- IT Organizational Structure
- Evaluating Hardware Acquisition, Installation, and Maintenance
- Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance
- Evaluating Network Infrastructure Acquisition, Installation, and Maintenance
- The TCP/IP Protocol Suite
- Routers
- Internet, Intranet, and Extranet
- Evaluating IS Operational Practices
- Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques
- Exam Prep Questions
Evaluating Network Infrastructure Acquisition, Installation, and Maintenance
The IT organization should have both long- and short-term plans that address maintenance, monitoring, and migration to new software. During the acquisition process, the IT organization needs to map software acquisitions to the organization's strategic plan and ensure that the software meets documented compatibility standards. The IT organization needs to understand copyright laws that apply to the software and must create policies and procedures that guard against unauthorized use or copying of the software without proper approval or licensing agreements. It must maintain a list of all software used in the organization, along with licensing agreements/ certificates and support agreements. The IT organization might implement centralized control and automated distribution of software, as well as scan user workstations to ensure adherence to licensing agreements. The following are some key risk indicators related to software acquisition:
-
Software acquisitions are not mapped to the strategic plan.
-
No documented policies are aimed at guiding software acquisitions.
-
No process exists for comparing the "develop vs. purchase" option.
-
No one is assigned responsibility for the acquisition process.
-
Affected parties are not involved with assessing requirements and needs.
-
There is insufficient knowledge of software alternatives.
-
Security features and internal controls are not assessed.
-
Benchmarking and performance tests are not carried out.
-
Integration and scalability issues are not taken into account.
-
Total cost of ownership is not fully considered.
Understanding Network Components Functionality
The IT infrastructure communication is facilitated by integrated network components. These devices, software, and protocols work together to pass electrical transmissions between systems through analog, digital, or wireless transmission types. It is important to understand the devices and standards involved with networking and telecommunications because they are the most complex part of the information architecture. As you read through this section, keep in mind that we are combining network devices, access media, and networking protocols/standards and how they are used in the network infrastructure. A good starting point for gaining this knowledge is to first understand how computers and other network devices communicate. Understanding communication is key to realizing how devices interoperate to provide network services.
In networking, network standards and protocols facilitate the creation of an integrated environment of application and services communication. For organizations to create these environments and provide centralized troubleshooting, organizations have created reference models for network architectures. Three external organizations develop standards and specifications for protocols used in communications:
-
The International Organization for Standardization (ISO)
-
The American Institution of Electrical and Electronic Engineers (IEEE)
-
The International Telecommunications UnionTelecommunications Sector (ITU-T), formerly the International Telegraph and Telephone Consultative Committee (CCITT)
The ISO developed the Open Systems Interconnect (OSI) model in the early 1980s as a proof-of-concept model that all vendors could use to ensure that their products could communicate and interact. The OSI model was not used as directly as a standard, but it gained acceptance as a framework that a majority of applications and protocols adhere to. The OSI model contains seven layers, each with specific functions. Each layer has its own responsibilities with regard to tasks, processes, and services. The separation of functionality of the layers ensures that the solutions offered by one layer can be updated without affecting the other layers. The goal of the OSI model is to provide the framework for an open network architecture in which no one vendor owns the model, but all vendors can use the model to integrate their technologies. The Transmission Control Protocol/Internet Protocol (TCP/IP) is discussed later in this chapter, but it is important to note that TCP/IP was developed and used for many years before the introduction of the OSI model.
The OSI reference model breaks down the complexities of network communication into seven basic layers of functionality and services. To best illustrate how these seven layers work, we can relate how computers communicate to how humans communicate. The following paragraphs describe how a software application’s thought, or data payload, is transferred and prepared for communication by the operating system’s communications services. When this is accomplished, we will then look at how the data payload is transported, addressed, and converted from a logical thought into physical signals that can travel across cables or wireless transmissions.
Step 1: Having and Managing a Thought (Data Encapsulation)
As people, we have learned that it is always wise to think before speaking. In other words, we actually need to formulate a thought to communicate (data payload), format the presentation of the thought for the destination, and manage the thought appropriately. For example, sometimes you might be trying to communicate a complex idea to another person, and you find the need to enhance your normal verbal communication with written diagrams or even hand gestures. These types of efforts might not contain new information in and of themselves, but they are used to facilitate the communication of an idea when words alone fail. Computers and other networking devices sometimes need to use such extracurricular thought management as well. So the first step in communicating a data payload between one computer and another is to pass an application’s thought to the networking services for further manipulation and management. Within the OSI reference model for networking architecture, these processes are handled within Layers 5, 6, and 7. Table 3.2 looks at each of these layers more closely.
Table 3.2 Open Systems Interconnect (OSI) Model
OSI Layer |
Purpose |
Telecommunication Protocol Examples |
Protocol Data Unit |
7 (Application) |
This is the networking layer that interfaces with applications and operating systems. This is where the user (through an application or operating system activity) first passes off information to networking services for telecommunication. |
HTTP, Telnet, SMTP, DNS, SNMP |
Data |
6 (Presentation) |
The data might require special formatting techniques, including (but not limited to) preparation according to special presentation protocols for picture and sound, compression, or even encryption. |
ASCII, JPG, GIF, MIDI |
|
5 (Session) |
Communicating the data might be a special device- to-device bond, or session, for cooperative multidevice communication efforts, for example. |
NetBIOS, RPC, SQL |
|
Using OSI Layers 7–5 Within the Data PDU
As a user, you will first interface with networking communications by using a network-enabled application. A network-enabled application is capable of utilizing network protocols to send and receive data. Let’s take a look at using your web browser to request and view data from an Internet web server. To view a web page, you must enter a URL web address such as http://www.certifiedtechtrainers.com. This simple process tells your web browser to use the Hypertext Transfer Protocol (HTTP) to contact a web server at www.certifiedtechtrainers.com. Neither you nor the browser needs to encapsulate your request for transport, to encapsulate the request with a formal IP address, or even to encapsulate the request appropriately to traverse your connected networking medium, such as an Ethernet cable. HTTP is a management protocol that invokes and coordinates the services of other networking protocols as necessary. That’s why HTTP is said to be an OSI Layer 7 protocol, or application-layer protocol. HTTP itself is not an application, but it is the protocol used to interface a desktop application such as a web browser with other necessary communication protocols.
When you enter the URL http://www.certifiedtechtrainers.com into your browser, you unknowingly invoked another application-layer protocol called Domain Name Service (DNS). If we agreed to meet at Certified Tech Trainers office, you would need to know the actual street address of the location, right? Likewise, the www.certifiedtechtrainers.com name maps to an actual IP address designated to the web server you intend the HTTP request to be sent to. DNS queries a DNS server to find out the IP address of www.certifiedtechtrainers.com so it can somewhat transparently reformat your request from http://www.certifiedtechtrainers.com to http://24.227.60.114. As you can see, these application-layer protocols are more focused on communication management than on actual request transmission. However, there is still more data management necessary. The default web page you are requesting likely has pictures or sounds. HTTP does not know how to present formatted graphics. Rather, the .gif and .jpg picture protocols operate at OSI Layer 6, the presentation layer, to handle the presentation of some common picture formats found on web pages. At some point, you might submit a request for securely encrypted communication by using https:// instead of http:// in your requested URL (this is often done without the user’s awareness because requests for such a secure connection are often invoked via a link). By doing so, the browser makes a special request to have the HTTP request encrypted with the Secure Sockets Layer (SSL) encryption protocol. In conjunction with HTTP, SSL operates at OSI Layer 5, or the session layer.
At this point, the top three layers—application, presentation, and session—have been used in managing the request for data. This all occurs before consideration of how to transport or logically address the actual packets that need to be transmitted. Looking at all the activity just described, it would make sense that the data itself (data payload) and all the ancillary HTTP, HTTPS, JPG, GIF, and SSL communication could be considered the "thought" we desire to transmit. The technical term for this networking "thought" is the protocol data unit (PDU), known as data. You now understand how a computer needs to think before it speaks, just as you do.
Using OSI Layer 4 Within the Segment PDU
Now that we have a nicely managed data PDU, we need to package the communication appropriately for transport. As an application-layer protocol, HTTP does not transport the data itself. Rather, it manages transferring the data using other protocols to do so. The data PDU can now be encapsulated into a segment for transport using an OSI Layer 4 protocol such as the Transmission Control Protocol (TCP).
Just as you must break your thought into sentences and words for transport via your mouth or hands, the computer must encapsulate segments of the data PDU for transmission as well. TCP is a nifty OSI Layer 4 (transport-layer) networking protocol that is especially adept at this task. Not only does it segment the communication, but it does so in a methodical way that allows the receiving host to rebuild the data easily by attaching sequence numbers to its TCP segments. This sequencing information, along with other special TCP transport management communications, is provided in a TCP header within each data segment TCP encapsulates. Other transport-management communications provided by TCP include implementation of confirmation services for ensuring that all segments reach the intended recipient. When you want to be sure a letter is successfully delivered by the postal service, you might pay the additional cost for requiring a return receipt to be delivered to you upon successful delivery of the letter. If you never receive your return receipt, you could mail another copy of the letter and wait for a second confirmation. Without going into technical specifics, TCP can implement a similar system to ensure reliable transport. However, if you do not have the money or time to arrange for a return receipt for your letter, you might opt to forgo the assurance that the return receipt provides and send it via regular post, which guarantees only best effort, or unreliable delivery.
The technical parallel is to encapsulate the data PDU using the User Datagram Protocol (UDP) at the OSI transport layer instead of TCP. UDP does not implement a system of successful transmission confirmation, and is known as unreliable transport, providing best-effort delivery. The data PDU itself is unchanged either way because it is merely encapsulated by a transport protocol for transmission.
OSI Layer |
Purpose |
Telecommunication Protocol Examples |
Protocol Data Unit |
4 (Transport) |
Provides for reliable or unreliable delivery. Transport protocols can provide for transmission error detection and correction services. |
TCP, UDP |
Segment |
Using OSI Layer 3 Within the Packet PDU
We now have a data PDU that has been encapsulated within a segment PDU for transport. However, the segment has no addressing information necessary for determining the best path to the intended recipient. By using an OSI Layer 3, or network-layer, protocol such as Internet Protocol (IP), we can encapsulate the segment into a packet with a logical destination address. In the previous example, the segment needs an IP packet header designating 24.227.60.114 as the logical destination address. IP is a network address protocol especially designed for this purpose because it implements a hierarchical addressing scheme.
Imagine if your computer supported listing filenames but did not support a logical directory structure. You could locate files with no problem, as long as not too many files existed on your hard drive. When you have a great number of files, however, you want to be able to logically organize your files into a directory structure to allow you to quickly and easily navigate to your intended file. In a similar fashion, IP supports network and subnetwork groupings of host addresses, which facilitates logical path determination. This is especially important in a large network with many hosts. For example, a router operates as a network segment junction, or gateway, at OSI Layer 3 using IP and IP routing tables to determine optimal paths for packet forwarding. By using IP’s hierarchical addressing, routers can determine which remote routing gateways connect to which remote network or subnetwork host groups. If the network is so small that network groupings of hosts are not necessary, the computers and network devices might not utilize IP at the network layer because doing so would add unnecessary performance overhead, or cost.
OSI Layer |
Purpose |
Telecommunication Protocol Examples |
Protocol Data Unit |
3 (Network) |
Protocols at this layer provide logical addressing and facilitate path determination. |
IP, IPSec, ICMP, RIP, OSPF |
Packet |
Using OSI Layer 2 Within the Frame PDU
The HTTP data PDU has now been encapsulated within the segment PDU by TCP for transport, and then re-encapsulated within the packet PDU by IP providing an IP address header. Remember that the IP packet can be stripped and rebuilt without affecting the TCP segment, which is a benefit of data encapsulation. At this point, we need to re-encapsulate the IP packet into a vehicle that is appropriate for the connected physical medium.
We are now encountering the great transformation of logical processes into physical signals. Just think of it—when you are able to encapsulate your own thoughts into segments with words and sentences, and then address your thoughts by adding your friend’s name to the front, a miracle occurs when you are able to transform the logical thoughts and processes into physical vibrations and sound waves that can traverse the air (your connected communication medium). The computer’s data needs to make this leap, too. It re-encapsulates the IP packet into a frame that is appropriate for the transmission medium. If Ethernet is being used for the local area network, the IP packet is encapsulated within an Ethernet frame. If the IP packet needs to traverse a point-to-point link to the Internet service provider (via your point-to-point dial-up connection), the packet is encapsulated using PPP. These protocols are used to link the logical data processes with the physical transmission medium. Appropriately, this occurs at OSI Layer 2, or the data link layer.
Why does OSI need a data link layer? It needs a separate encapsulation step because physical media can change along a network path. As an Ethernet frame arrives on one side of a routing gateway, it might need to leave the other using PPP. Because you can strip and rebuild a frame without affecting the packet, segment, or data PDUs inside, frame conversion is entirely possible. This is analogous to taking a trip with an airplane. You and your luggage are the data payload. The car you drive to the airport is an appropriate frame type; your locally connected medium is the streets. When you reach the airport, which serves as a junction gateway between land and air travel, you and your luggage are re-encapsulated from your car into a plane because the plane is the appropriate frame type for traveling in air as opposed to traveling on the roads.
Frame headers provide actual physical addressing information as well. Knowing the logical street address of Certified Tech Trainers is helpful to get to the proper city or neighborhood to meet with CTT. Street addresses can change, however, even if the physical geographic latitude and longitude have not. The data link layer manages a flat network address scheme of Media Access Control (MAC) addresses for physical network interface connections. Whereas IP addressing and routes help the packet get to the near proximity of the intended host, MAC addresses are used by the connected network interfaces to know which frames to receive and process, and which frames are intended for other network interfaces.
OSI Layer |
Purpose |
Telecommunication Protocol Examples |
Protocol Data Unit |
2 (Data Link) |
Protocols at this layer provide access to media (network interface cards, for example) using MAC addresses. They can sometimes also provide transmission error detection, but they cannot provide error correction. |
802.3/802.2, HDLC, PPP, Frame Relay |
Frame |
Using OSI Layer 1 Within the Bits PDU
We have already processed four of the five steps of data encapsulation. Data has been encapsulated into TCP segments at the OSI transport layer. It was re-encapsulated with IP at the OSI network layer and was then further encapsulated with an Ethernet frame at the OSI data link layer. The last step before transmission is to break the frame into electromagnetic digital signals at the OSI physical layer, which communicates bits over the connected physical medium. These bits are received at the destination host, which can reconstruct the bits into Ethernet frames and decapsulate the frames back to IP packets. The destination host then can decapsulate the IP packets back to TCP segments, which are then decapsulated and put back together to form data. The data can then be processed by OSI application-, presentation-, and session-layer protocols to make the data available to the destination user or user applications.
Table 3.3 describes the seven OSI layers.
Table 3.3 OSI Reference Model and Data Encapsulation
OSI Layer |
Purpose |
Protocol Examples |
PDU |
7 (Application) |
This is the networking layer that interfaces with applications and operating systems. This is where the user (through an application or operating system activity) first passes off information to networking services for telecommunication. |
HTTP, Telnet, SMTP, DNS, SNMP |
Data |
6 (Presentation) |
The data might require special formatting techniques, including (but not limited to) preparation according to special presentation protocols for picture and sound, compression, or even encryption. |
ASCII, JPG, GIF, MIDI |
|
5 (Session) |
Communicating the data might a |
special device-to-device bond, or session, for cooperative multi- device communication efforts, for example.NetBIOS, RPC, SQL |
|
4 (Transport) |
This layer provides for reliable or unreliable delivery. Transport protocols can provide for transmission error detection and correction services. |
TCP, UDP |
Segment |
2 (Data Link) |
Protocols at this layer provide access to media (network interface cards, for example) using MAC addresses. They can sometimes also provide transmission error detection, but they cannot provide error correction. |
802.3/802.2, HDLC, PPP, Frame Relay |
Frame |
1 (Physical) |
The purpose of hardware at this level is to move bits between devices. Specifications for voltage, wire speed, and pin-out cables are provided at this layer. |
Network cabling, wireless transmissions, microwave transmissions |
Bits |
Networking Concepts and Devices
Now that we have a better comprehension of network architecture according to the OSI reference model, we have the foundation necessary for discussing various networking concepts, issues, and devices.
A variety of network types are common to most organizations, and are discussed in the following sections.
Local Area Networks (LANs)
Local Area Networks are private or nonpublic packet-based switched networks contained within a limited area providing services within a particular organization or group. Services can include file/print sharing, email, and communications. This structure is similar to a gated community or industrial complex, in that the network of roads is designed to be used primarily by internal residents or employees.
In developing the network architecture, the organization must assess cost, speed, flexibility, and reliability. The IT organization should review what physical media will be used for physically transmitting the data, as well as what methods will be available to access the physical network medium. Additionally, the organization must decide on the topology (physical arrangement) and the network components to be used in that topology.
LANs were originally designed to connect users so they could exchange or share data. The devices and software associated with the transmission of data were originally designed to connect devices that were no more than 3,200 feet (1,000m) apart, but these distances can be extended by special devices and software. If the distance between network devices exceeds the recommended length, the signal will attenuate and cause communication problems. Attenuation is the weakening or degradation of signals during transmission. In addition to attenuation, signals can incur electromagnetic interference (EMI), which is caused by electromagnetic waves created by other devices in the same area as the network cabling.
LANs transmit packets to one or more nodes (computing devices) on the network and include the following types of transmissions:
-
UnicastA sending station transmits single packets to a receiving station.
-
MulticastA sending station sends a single packet to a specific number of receiving stations.
-
BroadcastA sending station sends a single packet to all stations on the network.
Generally, the first step in the development of the network architecture is to define the physical media over which network communications (transmissions) will occur. The physical media specifications are contained at the physical layer within the OSI model (see Table 3.3).
Table 3.3 Physical Layer, OSI Model
Type |
Use |
Physical Standards |
Access Standards |
Copper: twisted pair(Category 3 and 5) |
Short distances (less than 200 feet) Supports voice/data |
Ethernet 10Base-T (10Mbps) Ethernet 100Base-T(100Mbps) 10Base-TX (100Mbps) 100Base-T4 (100Mbps1000Base-T (1000Mbps) |
IEEE 802.3/802.3u/802.3z Ethernet/Gigabit (Ethernet/Fast) Ethernet CSMA/CD) IEEE 802.5 (Token Ring) |
Coaxial cable |
Supports voice/data |
10Base5 (thick coax 10Mbps) 10Base2 (thin coax10Mbps) |
IEEE 802.3 |
Fiber optic |
Long distances Supports voice/data |
10Base-F (10Mbps) 100Base-FX (100Mbps) 1000Base-LX (1000Mbps) 1000Base-CX (1000Mbps) |
IEEE 802.3/802.3ae/802.3z (Ethernet/Fast Ethernet/Gigabit Ethernet CSMA/CD) IEEE 802.5 (Token Ring) |
Wireless |
Short distances Supports voice/data |
|
802.11 (wireless) 802.11b (2.4GHz–11Mbps) 802.11a (5GHz–54Mbps) 802.11g (2.4GHz–54Mbps) |
Physical standards dictate both the speed and the reliability of the network. In networking, this is called the media access technology. The IT organization might determine that because all the users and network devices are contained in one physical location (for example, one building), and a majority of the traffic that will be transmitted on the network is voice and data, it will use Ethernet 100Base-T. Ethernet allows multiple devices to communicate on the same network and usually uses a bus or star topology. In the case of 100Base-T, packets are transmitted at 100Mbps.
Ethernet is known as a contention-based network topology. This means that, in an Ethernet network, all devices contend with each other to use the same media (cable). As a result, frames transmitted by one device can potentially collide with frames transmitted by another. Fortunately, the Ethernet standard dictates how computers deal with communications, transmission controls, collisions, and transmission integrity.
Here are some important definitions to help you understand issues common to Ethernet:
-
CollisionsResult when two or more stations try to transmit at the same time
-
Collision domainA group of devices connected to the same physical media so that if two devices access the media at the same time, a collision of the transmissions can occur
-
Broadcast domainA group of devices that receive one another's broadcast messages
How Ethernet Deals with Collisions
As a contention-based topology, Ethernet accepts that collisions will occur and has provided two mechanisms to ensure transmission and data integrity. CSMA/CD is a method by which devices on the network can detect collisions and retransmit. When the collision is detected, the source station stops sending the original transmission and sends a signal to all stations that a collision has occurred on the network. All stations then execute what is known as a random collision back-off timer, which delays all transmission on the network, allowing the original sending station to retransmit.
CSMA/CA is a method by which a sending station lets all the stations on the network know that it intends to transmit data. This intent signal lets all other devices know that they should not transmit because there could be a collision, thereby affecting collision avoidance.
As you have learned, collisions are common to an Ethernet network. However, network architecture can be optimized to keep collisions to a minimum. All computers on the same physical network segment are considered to be in the same collision domain because they are competing for the same shared media. High levels of collisions can result from high traffic congestion due to many devices competing on the same network segment. One way to address collision domains and alleviate excessive collisions is to decrease the size of the collision domain (number of competing network devices) by using bridges, switches, or routers (discussed later in the chapter) to segment the network with additional collision domains. As stated earlier, there are unicast, multicast, and broadcast packets that are transmitted on the network. If two networks are separated by a bridge, broadcast traffic, but not collision traffic, is allowed to pass. This reduces the size of the collision domain. Routers are used to segment both collision and broadcast domains by directing traffic and working at Layer 3 of the OSI model.
A separate media-access technology known as token passing can be implemented in place of Ethernet as part of a network architecture. In token passing, a control frame is passed along the network cabling from device to device; all transmissions are made via the token. When a device needs to send network traffic, it waits for the token to arrive and grants it the right to communicate. The token then takes the data, including the routing information (receiving station[s]) and continues from computer to computer. Each computer on the network checks the token’s routing information to see if it is the destination station. When the destination station receives its data, it sets a bit in the token to let the sending station know that it received the data. Token-passing methods are used by both Token Ring and FDDI networks. Token-passing networks do not have collisions because only one station at a time can transmit data.
Network Topologies
We have discussed media-access technologies, but you might be asking how these are actually implemented in a network architecture. The connectivity of the network cabling and devices is known as the topology. Network topologies fall into the following categories: bus, star, or ring.
Bus Topology
The bus topology is primarily used in smaller networks where all devices are connected to a single communication line and all transmissions are received by all devices. This topology requires the minimum amount of cable to connect devices. A repeater can be used to "boost" the signal and extend the bus configuration. A standard bus configuration can encounter performance problems if there is heavy network traffic or a large number of collisions. In addition, each connection to the bus network weakens the electrical signal on the cable. Cable breaks can cause the entire network to stop functioning. Figure 3.2 depicts a bus topology.
Figure 3.2 Bus topology.
Star Topology
In a star topology, each device (node) is linked to a hub or switch, which provides the link between communicating stations. This topology is commonly used in networks today because it provides the capability to add new devices and easily remove old ones. In designing the network, the IT organization needs to ensure that the hubs/switches used will provide enough throughput (speed) for the devices communicating on the network. In contrast to a bus topology, a star topology enables devices to communicate even if a device is not working or is no longer connected to the network. Generally, star networks are more costly because they use significantly more cable and hubs/switches. If the IT organization has not planned correctly, a single failure of a hub/switch can render all stations connected incapable of communicating with the network. To overcome this risk, IT organizations should create a complete or partial mesh configuration, which creates redundant interconnections between network nodes. Figure 3.3 depicts a star topology.
Providing network path redundancy is the best countermeasure or control for potential network device failures. A mesh network topology provides a point-to-point link with every network host. If each host is configured to route and forward communication, this topology provides the greatest redundancy of routes and the greatest network fault tolerance.
Figure 3.3 Star topology.
Ring Topology
A ring configuration is generally used in a Token Ring or FDDI network where all stations are connected to form a closed loop. The stations do not connect to a central device and depend on one another for communications. A ring topology generally provides high performance, but a single device or station can stop the network devices from communicating. In a Token Ring network, a failure might occur when one or more stations start beaconing. In beaconing, a message is passed to the devices on the network that a device is failing. This allows the remaining devices to automatically reconfigure the network, to continue communicating. Figure 3.4 shows a ring topology.
As an IS auditor, you will look at the network topology and protocols to determine whether they meet the needs of the organization. The IT organization should monitor performance on the LAN to ensure that it is segmented properly (reducing collision/broadcast domains) and that the bandwidth (10/100/1000Mbps) is sufficient for access to network services. The network should be designed in such a manner that device failures do not bring down the network or cause long delays in network communication (redundancy and disaster recovery). IT management should have a configuration-management plan and procedures in place, to establish how the network will function both internally and externally. This includes performance monitoring.
Figure 3.4 Ring topology.
Wide Area Networks (WANs)
WANs provide connectivity for LANs that are geographically dispersed by providing network connectivity and services across large distances. WANs are similar to the series of interstates (highways) that can be accessed within individual states and are used to cross state boundaries.
The devices and protocols used in WAN communications most commonly work at the physical (Layer 1), data link (Layer 2), and network (Layer 3) layers of the OSI reference model. Communication on WAN links can be either simplex (one-way), half-duplex (one way at a time), or full duplex (separate circuits for communicating both ways at the same time). WAN circuits are usually network communication lines that an organization leases from a telecommunications provider; they can be switched or dedicated circuits. As an example, WAN connectivity could involve an organization with a headquarters in one state (say, Virginia) and smaller satellite offices in other states. The headquarters office could have all servers and their associated services in Virginia (email, file sharing, and so on). One way to enable communication with the satellite offices would be to install a WAN circuit. As with LANs, the WAN circuits utilize standard protocols to transmit messages. WAN can use message switching, packet switching, or circuit switching, or can utilize WAN dial-up services through Integrated Services Digital Network (ISDN) or the Public Switched Telephone Network (PSTN).
Virtual private networking (VPN) enables remote users, business partners, and home users to access the organization’s network securely using encrypted packets sent via virtual connections. Encryption involves transforming data into a form that is unreadable by anyone without a secret decryption key. It ensures confidentiality by keeping the information hidden from anyone for whom it was not intended. Organizations use VPNs to allow external business partners to access an extranet or intranet. The advantage of VPNs is that they can use low-cost public networks (Internet) to transmit and receive encrypted data. VPNs rely on tunneling or encapsulation techniques that allow the Internet Protocol (IP) to carry a variety of different protocols (IPX, SNA, and so on).
Metropolitan Area Networks (MANs)
This type of network is larger than a LAN but smaller than a WAN. A MAN can be used to connect users to services within the same city or locality. MANs are similar to the surface roads used to travel from your residence or community to services such as department stores, grocery stores, and your place of business.
Networks exist to facilitate access to application services. The following are some of the common services available within an organization's networking environment:
-
File sharingThis allows users to share information and resources among one another. File sharing can be facilitated by shared directories or groupware/collaboration applications.
-
Email servicesEmail provides the capability for a user population to send unstructured messages to individuals or groups of individuals via a terminal or PC.
-
Print servicesPrint services enable users to access printers either directly or through print servers (which manage the formatting and scheduling) to execute print requests from terminals or PCs connected to the network.
-
Remote-access servicesThese services provide remote access capabilities from a user location to where a computing device appears; they emulate a direct connection to the device. Examples include Telnet and remote access through a VPN.
-
Terminal-emulation software (TES)TES provides remote access capabilities with a user interface as if that user were sitting on the console of the device being accessed. As an example, Microsoft Terminal Services connects to the remote device and displays the desktop of the remote device as if the user were sitting at the console.
-
Directory servicesA directory stores information about users, devices, and services available on the network. A directory service enables users to locate information about individuals (such as contact information) or devices/services that are available within the organization.
-
Network managementNetwork management provides a set of services that control and maintain the network. It generally provides complete information about devices and services with regard to their status. Network-management tools enable you to determine device performance, errors associated with processing, active connections to devices, and so on. These tools are used to ensure network reliability and provide detailed information that enables operators and administrators to take corrective action.
Because of the complex nature of networking and the variety of standards both in use and constantly evolving, implementation and maintenance poses a significant challenge. Managers, engineers, and administrators are tasked to develop and maintain integrated, efficient, reliable, scalable, and secure networks to meet the needs of the organization. Some basic critical success factors apply to these activities:
-
InteroperabilityA large number of devices, system types, and standards usually support network communication. All the components must work together efficiently and effectively.
-
AvailabilityOrganizations need continuous, reliable, and secure access to network devices and services.
-
FlexibilityTo facilitate scalability, the network architecture must accommodate network expansion for new applications and services.