Learning Outcome 1:

Implement Local Area Network Management Issues

Create a Network file structure suitable for a small number of users to work independently and cooperatively as required.

Introduction

In general, LAN OS file structures are similar to those of stand-alone PCs. However, the issues of security, maintenance, and the need for shared access must also be addressed when designing a network file system.

Careful planning of the network file structure will help avoid the need to redesign the structure at a later time (and cost).

Considerations when planning a LAN server file structure should include:

Simplicity – the simpler the structure, the easier it will be for users and LAN administrators alike to navigate and use.
Security – the file structure should complement the security mechanisms of the OS, many of which relate directly to directories and files.
Cooperation – some directories will be shared by all users, some by a subset of users, and others will be private, belonging to an individual user.
Logic – files and directories should be arranged and identified in such a manner as to enhance the useability and efficiency of the LAN as a whole.

Default directory structures

All operating systems create a default directory structure. For example, Windows 95 creates the structure shown below (truncated for illustrative purposes):

Novell Netware 4.1 creates this default directory structure:

The main difference between these 2 examples is that Novell Netware provides a basic directory framework around which to expand the directory structure.

Note: Novell Netware uses the concept of Volumes. A volume is roughly equivalent to the root directory in Windows 95 or MS-DOS. The SYS: volume, as shown in the preceding diagram, is automatically created when Netware 4.x is installed. A volume does not necessarily relate to a single server disk drive – it can span up to 32 drives, and each Netware server can have up to 64 volumes. A volume can refer to part of a single hard disk, an entire hard disk, or, as mentioned, up to 32 hard disks.

Exercise 1

Using the peer-to-peer Windows 95 example, diagram the file and directory structure created for:

applications installed
data areas
the top level of the operating system

Common LAN server directories

The following directories are the responsibility of the LAN administrator:

Public directories

Public directories usually contain applications or utilities that every user may need to access.

Application directories

Application directories often grouped together under an APPS or Program Files directory. This, in turn, may be created under a Public directory, to which all users have read/use access.

For security and simplicity, data created using the application is usually stored in a user’s own area (ie. their home directory).

Home directories

Each user has their own private directory area. Usually all users are grouped together or in natural groups (eg. teachers are grouped together on the work drive of the TAFE LAN).

So all data belonging to a user is located under their home directory. This has advantages for the LAN administrator when:

Adding new users.
Removing or relocating existing users.
Monitoring users’ disk usage.
Documenting file structures.
Backing up data.

Shared data directories

Besides each user’s home directory, areas are set aside for shared data. These areas can be:

Globally shared – every user shares the data within, or
Shared among a subset of all users.

Exercise 2

Examine the home directory structure on the TAFE work file server. Describe:

How the students’ home directories are structured and named.
How the teachers’ home directories are structured and named.
Any globally shared directory areas that you can find – how are they structured and named?

Naming directories

When naming directories, common sense should prevail.

Suggestions include:

· Users’ home directories should be named the same as their user Ids for the network.

· Shared group directories should be named such that each user in the group will immediately recognise the name.

· Application directory names should reflect the application name, and where possible, its version.

Exercise 3

(a) Design a directory structure for a Windows 95 peer-to-peer server which includes the following (each directory should be named appropriately):

3 applications (MYOB Ver 6.0, Quattro Pro Version 4.0, Delphi Ver. 3.0)
2 workgroups who share data (accountants and developers)
8 users, 4 in each workgroup (you may invent their names).

(b) Create this directory structure in your home directory on the network server.

Mapping drives on a network

Usually, the LAN user sees the network disk drives much as if they were local drives – that is, they can be accessed using a drive letter and their directories and files can be listed and accessed just as on a local drive (forgetting file access permissions for a moment).

NOSs allow any directory on network drive that is visible to the user to be mapped. That is, a drive letter (eg. N: or M: or Z) to be substituted for a directory path on a network drive.

Microsoft Windows NT and 95, and Windows for Workgroups 3.11 provide the NET USE command to map drives. For example, suppose that a server named FSERVE contained a directory named \apps\games and you wanted to assign the drive letter M: to this directory.

The following, entered at the command line, would achieve this:

NET USE M: \\FSERVE\APPS\GAMES

Similarly, Novell Netware provides the MAP command to map drives. The following line would be the equivalent of the previous example:

MAP M:=FSERVE\TOP:APPS\GAMES

where TOP is a volume on the server FSERVE.

Note: Netware supports mapping of both network drives and search drives. A network drive is usually a mapped data directory. A search drive has a function similar to the PATH command in MS-DOS – Netware searches the search drives for executable applications.

Exercise 4

Switch to a command line prompt and:

(a) Use the NET USE command to list all current network drive mappings.

(b) Select an unused drive letter and map the SAMPLES directory on the server GANDALF

CAUTION – DO NOT SELECT A LOCAL DRIVE LETTER !!!

HINT: Type NET USE /? | MORE to list the help for NET USE. Is there a facility to automatically use the next available drive letter?

(c)Test that this command has been successful by listing the directory of the mapped drive, and then switching to that drive.

(d)Remove the mapping using the NET USE Drive: /DELETE command.

(e)Using the example directory structure created in exercise 3, list which directories could be mapped using Netware as:

network (data) drives
search drives

Learning Outcome 1.2
Document the file structure and security implementation of the local area network

Learning Outcome 1.3
Discuss local area network issues

Learning Outcome 1.4
Describe the role of the network system manager

Learning Outcome 1.5
Describe a range of network backup solutions.

The implications for backing up network data is no different to any other data. Most procedures and policies are set by business management and should be strictly adhered to by staff. Therefore, items such as storing backups off premises, keeping rotating sets of data etc, should be documentated thoroughly. Media for the backing up of data can range from Floppy disk, Tapes or Optical Drives. The LAN NOS should have drivers available for hardware specific devices. IRQ’s, memory addresses etc., should be investigated on computers that will hold backup devices, in case the backup unit conflicts with existing resources. Note that if using IBM’s MCA architecture, then channel conflicts are avoided. Network backups can be centralised at one location, are generally controlled only by the system administrator (i.e. Novell) or can be distributed on many workstations (i.e. Windows for WorkGroups). Most modern Tape units will allow unattended timed backups that can be scheduled when the system is at its least utilised (i.e. early Morning). The selection of backup devices is effected by the regularity of backups, the amount of data to be backed up, the need to move data from one server to another etc., and will be a policy decision for management and the system administrator.

Novell Netware
Novell has an extra Backup solution available through its ability to mirror and duplex hard disks. This means that if a disk fails, operation is immediately switched to another hard disk, which is a duplication of the first disk. This is described as Real Time Backup, where disk writes are written to both disks, and is a feature of Novells SFT III. Novell supplies a Menu utility called NBACKUP. NBACKUP ..

· must be run from a workstation and not from the File Server

· restores both DOS and Macintosh files

· Supports Floppy disk backups, Hard drive backups, Optical Drive backups and tape drive backups

· that operate as DOS devices

· Has DOS device drivers available for a range of Tape Drives

· Will backup the entire server or selected directory trees

· Allows Timed Backup for a later start of the backup

· Can backup directory and file trustee information

· Can backup the BINDERY (Important)

· Creates an Error Log on problems encountered during backup

· Has support for Non DOS Backup devices

Windows for Workgroups
Because WorkGroups is basically a DOS driven system, the solutions that apply to it are similar to any basic MS-DOS Solutions. Depending on the version of MS-DOS being used Backup can either be performed by the BACKUP or MSBACKUP command. WFW will allow distributed backup procedures where individual users could be responsible for backing up data that may be shared on their workstation. A centralised backup could be performed by the administrator if one station is nominated as a server. Backup options range from Floppy Disks, Optical devices, Removable Hard Disks and Tape drives

There are also a range of Third Party Backup Devices available such as Colorado tape drives. These third party devices should be ..

· Capable of backing up the entire server with at least a 10% free space margin

· Netware aware and capable of backing up the Bindery

Exercise
Answer the following questions:
What are the implications of letting users perform backups of their own station?

Would there be a problem if backing up the Catalogue to the Hard disk instead of the Floppy disk? Why?

Using the Internet, list three company’s that offer a third party backup program and give a brief description of each.

Contingency plans
A contingency plan is a document or set of documents that provides a course of action to be followed before, during, and after the occurrence of an undesirable event that disrupts or interrupts network operations. A contingency plan should detail the following:

· Individual roles and responsibilities

· Actions to be taken in advance of the occurrence of an undesirable event

· Actions to be taken at the onset of an undesirable event to limit the level of total damage, loss, or

· compromise of assets

· Actions to be taken to restore critical network functions

· Actions to be taken to reestablish normal network operations.

Contingency plans address both catastrophic events that cause major destruction to the facility or other network assets and less-than-catastrophic events that interrupt network operations but do not cause major destruction. Some causes of catastrophe and near catastrophe are:

· Accidental file overwrite or deletion

· Communications failure

· Electrical power failure, spike, or surge

· Failure of key peripheral hardware

· Fire, flood, earthquake, or other natural disaster

· Improper use of operating system commands

· Incomplete or erroneous documentation

· Intentional, disruptive actions (by hackers or disgruntled employees, for example)

· Intentional, disruptive software (computer virus)

· Intrusion of smoke, dirt, or dust

· Loss of key application program(s)

· Mechanical breakdown (burst water pipe, Halon discharge)

· Theft of physical assets

· Unavailability of key personnel

· Use of test data in the production environment

Contingency plans should not concentrate on disaster recovery planning, to the detriment of planning for the less-than-catastrophic occurrences. As a general rule, the greater the adverse impact of an undesirable event, the lower the probability of that event’s occurrence. Store contingency plans on-site for use in the less-than-catastrophic occurrences and off-site so that they are available if a catastrophe occurs.

Levels of contingency plans
Contingency plans may be developed at several different levels, including end user, network, and organization (a group, department, or any subdivision of a total organization as well as the organization in total):

· End user. End-user contingency plans outline procedures for protection and recovery of physical files, personnel, and office equipment in the end user's area of responsibility, as well as manual procedures to be used in the event network service is disrupted or interrupted.

· Network. Network contingency plans address adverse events that impact network assets or the network's ability to provide service to end users. Network contingency plans contain lists of responsibilities by individual; inventories of assets; arrangements with and contacts for supporting organizations; procedures for protection and recovery of network assets; and continuation and restoration of service before, during, and after the occurrence of an adverse event.

· Organization. Organizational contingency plans contain procedures for protecting and maintaining corporate data and ensuring that critical operations continue. Organization contingency plans coordinate network and end-user contingency plans, ensuring the sharing of backup or alternate processing arrangements (for example, multiple networks could share a single backup site).

Elements of a contingency plan follow.

Contingency planning phases
The contingency planning process includes preliminary planning, preparatory actions, action plans, and testing. Each of these phases is discussed in the following sections.

Preliminary planning
Preliminary planning includes defining the scope of the process and associated action plans; identifying assumptions concerning potential threats and available resources; determining maximum allowable outages and support that may be expected from other organizations; selecting backup and contingency strategies; prioritizing applications for recovery in backup and disaster recovery operations; and assigning responsibilities for executing the plan. Preliminary planning is based on information collected as part of the vulnerability analysis and security reviews.

Determining the scope of the contingency plan
The first step in preliminary planning is to define the scope of the contingency plan. Defining the scope ensures that critical areas are not overlooked, limits the size and complexity of the contingency plan, and identifies which organisational elements should be represented on the contingency planning team. This ensures that resources are not spent preparing an unnecessarily elaborate contingency plan for the network's size and complexity. The scope of a contingency plan may cover only a single microcomputer or a network that extends to multiple, geographically dispersed locations and includes off-site storage and backup locations. Generalized plans applicable to a class or type of computer (for example, a stand-alone microcomputer) may be appropriate for networks with a narrow scope, but you should develop specific contingency plans for all but the smallest of LANs.

Establishing a contingency planning team
Effective preliminary planning requires a team effort. The organization's elements that support implementation of the plan should be represented on a contingency planning team. Elements represented include

· Security

· Operations

· Procurement

· Communications

· Technical support (hardware and software)

· Application developers

· Building management

· End users

The contingency planning team is responsible for preparing the three contingency action plans. The completed contingency plan is submitted to supporting personnel for formal concurrence. This approach ensures agreement on the plan's commitments of resources and assignments of responsibilities.

Selecting backup and recovery strategies
Selecting backup and recovery strategies requires assessment of the criticality of network activities, the losses that would be experienced due to service disruptions or interruptions, and the cost to test and implement the strategies. Strategies may range from providing no capability for backup or recovery of specific assets or capabilities to maintaining and operating redundant networks. The following are possible backup and recovery strategies:

Backup of data and software. Copies of systems, utilities/support, and application software; data files; and associated documentation may be created and stored for use in backup and recovery operations. Store backup copies in a fireproof storage container either onsite or at an area geographically separate from the network. Onsite storage has an advantage over offsite storage ease of access. Onsite storage has serious disadvantages in that co-located primary and backup copies can both be damaged or destroyed in a major disaster. Even when placed in a fireproof container, storage media can be damaged or destroyed if a fire burns hotter or longer than provided for by the storage container's specifications. Multiple backup copies reduce the possibility of data or software loss due to problems with both primary and backup copies. Generally, three serial (child, parent, grandparent) versions are appropriate for a network with the grandparent version stored offsite. Effective procedures for backup of data and software files contain an approach for determining which data and software are to be backed up and the frequency (for example, daily, weekly, monthly). The volume of many tape libraries precludes cost effective backup of all data and software.

Alternate processing capability. A network contingency plan must contain a strategy for providing alternate processing capability. A number of options may be appropriate:

· Provide no backup processing capability. This approach is used where the
work being performed is not critical and can be suspended for an extended
period; the network uses standard (with no specialized modifications), easily
purchased equipment; or backup processing is not cost justified (for example,
where one of a kind equipment is used and resources are not available to
construct a backup unit).

· Establish or contract for an "empty shell. " An empty shell is a computer facility
that contains no computing hardware or software but may contain a raised
floor and air conditioning, as well as other support arrangements. Procedures
for acquiring and installing necessary hardware and software must,
therefore, be part of the contingency plan. Empty shells may take hours or
days to equip properly. Empty shells are generally suitable only for networks
that can tolerate extended outages or when they are used in conjunction with
other backup provisions (for example, interim backup provided through use
of a commercial service bureau).

· Contract for computing capability offered by commercial service bureaus.

· Establish emergency backup arrangements with other organizations (for
example, computer manufacturer) or other elements within the organization.

· Establish or contract for a "hot site. " For networks that support time-critical
applications, establishing a hot site may be appropriate. A hot site is a
computing facility that is fully equipped but has either no workload or an
interruptible workload. Backup copies of data and software from the
primary site may be stored at the hot site to facilitate service restoration.

To arrange for alternate processing capability, the level of backup support
required must be determined (that is, is full capability to be backed up or
just some subset of capabilities?). If only a subset of capabilities is to be
provided, the components or level of that subset must be determined and
those applications that are to be supported identified.

Any arrangement for backup computing capability should ensure that
security at the backup site is at least equivalent to that at the primary site.
This may require special guard service, installation of encryption devices,
or other considerations if the backup site normally operates with a lower
security level.

Alternate Communications Capability. A network backup plan may include provisions for backup communications. The backup may be to accommodate interruption or disruption affecting the primary network or to support operations at a backup location. Alternate arrangements can include acquisition of redundant circuits to provide excess capacity and alternate routing within the primary network or dial service (direct dial, 800 service, and so on) for backup of the primary network.

Backup Staffing A network backup plan may provide for use of backup staffing to replace key staff absent due to strikes, weather, illness, or termination. Backup staff may be other individuals within the organization (for example, management personnel) or they may be staff from outside the organization (for example, temporary hires or contractors). In either case, the backup personnel must have at a minimum the same level of background screening as the individual(s) to be replaced. Further, backup personnel must be trained in the procedures, policies, and responsibilities of the positions they are to assume.

Backup Supplies. A network backup plan may provide for maintenance of supplies at an alternate location. This strategy would be especially appropriate if applications supported by the network use specialized forms.

Preparatory actions
After the preliminary planning is finished, the next step is to develop and maintain detailed information on critical assets and make requisite arrangements with vendors and others who will provide supplies and services in the event of a contingency. These preparatory actions may include the following:

· Developing and maintaining inventories of data, software, hardware. supplies, documentation, and personnel

· Locating sources for support in recovery operations (for example, trucking companies, media recovery specialists, cleaning

· companies specializing in electronic equipment, and equipment manufacturers)

· Establishing contractual arrangements for backup storage

· Establishing contractual arrangements for backup computing and communications capabilities

· Establishing contractual arrangements with data recovery specialists

· Acquiring protective devices (for example, fireproof containers and equipment, covers to prevent water damage)

· Identifying a location to be used as the control center in the event of a major disaster

· Training staff in their roles and responsibilities relative to specific action plans

· Acquiring and implementing the hardware and software required to support alternate communications arrangements

· Preparing and distributing copies of action plan checklists and procedures

· Establishing arrangements with manufacturers to provide priority equipment delivery in emergency situations

· Working with local fire and police departments so that security is maintained during emergency situations

· Implementing procedures so that the contingency plan is updated on a continuing basis

Action plans
A network contingency plan contains three separate action plans: an emergency response plan, a backup plan or continuity of operations plan (COOP), and a disaster recovery plan or recovery actions plan. Emergency response plans generally emphasize individual action whereas backup and disaster recovery plans provide for team efforts. In addition, the emergency response plan initiates the backup plan and disaster recovery plan. The three action plans are as follows:

Emergency response plan. An emergency response plan provides procedures to be followed and actions to be taken at the onset of an undesirable event. The objective is to minimize the potential for loss of life and the loss destruction, or compromise of other network assets. The plan addresses undesirable events with effects limited to data compromise as well as events that cause asset destruction or loss. For example, the plan provides procedures for dealing with fires as well as procedures for isolating a microcomputer suspected of being infected by a computer virus.

Backup plan or continuity of operations plan. A backup plan provides the procedures and actions to be taken to restore critical network operations. These procedures include periodic backup of software, data, and associated documentation; arrangements for rotation of backup between the network site and a backup storage location; and a strategy for backup of computing and communications capabilities. A backup plan often requires the use of alternate computing and communications capabilities and/or operating in a degraded mode. The size and complexity of the backup plan varies considerably based on the criticality, size, and complexity of the network and the strategy used to provide alternate computing capability. For example, in a microcomputer environment where hardware may be readily purchased, the backup strategy may be to provide no alternate computing capability. With this strategy, the backup plan can be extremely short.

Disaster recovery plan or recovery actions plan. A disaster recovery plan identifies the actions to be taken and procedures to be followed to restore normal network operations after the occurrence of a catastrophic event (for example, fire or extensive corruption of data files) or a less-than-catastrophic event (for example, a minor fire or loss of a critical master file). The disaster recovery plan provides for a range of recovery actions based on the severity of the undesirable event. Where recovery from a catastrophic event is concerned, the disaster recovery plan provides for consideration of the network s long range plan (for example, relocate the facility immediately instead of rebuilding at the current site if planning to eventually relocate the facility).

In addition to providing procedures and actions, the three types of action plans identify roles, responsibilities, and authorities of individuals associated with plan implementation and maintenance. Inform these individuals of their roles and provide them with training to ensure that they can complete their assign- meets in an effective, timely fashion. Action plans consist of specific, clearly l! written procedures, checklists, and references to supporting organizations.

Testing
Conduct ongoing review and testing of the contingency plan to ensure that it meets the needs of the network. You cannot assume a contingency plan works if it has not been used or tested. A plan that has been tested once and then filed for an extended period also cannot be assumed to adequately address current requirements.

Test plans are prepared in advance as part of the contingency plan. The results of contingency plan tests are documented and used to revise action plans and strategies as necessary to eliminate identified problem areas. Test results are used to identify staff training needs.

Contingency testing should be as realistic as possible but economically feasible. Testing in real-world situations is needed to determine how the organization would react to a disruptive event. Conduct testing on both an announced and unannounced basis during normal working hours. You may perform some testing on weekends or at other times when interruption or disruption of network service to users would be minimal. Test scenarios detailed in the action plan, such as loss of the computer room, loss of communications, or failure of a server.

Segments of the plan may be tested by ensuring that supporting organizations (for example, police and fire departments) understand their role in the plan and are in agreement with its procedures and requirements. Backup plans may be tested by transferring necessary software (possibly including the operating system) and data to the alternate location for testing.

Management involvement
Contingency planning is disruptive to an organization. Key personnel need to participate in plan development. Funding is required to establish contracts with commercial organizations. Computing resources are required and operations disrupted when testing action plans.

Management must understand the value and importance of contingency planning. Actions that may be taken by the security staff to achieve this objective include

· Maintaining brief summaries (with pictures where possible) of catastrophic occurrences at other networks and the losses experienced.

· Reporting incidents where action plans were used to minimize damage or recover from catastrophic or less-than-catastrophic events

· Providing information to management regarding potential losses and adverse mission impact that could result if a catastrophic or less-than-catastrophic event were to occur

Without management involvement and support, the resources, staff, and funding required for contingency planning will not be available, and line organizations will use the disruptive effects to withhold participation in the process.