* ADPrep /forestprep on the schema master in your Windows 2000 forest.
* ADPrep /domainprep on the Infrastructure Master in each AD domain.
ADPrep is located in the i386 directory of the Windows Server 2003 install media.
-NTDSUTIL - Admin restore Mode PW change
-Schema Master 1 per forest Controls updates to the Schema
-Domain Naming Master 1 per forest Controls the addition and removal of domains from the forest
-PDC Emulator 1 per domain Provides backwards compatibility for NT4 clients for PDC operations (like password changes). The -PDCe also runs domain specific processes such as the Security Descriptor Propagator (SDPROP), and is the master time server within the domain.
-RID Master 1 per domain Allocates pools of unique identifier to domain controllers for use when creating objects
-Infrastructure Master 1 per domain Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global catalog server (unless all DCs are also GCs.)
- Trusts in Windows 2000 (native mode)
* One way trust - When one domain allows access to users on another domain, but the other domain does not allow access to users on the first domain.
* Two way trust - When two domains allow access to users on the other domain.
* Trusting domain - The domain that allows access to users ffrom a trusted domain.
* Trusted domain - The domain that is trusted; whose users have access to the trusting domain.
* Transitive trust - A trust that can extend beyond two domaiins to other trusted domains in the tree.
* Intransitive trust - A one way trust that does not extend beyond two domains.
* Explicit trust - A trust that an admin creates. It is not transitive and is one way only.
* Cross link trust - An explicit trust between domains in diffferent trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains.
Windows 2000 - supports the following types of trusts:
* Two way transitive trusts.
* One way non transitive trusts.
Windows 2003 offers a new trust type - the forest root trust. This type of trust can be used to connect Windows 2003 forests if they are operating at the 2003 forest functional level. Authentication across this type of trust is Kerberos based (as opposed to NTLM). Forest trusts are also transitive for all the domains in the forests that are trusted.
-2000 Parent Child / delegation and use of root hints...
-DNS stub zones and conditional forwarding (Iteritive Client Queries vs. Recursive Queries in Standard DNS)
- GOOD Disjointed name spaces... (Parent - Parent vs Parent - Child)
- DANGER - Still req. delgation - TX if child moves w/o parent delegation = no resolution
- Not a good idea where simple delegation is adequate...
- Less Hops / traffic
- Stub: SOA Authoritive servers, TTL, NS -> which is auth, A (GLUE) records for auth server
- R/O, changes in Pri zone , DNS zone
-Automated System Recovery
VMWare ESX or GSX
-VIX, Samples, Start / power VM, suspend, snapshot
-Ver - v1.03
-Virtual drives / Physical drives
-cron - daemon
-chown - ch file owner / group
This is the most widely used class by small businesses. When you look at the IP address, you'll notice that class C networks start with a first number that's between 192 and 223 (205.161.74.x for example). There can be up to 2,097,151 class C networks and each network can handle close to 254 computers.
IP addresses of this type starts with a number between 128 and 191. It's possible to have 16,384 of these networks and each class B network can handle up to 65,534 IP addresses or computers.
Starts with a number between 1 and 126. Only 126 of these networks are available, however each class A network can handle 16,777,214 IP addresses or computers.
-Routing and protocols (OSI Model)
7 Application ECHO, ENRP, FTP, Gopher, HTTP, NFS, RTSP, SIP, SMTP, SNMP, SSH, Telnet, Whois, XMPP
6 Presentation XDR, ASN.1, SMB, AFP, NCP
5 Session ASAP, TLS, SSL, ISO 8327 / CCITT X.225, RPC, NetBIOS, ASP
4 Transport TCP, UDP, RTP, SCTP, SPX, ATP, IL
3 Network IP, ICMP, IGMP, IPX, OSPF, RIP, IGRP, EIGRP, ARP, RARP, X.25
2 Data Link Ethernet, Token ring, HDLC, Frame relay, ISDN, ATM, 802.11 WiFi, FDDI, PPP
1 Physical 10BASE-T, 100BASE-T, 1000BASE-T, SONET/SDH, G.709, T-carrier/E-carrier, various 802.11 physical layers
-NAT / routing
-IPv6 - is a network layer protocol for packet-switched internetworks. It is designated as the successor of IPv4,
Firewall & VPN concepts
-DMZ - single , dbls fw DMZ - Dual Homed - Pri / Pub nets
-Commands / CMD line Iface
-Virtual nets - Virtual routing / forwarding
IEEE standard 802.1q defines how a single LAN is divided into multiple virtual LANs (VLANs). IEEE 802.1p is used in conjunction with 802.1q. It specifies eight priority levels for traffic. Administrators assign traffic to appropriate priority levels to provide adequate bandwidth for each application.
But VLANs are a Layer 2 technology. Techniques to extend a Layer 2 network across a wide area do exist, but a VLAN is a broadcast domain. The effective throughput of a broadcast domain will decrease as it is loaded with too many nodes and too much traffic. A large VLAN must be divided into segments using Layer 3 routing protocols in order to remain manageable
-VPN - VLAN / WAN
CE - Cust Edge
PE - Provider Edge
P - Provider Device - internal
A virtual private network (VPN) is a communications network tunneled through another network, and dedicated for a specific network. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption. VPNs, for example, can be used to separate out the traffic of different user communities over an underlying network with strong security features.
A VPN may have best-effort performance, or may have a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider. Generally, a VPN has a topology more complex than point-to-point. The distinguishing characteristic of VPNs are not security or performance, but that they overlay other network(s) to provide a certain functionality that is meaningful to a user community.
PPVPNs, however, need to support the coexistence of multiple VPNs, hidden from one another, but operated by the same service provider.
# IPsec (IP security) - commonly used over IPv4, and an obligatory part of IPv6.
# SSL/TLS used either for tunneling the entire network stack, as in the OpenVPN project, or for securing what is, essentially, a web proxy. SSL is a framework more often associated with e-commerce, but it has been built-upon by vendors like Aventail and Juniper to provide remote access VPN capabilities. A major practical advantage of an SSL-based VPN is that it can be accessed from any public wireless access point that allows access to SSL-based e-commerce websites, whereas other VPN protocols may not work from such public access points.
# OpenVPN, an open standard VPN. Clients and servers are available for all major operating systems.
# L2TPv3 (Layer 2 Tunneling Protocol version 3), a new release.
# VPN Quarantine The client machine at the end of a VPN could be a threat and a source of attack; this has no connection with VPN design and is usually left to system administration efforts. There are solutions that provide VPN Quarantine services which run end point checks on the remote client while the client is kept in a quarantine zone until healthy. Microsoft ISA Server 2004/2006 together with VPN-Q 2006 from Winfrasoft or an application called QSS (Quarantine Security Suite) provide this functionality.
-VPN to VPN coonections
IBM xSeries x445/x345
- HP Proliant DL, , ML, BL(blades)
- Dell, Power Edge
Server Hardware / Architecture
-Back Plane (MEM / CPUs)
SAN knowledge - SCSI FCP mapping standard
-SP - Storage PRocessor.
-FC SATA (Archive), FC SCSI (current)
-cloning,” “Business Continuance Volumes” (BCV) and “snapshotting (delta block updates)- Realtime rep of LUN (logical Unit Number - virt HDD)
-Single LUN , initiator / server -- Multi Lun / I/o issues?
-Multi server boot LUN ID.
-Fibre Chan array / Controllers
-Brocade SAN switches, M4700, 4900 Fibre Chan, 5000 - Application Resource Manager - automatically provisions servers to boot off a SAN
-EMC CX3 / Ax - Navisphere Mgt Console.
-DELL Power Vault
IBM Http Server Edge Server, Websphere (discont)