a desktop processor, it’s not just the
processor that matters but the platform.
60. Once with a particular platform, switching to another will be expensive due to
the lack of compatibility across platforms.
61. Choose the desktop platform if plan to work on your PC or workstation from a
desk actively. Although servers come in the tower configuration, they are not meant
to be run as a standalone unit and will offer much less performance (low clock-
speeds, etc.).
62. Go with the server platform if plan on leaving it unattended. Servers are easily
mountable on equipment racks and allow you to expand with additional servers,
storage arrays, or network switches without taking much space.
63. Remember that rack-mounted servers are very loud, so they are not suitable
for a home or work environment.
64. For applications like render farms that need a large amount of computing
power, use the desktop platform as render-nodes. For large-scale operations, the
space and energy savings of the server platform make rack-mounted servers the
better option.
                                  RESTRICTED
                                RESTRICTED
                                   107
Platform                Use case                  Processor
                        GPU Rendering             AMD Threadripper 3960X
           Professional CPU Rendering             AMD Threadripper 3995WX
           Workstation
                        GPU Rendering             AMD Threadripper 3955WX
66. On the other hand, a server is designed for numerous real-time users.
These users are known as clients, and the server is the host.A server
motherboard can host two processors or more, including as many chipsets.
67. Most server motherboards have a minimum of eight memory sockets, ten
or more SATA connectors, two LAN ports, and Wi-Fi in many models, support
for multiple graphics processors, and six or more expansion slots.
                                RESTRICTED
                              RESTRICTED
                                  108
                          POINTS TO REMEMBER
    Server and Desktop are not just categories of processors but make up
separate platforms of which the processor is a part of.
(d) Server
                                 RESTRICTED
                                  RESTRICTED
                                     109
Self Test
MCQ
Q2.     IIS
      (a)Internet image service           (b) image internet service
      (c) Internet information service    (d) none of the above
DTQ
Q2. What are the hardware difference between server and PC?
                                  RESTRICTED
                                   RESTRICTED
                                      110
COMTECH/COMP/OS-III/14
                                 CHAPTER-14
                               VIRTUALISATION
Objective.
14.1
Introduction
                                   RESTRICTED
                                RESTRICTED
                                      111
system may appear different to each user and each of them may believe they
are interacting with the only operating system i.e. this does not interfere with
user experience.
                                RESTRICTED
                        RESTRICTED
                            112
PHYSICAL AND VIRTUAL MACHINE
4.   The architecture of a physical server is quite plain. Each server has its own
hardware: Memory, network, processing and storage resources. On this
hardware, the server operating system is loaded. From the OS you can then run
the applications
5.   With a virtual infrastructure, you have the same physical server with all the
resources, but instead of the server operating system, there’s a hypervisor such
as v Sphere or Hyper-V loaded on it. The hypervisor is where you actually
create your virtual machines. As you can see on the diagram, each VM has its
own virtual devices – virtual CPU, virtual memory, virtual network interface cards
and its own virtual disk. On top of this virtual hardware you load a guest
operating system and then your traditional server applications.
Traditional Computing
                                 RESTRICTED
                                 RESTRICTED
                                    113
Virtual Computing
Understanding virtualization:
9.    There was a wild explosion of data centers overfilled with servers; but as
time passed, in a combination of the effect of Moore’s Law and the “one server,
one application” model, those servers did less and less work. Fortunately, help
was on the way in the form of virtualiza-tion. The idea and execution of
virtualization was not new. It ran on IBM main-frames back in the 1960s but was
updated for modern computer systems.
10. The first com-mercially available solution to provide virtualization for x86
computers camefrom VMware in 2001. A parallel open-source offering called
Xen arrived two years later. These solutions (VMMs, or hypervisors) took the
form of a layer of software that livedeither between an operating system and the
virtual machines (VMs) or wasinstalled directly onto the hardware, or “bare-
metal,” just like a traditional oper-ating system such as Windows or Linux. In the
next chapter, we’ll go into muchmore depth about hypervisors.
11. What virtualization brought to those overfull data centers and underutilized
servers was the ability to condense multiple physical servers into fewer servers
that would run many virtual machines, allowing those physical servers to run at
a much higher rate of utilization. This condensing of servers is called consolida-
tion. A measure of consolidation is called the consol-idation ratio and is
calculated by counting the number of VMs on a server.
                                 RESTRICTED
                                    RESTRICTED
                                          114
                              Fig: 14.3 : Virtualozation
12. In larger data centers, where hundreds or even thousands of servers were
housed, virtualization provided a way to decommission a large portion of serv-
ers. This reduced the overall footprint of a data center, reduced the power and
cooling requirements, and removed the necessity to add to or construct addi-
tional data centers. By extension, with fewer servers, it reduced a company’s
hardware maintenance costs and reduced the time system administrators took
to perform many other routine tasks.
13. Server virtualization enables different OS to share the same network &
make it easy to move OS between different networks without affecting the
applications running on them. This allows portability of application. Virtualization
allows many instance of application to be created thus allowing them to scale up
& down as per requirement. Virtualization enables load balancing thus allowing
companies to handle peak loads. Storage virtualization enables efficient
utilization of existing resources. Allows services to be provided over internet.
Limitations of virtualization
15. There are a few limitations with the hardware or VM virtualization, which
leads to containerization.
                                    RESTRICTED
                                  RESTRICTED
                                     115
                                  RESTRICTED
                                    RESTRICTED
                                       116
Veertu-for        Mac                   Mac OS & VM runs as an application
MAC                                     IOS      of Mac.
Apple-Boot        Mac                   Windows  No need to download or
Camp                                             instal.
Technologies of Virtualization
14.2
Types of Virtualization
This is also called as Client virtualization; this time is on the user’s site where
you virtualize their desktops. We change their desktops with thin clients and by
utilizing the datacenter resources.
                                    RESTRICTED
                                  RESTRICTED
                                     117
Hardware virtualization
                                  RESTRICTED
                                RESTRICTED
                                      118
    on the host processor in native mode. Thus, unprivileged instructions of
    VMs run directly on the host machine for higher efficiency. The critical
    instructions are divided into three categories. sensitive instructions
    Behavior sensitive instructions Privileged instructions execute in a
    privileged mode and will be trapped if executes outside this mode. Control
    sensitive instructions attempt to change the configuration of resources
    used. Behavior sensitive instructions have different behaviors depending
    on the configuration of resources, including the load and store operations
    over the virtual memory. CPU’s user mode while the VMM run in
    supervisor mode. When the privileged instructions including control and
    behavior sensitive instructions of a VM are executed they are trapped in
    the VMM. RISC CPU architectures can be naturally virtualized because all
    control and behavior sensitive instructions are privileged instruction.
                                RESTRICTED
                                RESTRICTED
                                   119
                                RESTRICTED
                                  RESTRICTED
                                     120
                                  RESTRICTED
                                  RESTRICTED
                                     121
14.3
                                  RESTRICTED
                             RESTRICTED
                                   122
VM VirtualBox. Others include VMWare Server and Workstation, Microsoft
Virtual PC, KVM, QEMU and Parallels.
30. Partitions do not have access to the physical processor, nor do they
handle the processor interrupts. Instead, they have a virtual view of the
processor and run in a virtual memory address region that is private to each
guest partition. The hypervisor handles the interrupts to the processor, and
redirects them to the respective partition. Hyper-V can also hardware accelerate
the address translation between various guest virtual address spaces by using
an Input Output Memory Management Unit (IOMMU) which operates
independent of the memory management hardware used by the CPU. An
IOMMU is used to remap physical memory addresses to the addresses that are
used by the child partitions.
                                RESTRICTED
                                   RESTRICTED
                                        123
31. Child partitions also do not have direct access to other hardware resources
and are presented a virtual view of the resources, as virtual devices (VDevs).
Requests to the virtual devices are redirected either via the VMBus or the
hypervisor to the devices in the parent partition, which handles the requests.
The VMBus is a logical inter-partition communication channel. The parent
partition hosts Virtualization Service Providers (VSPs) which communicate over
the VMBus to handle device access requests from child partitions. Child
partitions host Virtualization Service Consumers (VSCs) which redirect device
requests to VSPs in the parent partition via the VMBus. This entire process is
transparent to the guest operating system.
                                 RESTRICTED
                                 RESTRICTED
                                    124
                                 RESTRICTED
                                 RESTRICTED
                                    125
                                 RESTRICTED
                                   RESTRICTED
                                         126
Step 3: A Table will pop-up initializing the installation of VMware -> Click “Next”
Step 4: Check the box “I accept the terms in the license agreement” Click on
“Next”.
                                  RESTRICTED
                                 RESTRICTED
                                      127
Step 5: Once again, click on the “Next” button.
                                 RESTRICTED
                                 RESTRICTED
                                    128
Step 9: An icon will be created on the desktop. Click on it and a table will pop–
up, where you have two possibilities: If you want to use it as a non-commercial
                                 RESTRICTED
                                RESTRICTED
                                     129
version, just enter your email address. If you want to use it as a commercial
version, check the second option and enter your serial key.
                               RESTRICTED
                                   RESTRICTED
                                      130
14.4
38. Network Virtualization         It is a part of virtualization infrastructure, which
is used especially if you are going tovisualize your servers. It helps you in
creating multiple switching, Vlans, NAT-ing, etc. orMultiple sub-networks can be
created on the same physical network by combining equipment into a single,
software-based virtual network resource. Network virtualization also divides
available bandwidth into multiple, independent channels, each of which can be
assigned to servers and devices in real time. Advantages include increased
reliability, network speed, security and better monitoring of data usage. Network
virtualization can be a good choice for companies with a high volume of users
who need access at all times.
                                   RESTRICTED
                                 RESTRICTED
                                    131
Virtual LAN
41. A VLAN (virtual LAN) is a subnetwork which can group together collections
of devices on separate physical local area networks (LANs). A LAN is a group of
computers and devices that share a communications line or wireless link to a
server within the same geographical area.
43. VLANs are also important because they can help improve the overall
performance of a network by grouping together devices that communicate most
frequently. VLANs also provide security on larger networks by allowing a higher
degree of control over which devices have access to each other. VLANs tend to
be flexible because they are based on logical connections, rather than physical.
44. One or more network switches may support multiple, independent VLANs,
creating Layer 2 (data link) implementations of subnets. A VLAN is associated
with a broadcast domain. It is usually composed of one or more network
switches.
Types of VLANs
45. Types of VLANs include Protocol based, static and dynamic VLANs.
       (a) A Protocol VLAN        which has traffic handled based on its protocol.
       A switch will segregate or forward traffic based on the traffics protocol.
                                 RESTRICTED
                                RESTRICTED
                                      132
      (b) Static VLAN     also referred to as port-based VLAN, needs a
      network administrator to assign the ports on a network switch to a virtual
      network; while:
                                 RESTRICTED
                                   RESTRICTED
                                         133
Virtual memory virtualization is similar to the virtual memory support provided by
modern operating systems. In a traditional execution environment, the operating
system maintains mappings of virtual memory to machine memory using page
tables, which is a one-stage mapping from virtual memory to machine memory.
All modern x86 CPUs include a memory management unit (MMU) and a
translation lookaside buffer (TLB) to optimize virtual memory performance.
However, in a virtual execution environment, virtual memory virtualization
involves sharing the physical system memory in RAM and dynamically allocating
it to the physical memory of the VMs.
48. Each application sees its own logical memory, independent of physical
memory Virtual Memory in simple words is the RAM of the machine. The
memory resource settingsfor a virtual machine determines how much of the
host's memory is allocated to the virtualmachine. The virtual hardware memory
size determines how much memory is available toapplications that run in the
virtual machine.A virtual machine cannot benefit from more memory resources
than its configured virtualhardware memory size. The ESXi hosts limit the
                                 RESTRICTED
                                  RESTRICTED
                                        134
memory resource use to the maximumamount useful for the virtual machine, so
that you can accept the default of unlimitedmemory resources.You can add,
change, and configure virtual machine memory resources or options toenhance
virtual machine performance. You can set most of the memory parameters
whilecreating the virtual machine or it can also be done after the Guest
Operating System is installed. Most of the hypervisors require to power off the
virtual machine before changingthe settings.In the following schematic
illustration, you can see that the total physical memory isdivided between two
virtual machines
14.5
49. To create a virtual machine, we have to follow the steps given below. Step
1: Click on “Player” File New Virtual Machine.
Step 2: A table will pop-up requesting you to find a Boot disk, Boot Image or to
install OS at a later stage. We will choose the second option and click on
Browse. Then we have to click on the ISO image, which we want to install. Once
all this is done, click on “Next”.
                                RESTRICTED
                                 RESTRICTED
                                    135
                                 RESTRICTED
                                 RESTRICTED
                                      136
Step 4: After the above step is complete, a dialogue box opens. Click “Yes”.
Step 6: In the “Maximum size disk” box, enter the value of your virtual Hard
disk, which in our case is 60GB. Then click on “Next”.
                                 RESTRICTED
                                   RESTRICTED
                                      137
                                   RESTRICTED
                                 RESTRICTED
                                    138
14.6
VM Management: VM configuration
A table will be opened with the settings of networking and on the left hand side
panel of this table click on “Network Adaptor”. On the left of this table, you can
see the networking modes as shown in the following screnshots.
                                 RESTRICTED
       RESTRICTED
          139
       RESTRICTED
                                RESTRICTED
                                   140
                                RESTRICTED
                                 RESTRICTED
                                    141
                                 RESTRICTED
       RESTRICTED
          142
       RESTRICTED
                                RESTRICTED
                                     143
52. If you click on “Processors”. On the left hand side panel, we have to enter
the amount of vCPU as shown in the screenshot below.
Note: If you put more vCPU-s than what the host supports, it will fail to power on
the VM.
                                 RESTRICTED
                               RESTRICTED
                                  144
Step 1: Open the VMware managing console and right click on a VM that you
want to duplicate. Click on “Manage”.
                               RESTRICTED
                                RESTRICTED
                                   145
                                RESTRICTED
                               RESTRICTED
                                  146
                               RESTRICTED
                                 RESTRICTED
                                    147
                                 RESTRICTED
                                 RESTRICTED
                                      148
                            Fig No.14.41 : Clone VM
Step 5: Put a name for the clone that will be created and “Finish”.
                                 RESTRICTED
                                  RESTRICTED
                                     149
55. Once the cloning process is complete, the following window will open.
56. You can move virtual machines from one compute resource or storage
location to another by using cold or hot migration. For example, with vSphere
vMotion you can move powered on virtual machines away from a host to
perform maintenance, to balance loads, to collocate virtual machines that
communicate with each other, to move virtual machines apart to minimize fault
domain, to migrate to new server hardware, and so on.
57. Moving a virtual machine from one inventory folder to another folder or
resource pool in the same data center is not a form of migration. Unlike
migration, cloning a virtual machine or copying its virtual disks and configuration
file are procedures that create a new virtual machine. Cloning and copying a
virtual machine are also not forms of migration.
                                  RESTRICTED
                                 RESTRICTED
                                      150
58. By using migration, you can change the compute resource that the virtual
machine runs on. For example, you can move a virtual machine from one host
to another host or cluster. To migrate virtual machines with disks larger than 2
TB, the source and destination ESXi hosts must be version 6.0 and later.
Depending on the power state of the virtual machine that you migrate, migration
can be cold or hot.
61 Change compute resource only           Moving a virtual machine, but not its
storage, to another compute resource, such as a host, cluster, resource pool, or
vApp. You can move the virtual machine to another compute resource by using
cold or hot migration. If you change the compute resource of a powered on
virtual machine, you use vMotion.
62. Change storage only            Moving a virtual machine and its storage,
including virtual disks, configuration files, or a combination of these, to a new
datastore on the same host. You can change the datastore of a virtual machine
by using cold or hot migration. If you move a powered on virtual machine and its
storage to a new datastore, you use Storage vMotion.
                                 RESTRICTED
                                  RESTRICTED
                                        151
distributed switch, and from a distributed switch to another distributed switch.
When you move a virtual machine network between distributed switches, the
network configuration and policies that are associated with the network adapters
of the virtual machine are transferred to the target switch.
68. A common shared storage is needed and CPU checks are put into use.
Shortage time is very little. Without stoppage of OS or applications, they are
                                 RESTRICTED
                                RESTRICTED
                                    152
shifted from Virtual Machines to physical machines. The physical server is
freed for maintenance purposes and workloads (which are among physical
servers) are dynamically balanced so as to run at optimized levels. Downtime
of clients is easily avoidable.
69. Suspend first host’s Virtual Machine and then clone it across registers of
CPU and RAM and again resume some time later on second host. This
migration runs when source system is operative.
    (d)  Stage-3. Is Stop and copy where first host’s Virtual Machine is
    suspended and all remaining Virtual Machine state are synchronized on
    second host.
                                RESTRICTED
                               RESTRICTED
                                  153
                               RESTRICTED
                              RESTRICTED
                                   154
      environment the OS maintains mappings of virtual memory to machine
      memory using page tables, which is one stage mapping from virtual
      memory to machine memory
Self Test
MCQ
Q6. When the virtual machine software or virtual machine manager (VMM) or
hypervisor software is directly installed on the hardware system is known
                                      RESTRICTED
                                  RESTRICTED
                                       155
      (a) Native of Bare Metal Hypervisor (b) Hosted Hypervisor
      (c) (a) &(b)                         (d) none of the above
DTQ
                                  RESTRICTED
                                   RESTRICTED
                                      156
COMTECH/COMP/OS-III/15
                                 CHAPTER-15
                               PC AUDIT TOOLS
Objective.
             PC audit tools
             Standalone PC Audit
             Internet/Internet PC audit
15.1
PC audit tools
1.    The IW audit of IT systems in the IAF shall be undertaken as per the IAP
3903:2018 (Revised) and the latest guidelines and checklists issued by IAF
CERT on time to time to Station/Unit. These will be useful for auditee in
implementation of the relevant aspects to ensure best Information Security
practices all the time. These guidelines will be helping the auditing team to
check the important aspects to ascertain the health of the IT infrastructure and
to find out the potential risks and vulnerabilities.
3.   There are many audit tools available for auditing the PCs. In IAF, Remote
Audit Tool (RAT) is deployed and governed by CERT-IAF remotely for auditing
of the entire AFNET domain PCs, Private LAN PCs and its associated
peripheral devices.
                                   RESTRICTED
                                RESTRICTED
                                      157
checklists which enables the audit team to collect required data for the purpose
of documentation, analysis and report generation.
5.   Following category of PCs will be audited by RAT and local IT audit team
as per the instruction of IAF-CERT:
15.2
Standalone PC Audit
                                   RESTRICTED
           RESTRICTED
              158
           RESTRICTED
                                   RESTRICTED
                                      159
15.3
Intranet/internet PC audit
       (a) Air Gap violations (Network interchanged between trusted and un-
       trusted system), if any.
       (i) All windows internet machines will be logged in with a local user
       created by the SCITO/ lT administrator.
       (j)   All internet PCs must be enabled with a desktop lock out policy. Ten
       minutes of inactivity time for desktop lockout will be uniformly configured
       by the administrator.
                                   RESTRICTED
                                RESTRICTED
                                     160
     (m) Information security aspects on PCs while data interchange
      / interaction with OEM/Vendors/External agencies is to be checked.
                                 RESTRICTED
          RESTRICTED
             161
          RESTRICTED
                RESTRICTED
                   162
                RESTRICTED
                                RESTRICTED
                                    163
                            POINTS TO REMEMBER
            There are many audit tools available for auditing the PCs. In
      IAF, Remote Audit Tool (RAT) is deployed and governed by CERT-IAF
      remotely for auditing of the entire AFNET domain PCs, Private LAN
      PCs and its associated peripheral devices.
Self Test
MCQ
DTQ
                                 RESTRICTED
                                   RESTRICTED
                                      164
COMTECH/COMP/OS-III/16
                              CHAPTER-16
                           REMOTE AUDIT TOOLS
Objective.
16.1
2.   The RAT servers have been hosted inside AFNET Data Centre and can be
accessed through URL https://www.rat.iaf.in. as shown in fig.16.1(a)
                                   RESTRICTED
                                  RESTRICTED
                                     165
4.    A RAT agent resident on AFNET machines extracts the audit data from
PC. The extracted data is communicated by the agents to RAT server which
receives the data files, parses the files and maintains the received data in a
database. This singular back-end database powers the hierarchical dashboards
from Air HQ up to individual PC level. The intuitive dashboards designed for
different categories of users present the audit data in graphical form which
includes information icons, area charts, pie charts, vertical and horizontal bars.
The icons are further linked to the next lower formation (Commands & Stations)
up to the individual PC level.
5.    Various violations vis-à-vis IAP 3903:2018 and CERT audit checklist are
highlighted and relevant alerts and notifications are generated in real-time. This
software also features the generation of audit reports for pan-IAF, command
AOR and station/unit wise and individual PC in PDF format. This audit report is a
ready to use document giving list of PCs under different violation heads and can
be used by the stations for carrying out necessary remediation actions.
6.   After automatic audit of any PC and storage of its data in database, it is not
possible to tamper the data which guarantees non-repudiation of audit results.
                                  RESTRICTED
                                 RESTRICTED
                                       166
The IW health of each PC is critically examined and an IW score is assigned to
each PC. These scores are aggregated to generate overall IW scores for
stations and commands. The IW score (numerical value) reflects objective IW
health of each formation and instils a competitive spirit among formations
towards being the best IW compliant formation of IAF.
16.2
       (a) Total Audited PCs - It shows list of PCs audited by RAT in the
       Station /unit.
       (b) Good Health PCs - It will show list of PCs having all the parameters
       in excellent condition as per RAT agent as shown in fig.16.4
       (c) PCs not having VeraCrypt - It will show PCs in which Veracrypt
       software is not installed.
                                  RESTRICTED
                           RESTRICTED
                              167
(d) PCs with USB Violations - This tab will show any USB violation
pertaining to the PCs of the station/unit.
(e) PCs not installed with or malfunctioning Anti-virus - This menu will
give the information about the PCs with Antivirus installation related
issues.
(f) PCs whose Anti-virus has not been patched - It will give AV patch
related information about the PCs.
(g) PCs with Virus Intrusion history - It gives the virus intrusion history
pertaining to the PCs of station/unit.
(h) PCs having any black-listed software - This tab will give information
about the black-listed software installed in PCs with details of software.
(j) PCs whose OS has not been patched - This will provide information
about the operating system (OS) related issues with the PCs.
                           RESTRICTED
                            RESTRICTED
                                 168
     (k) PCs whose hardware has been changed - It will give information
     about the hardware changes done with the PCs in recent times in
     station/unit.
     (l) PCs whose CD/DVD drive is enabled - This will give information
     about the PCs which is having CD/DVD drive open or enabled.
     (m) PCs having Shared folder(s) - This will give information about the
     shared folders with details pertaining to the PCs of station/unit.
     (n) IW Score - This will show the overall IW score (In percentage) of the
     station/unit after taking consideration of the various fields/facts as listed by
     the RAT administrator centrally.
8.   The Remote Audit Tool has been designed with an aim of strengthening
the overall cyber security posture of IAF. Once operationalised pan-IAF, the
system will not only increase the audit coverage and frequency but also improve
                                  RESTRICTED
                                   RESTRICTED
                                         169
the overall efficacy of IW audits. It would also bring desired numerical objectivity
in audits through the integrated IW scoring system.
Note: - The RAT agent is not to be uninstalled from any AFNETPC without prior
clearance from IAF-CERT.
POINTS TO REMEMBER
      The cyber related offences would be dealt under the provisions of the
  IT Act, 2000, IT (Amendment) Act, 2008 and Air Force Act, 1950.
      All secondary storage devices will be clearly marked and labeled with
  the name of the user to which it has been issued.
                                  RESTRICTED
                              RESTRICTED
                                 170
    All ingress and egress of data will be logged and accounted for at
DAP.
                              RESTRICTED
                                 RESTRICTED
                                    171
Self Test
MCQ
DTQ
                                 RESTRICTED
                                    RESTRICTED
                                       172
COMTECH/COMP/OS-III/17
                                 CHAPTER-17
                              IAP 3903 (REVISED)
Objective.
17.1
1.   Information Technology has changed the way the Armed Forces in India
operate. The importance of information and the central role it plays in warfare is
not new. IAF is the pioneer in adopting IT revolution to achieve its operational
edge. IT infrastructure is increasingly becoming more complex and diverse. The
basic pillar of Information Security is a strong and effective security policy.
Hence, Directorate of Intelligence Air Headquarters, New Delhi has issued IAP-
3903(Revised) on 01 Nov 12 with the following objectives:-
(c) To layout the guidelines for incident response within the IAF.
                                    RESTRICTED
                                   RESTRICTED
                                        173
Court of Inquiry / Formal Investigation. Some of the guidelines for handling IT
security breach /action are as follows :-
                                 RESTRICTED
                                 RESTRICTED
                                    174
                                 RESTRICTED
                                RESTRICTED
                                      175
6.    Minor Violations.    The following breaches may be considered as Minor
Violations:-
     (c) Allowing staff members to bring own floppies / CDs / other types of
     media or software to run on computer system of the department.
     (d) Using pirated copies of software as these may contain viruses and
     even facilitate intrusions in to the system.
     (e) Downloading computer games since these could be the main carriers
     of computer viruses and unsuspecting / easy media for an intruder to break
     into your computer system.
(f) Carrying storage device outside the building without proper authority.
     (k) Violating any advisories issued from time to time on any subject
     relating to IT resources.
     Note.        Depending upon the gravity of the offence & facts and
     circumstances of the case, minor violation may also be treated as a major
     violation and appropriate Disciplinary / Administrative action is to be
     initiated in consultation with CJA / JAG (Air).
                                 RESTRICTED
                                 RESTRICTED
                                      176
       (c) Installing and using unauthorised software. (All software which are
       not cleared by DIT for code consistency, D AFNET for use on AFNET
       domain, D Ops IW for security, and D Ops IT&N for encryption shall be
       deemed as unauthorized)
17.2
       (a) All types of secondary storage devices such as floppies, CDs, DVDs,
       zip cartridges, External HDDs etc. used by a Branch / Directorate / Unit will
       be taken on charge. Secondary Storage Devices register as per format
       given at Fig 17.1 will be maintained by the respective heads of Dte /
       Branches / Units separately for each type of secondary storage device and
       quarterly checks should be undertaken.
       (b) They will be clearly marked and labeled with the name of the user to
       which it has been issued. Format for label to be applied on such storage
       devices is given at Fig 17.2
                                   RESTRICTED
                                 RESTRICTED
                                    177
     (d) Supply of blank storage devices are to be made only against written
     requisition duly signed or countersigned by the head of Branch /
     Directorate / Unit.
                                 RESTRICTED
                                 RESTRICTED
                                    178
           (i)  Serial Number of the hard disk installed in each computer will
           be noted at the time of installation in the log book of the computer.
           (iii) Before handing over a computer for repairs, the hard disk will
           be removed. Hard disk of any computer will not be handed over to
           any civilian agency for repair or replacement.
           (iv) Defective hard disk containing data will not be handed over to
           any agency under any circumstances. If the data on the disk cannot
           be removed by formatting due to defect in the disk, the same shall be
           destroyed by hammering and burning by a Board of Officers and a
           certificate to this effect produced in the log book of the computer.
                                 RESTRICTED
                        RESTRICTED
                             179
(b) Handling of External Hard Disks (External HDDs) and Removable
Disks.
                             RESTRICTED
                     RESTRICTED
                           180
(iv) All USB ports are to be disabled for mass storage devices
except selected appointments for which USB access for mass
storage devices as per IAP 3903(Revised).
(v) For stand-alone service (not Internet) PCs CD / DVD drives are
to be disabled and only USB are to be enabled for using secondary
storage devices / printers.
(vi) For all PCs on Internet CD / DVD drives with read and write
access is to be provided. All USB ports of Internet machines are to be
disabled except for use of printer / keyboard / mouse.
                      RESTRICTED
                                RESTRICTED
                                       181
          (xii) In case such a device contains any matter of classified nature, it
          will be marked with the highest security classification of the
          information contained in it.
     (a) USB enabled Photocopiers with in-built printers purchased from OCG
     / ATG are not to be connected to AFNET PCs without specific clearance
     from system administrator.
     (b) All such devices are to be cleared specifically for use by system
     administrator and approval of PD / PSO / AOC / Stn Cdr has to be
     obtained.
     (c) Since these devices could be used for pilferage of service related
     information, their usage must be regulated and controlled by the
     concerned officer.
                                 RESTRICTED
                                    RESTRICTED
                                          182
       (d) In addition, a list of all such hardware is to be maintained by Branch
       CC / Command IT / C Org / Stn IT Centre and this information will be
       passed to IAF-CERT.
17.3
15. Port Security. In order to ensure that access of network resources is not
available to unauthorised devices, strict control of network hosts need to be
done. Dte of AFNET should implement suitable mechanisms for ensuring that IP
address poison based attacks are prevented along with proper port and MAC
binding / NAP-NAC solution so that only recognized machines (PCs / Laptop
etc) may be permitted to ride the network infrastructure.
                                  RESTRICTED
                                     RESTRICTED
                                         183
       (a) Dte of AFNET shall ensure implementation and monitoring of security
       policies for all network devices.
       (b) Every network device should be updated with latest IOS / Malware
       definitions.
       (d) The CSI / CSA issued by IAF-CERT should be complied within the
       stipulated time.
17.4
19. Any security measures you take can be undermined by a password that is
easy to guess or a computer account that does not have a password. Good
                                  RESTRICTED
                                RESTRICTED
                                      184
passwords help keep your computer secure from external threats (such as
hackers) and local threats (such as a nosy roommate or officemate). Following
are guidelines for password security:
     (d) Don't use a password that is a dictionary word, is part of your name,
     or is easily associated with you.
     (h) If you use your password in public places, such as a lab or a friend's
     room, you should change your password more often.
20. Data Access Point (DAP).        To prevent loss of sensitive data as well
as entry of malware, egress of data from the network to outside environment
and ingress of data into the network from outside environment needs to be
controlled, sanitised and monitored. In a specific formation this should be
implemented through Data Access Points (DAPs).
     (b) All ingress and egress of data will be logged and accounted for at
     DAP.
                                RESTRICTED
                          RESTRICTED
                               185
(c) Any data being brought to meet service requirements from outside
environment will be through a standalone Sanitisation Station to check
for any malware.
                           RESTRICTED
                        RESTRICTED
                           186
(e) DAP required for operational needs like MET, ATC etc can be
authorised by AOC-in-C at Command level and PSOs at Air HQ level.
                        RESTRICTED
                              RESTRICTED
                                  187
                          POINTS TO REMEMBER
    The cyber related offences would be dealt under the provisions of the
IT Act, 2000, IT (Amendment) Act, 2008 and Air Force Act, 1950.
    All secondary storage devices will be clearly marked and labeled with
the name of the user to which it has been issued.
                                RESTRICTED
                                   RESTRICTED
                                         188
      Serial Number of the hard disk installed in each computer will be
  noted at the time of installation in the log book of the computer.
      All ingress and egress of data will be logged and accounted for at
  DAP.
Self Test
MCQ
DTQ
                                 RESTRICTED
                              RESTRICTED
                                  189
Q3. Define Focused and Surprise audit?
                              RESTRICTED
                               RESTRICTED
                                  190
COMTECH/COMP/OS-III/18
                              CHAPTER-18
                               REVISION)
Objective.
                               RESTRICTED
                                   RESTRICTED
                                      191
Global Keyboard Shortcuts:
    Windows key +Space bar operate as a keyboard shortcut for Aero Peek.
    Windows key + Up maximizes the current window.
    Windows key + Down if current window is maximized restores it;
otherwise minimizes current window.
    Windows key + Shift + Up makes upper and lower edge of current
window nearly touch the upper and lower edge of the Windows desktop
environment, respectively.
    Windows key + Shift + Down restores original size of the current window
prior to using Windows key + Shift + Up.
    Windows key + Left snaps the current window to the left edge of the
screen.
    Windows key + Right snaps the current window to the right half of the
screen.
    Windows key + Shift + Left and Windows key + Shift + Right move the
current window to the left or right display.
    Windows key + + (plus sign) functions as zoom in command wherever
applicable.
    Windows key + − (minus sign) functions as zoom out command wherever
applicable.
    Windows key + ESC (Escape key) turn off zoom once enabled.
    Windows key + Home operates as a keyboard shortcut for Aero Shake.
                                   RESTRICTED
                        RESTRICTED
                             192
        Keyboard Shorcuts in Windows Operating System
                            RESTRICTED
                              RESTRICTED
                                   193
Copy screenshot of window to
                                       Alt+Print Screen
clipboard
Delete char to the right of cursor     Del or Fn+← Backspace |Del
Delete word to the right of cursor     Ctrl+Del
Delete word to the left of cursor      Ctrl+← Backspace
Go to start of line                    Home
Go to end of line                      End
Go to start of document                Ctrl + Home
Go to end of document                  Ctrl + End
Go to previous word                    Ctrl+←
Go to next word                        Ctrl+→
Go to previous line                    ↑
Go to next line                        ↓
Go to previous line break              Ctrl+↑
Go to next line break                  Ctrl+↓
Go to find                             Ctrl+F
Go to next search result               F3
Go to previous search result           ⇧ Shift+F3
Search and replace                     Ctrl+H
                          RESTRICTED
                  RESTRICTED
                     194
         COMMON COMPUTER ABBREVIATIONS
                       RESTRICTED
                       RESTRICTED
                          195
HDD     Hard Disk Drive
HDA     Hard Disk Assembly
ASCII   American Standard Code for Information Interchange
IRDA    Infra Red Data Association
CRT     Cathode Ray Tube
LCD     Liquid Crystal Display
TFT     Thin Film Transistor
RGB     Red Green Blue
DMP     Dot Matrix Printer
        Light Amplification by Stimulated Emission and
LASER
        Radiation
POST    Power On Self test
SIMM    Single Inline Memory Module
DIMM    Dual Inline Memory Module
AGP     Accelerated Graphic Port
HCL     Hardware Compatibility List
CALs    Client Access Licenses
DHCP    Domain Host Control Protocol
APIPA   Automatic Private IP addressing
DMA     Dynamic Memory Access
SID     Security ID
RISC    Reduced Instruction Set Computing
MAC     Media Access Control
SMTP    Simple Mail Transfer Protocol
RSCS    Remote Spooling Communication System
FDDI    Fibre Distributive Data Interface
                       RESTRICTED
                               RESTRICTED
                                  196
NOTES
RESTRICTED