Novell's Networking Primer
The Internet's history can be traced to 1957, when the Department of Defense (DoD) formed the Advanced Research Projects Agency (ARPA) in response to Russia's launch of Sputnik, the first artificial earth satellite. ARPA (later renamed DARPA) sponsored a number of studies to research how to make a few university supercomputers available to many research scientists across the country. In 1969, the first computer network was created. Called ARPANET, it interconnected UCLA, Stanford Research Institute, and UC Santa Barbara in California with the University of Utah. As time passed, more and more organizations joined this growing computer network.
Now the Internet is the world's largest computer network, linking thousands of networks and millions of individual computers around the world. The interlinked networks and individual computers belong to a myriad of private individuals, government agencies, universities, elementary and high schools, hospitals, private businesses of all kinds, and other organizations in almost every country in the world. On a daily basis, millions of users send and receive e-mail, download and upload files, do research, and conduct business on the Internet. E-commerce alone is expected to account for billions of dollars in sales over the next few years.
Figure 42: Performed over the Internet, e-commerce provides a direct connection between businesses and their customers. Immediate access to customer feedback and purchasing patterns can give businesses a decisive edge over their competitors.
Because the Internet is so popular and widely used, many of its technologies have spilled over into the private computer networking market. Two of the most influential technologies are the TCP/IP suite and the World Wide Web (WWW), which is based on the HTTP and HTML protocols. These technologies—and the addressing scheme that supports them—have become integral to computer networking and are shaping the future of the industry. The following sections define these technologies and explain how they are affecting the world of computer networking.
The TCP/IP suite was originally developed by the DoD to connect a system of computer networks that became known as the Internet. TCP/IP is actually a group, or suite, of networking protocols used to connect computers on the Internet. TCP and IP are the two main protocols in the suite.
TCP provides transport (OSI Layer 4) functions, ensuring, among other things, that the amount of data received is the same as the amount transmitted. The IP part of TCP/IP provides the addressing and routing mechanism (OSI Layer 3).
TCP/IP uses a special transmission method that maximizes data transfer and automatically adjusts to slower circuits and other delays encountered on the network.
The TCP/IP suite includes a file transfer capability called FTP, which allows files containing text, programs, graphics, numerical data, and so on to be downloaded off of or uploaded onto a network. Simple Mail Transfer Protocol (SMTP) is TCP/IP's own messaging system for e-mail. In addition, the Telnet protocol provides terminal emulation, allowing a personal computer or workstation to act as a terminal, or access device, for a larger mainframe computer. TCP/IP also includes Telnet for remote login capabilities and User Datagram Protocol (UDP), which is used to deliver non-essential data (data which requires no confirmation of receipt) over the network.
Because of the increasing importance of the Internet as well as TCP/IP's versatility, more and more companies are using TCP/IP as the primary protocol in their LANs. A LAN that uses Internet technology such as TCP/IP and Web browsers is called an "intranet." Novell has supported TCP/IP and intranets in its NetWare network software for some time. With the release of NetWare 5 network software in 1998, TCP/IP became the default protocol of Novell networks. Novell's NetWare 5 and later NOSs enable pure TCP/IP to be used in a LAN, without the aid of any other networking protocols.
World Wide Web (WWW)
The World Wide Web has become the dominant Internet service, taking only a few short years to catch on after it was introduced to Internet users in 1991 by Tim Berners-Lee and CERN (a European consortium for nuclear research).
The World Wide Web is a client-server environment. Information is managed through Web sites on computers called Web servers. You access these sites using the client software on your individual computer and the Internet's HTTP. The client software is called a Web browser. Netscape Navigator and Microsoft's Internet Explorer are examples of popular Web browsers.
The computers and Web sites on the Internet are linked through documents called Web pages. The basic format of a Web page is a text document written in HTML, which is made up of codes that tell how the page will be displayed. The HTML document also includes the text that will be displayed as well as the addresses, or Uniform Resource Locators (URLs), of other Web pages that have links in the document. These links appear as underlined or highlighted text that includes hidden cross-references, or hyperlinks, to additional information. Clicking on this highlighted text allows you to jump to the Web page referenced by the link. Web pages may also display icons and images as links to other pages.
In order for these links to work, however, the addressing scheme must be very specific and the links must reference an appropriate URL. The URL is then used to determine the location of the site referenced by the link. This method of Internet addressing is discussed in the following section.
For Web site identification, e-mail routing, and many other purposes, every machine on the Internet is identified by a unique number known as an IP address. The IP address is a binary number 32 bits long, specified in IP, also called IPv4. It is usually written in "dotted decimal" format by dividing it into four eight-bit numbers and converting each number to its decimal equivalent, which is a number from zero to 255. The four numbers are then separated by dots, like this: 188.8.131.52.
This address system provides 4.3 billion possible addresses. When the Internet was first set up under ARPANET, this number appeared more than adequate. But current estimates indicate that all available 32-bit IP addresses will soon be exhausted. The initial framers of the Internet did not anticipate that nearly every business, organization, government institution, and human being in the world would eventually want an Internet address.
In 1994, an Internet oversight committee called the Internet Engineering Task Force (IETF) set up specifications for a new IP version, IPv6, that will solve this problem. IPv6 employs a 128-bit addressing scheme instead of the 32-bit scheme used before. As a result, IPv6 addresses are much more complex than their predecessors: instead of four eight-bit numbers, IPv6 addresses consist of eight four-digit, hexidecimal numbers. For example, an IPv6 address would look something like this: 2EG3.0000.1323.0000.6HE2.CDDE.2546.AB76. This new addressing scheme supports well over forty-undecillion (40 x 1036) possible addresses.
For computers, keeping track of these numbers is no problem, but for their human counterparts, numbers can be difficult if not impossible to remember. Humans generally prefer names. To remedy this problem, the Domain Name System (DNS) was introduced in 1984.
DNS assigns each IP address a corresponding domain name made up of letters or words organized in a hierarchy or inverted tree. At the top of the hierarchy are the "top-level domains." The following is a list of top-level domains:
- .com: commercial organizations, as in novell.com
- .edu: educational organizations, as in ucla.edu
- .gov: governmental agencies, as in whitehouse.gov
- .mil: United States military organizations, as in army.mil
- .org: nonprofit organizations, as in redcross.org
- .net: networking entities, as in compuserve.net
- .int: international organizations, as in nato.int
Novell has created a subdomain under the .com top-level domain, and it is identified on the Internet as novell.com. Within Novell this domain is further divided into subdomains such as provo.novell.com, sjf.novell.com, and ukb.novell.com.
When you are on the Internet and you type in novell.com on the HTTP command line, your computer contacts another computer that has a list of .com domains paired with their assigned IP addresses. That computer translates novell.com into the IP address that identifies the main Novell Web server, sends your data on to routers that recognize the number, and finally connects your computer with the Novell World Wide™ home page.
Computers that keep and maintain such DNS translation lists are called name servers. They also keep lists of other name servers. If e-mail or some other message comes their way that does not apply to any of their subordinate domains, they send it off to a name server that may have the needed address. Eventually, a name server with the correct domain is found and the message is sent on to its destination. The IP address of a computer may change, but the name servers keep track of such changes and maintain the same domain name, so we do not have to worry about it.
This addressing scheme, along with the TCP/IP suite and the World Wide Web, has drastically changed the future of computer networking. Businesses and individuals who have become familiar with the Internet and its workings have recognized the advantages of this technology and applied it to their business networks in the form of intranets, virtual private networks (VPNs), and extranets. The following sections detail the various technologies used and the advantages obtained through the use of these new networking ideas.
An intranet is a privately-owned, secure, business network based on Internet technology, although not necessarily connected to the Internet. The term "intranet" appeared when companies discovered that they could use Internet technologies to make company-internal information available to all employees, no matter where the employees were located or what kind of hardware they were using; that they could still secure the information from unwanted access by outsiders; and that, along with these advantages, they could make the information available at the lowest possible cost.
The main reason for a company to implement an intranet is that it enables a business to collect, manage, and disseminate information more quickly and easily than ever before—even much more quickly and inexpensively than with other current means of electronic communications, including e-mail and other types of cross-platform publishing (in computing parlance, "publishing" refers to the act of making a document available for others to access electronically). In fact, intranet publishing is the ultimate in cross-platform publishing because it is based on the Internet technologies that were developed specifically for the purpose of allowing information-sharing among dissimilar computing systems.
Although even a small company with only one office and a small network can benefit from an intranet, the value of an intranet increases with the number of employees, the size of the network, and the number of geographically separate sites. As a company grows, if it continues to use conventional means of information dissemination such as printed memoranda and newsletters, the cost of disseminating information to all employees increases exponentially. Other methods of sharing information, such as e-mail and file sharing, also fall short of the cost savings and immediacy that can be obtained through intranet publishing.
On an intranet any employee with a properly configured workstation and a Web browser can read documents as soon as the files are completed and copied to any Web server, regardless of where the employee is located. If a company were to instead disseminate documents as files in a public directory or by e-mail, the documents would have to be provided in multiple formats to accommodate the various computing platforms and applications used within the company. The company would need to pay employees to prepare the differently formatted documents and distribute them to the locations where they could be accessed. In even a small company this type of effort takes more time and costs far more than does publishing the same information once in HTML format on a single Web server. In a large company the time and cost differences can be enormous.
Intranet publishing has other benefits. One important advantage is that the network can update your intranet documents automatically in real time. For example, if you published a document that contained the stock price for your company or news about the market in which your company competes, you could create a Web server script that would automatically update the document every 15 minutes with the most current stock price and market news. With immediate access to up-to-date information, you can respond more quickly to changes in the marketplace. Moreover, after the script is created, the network continues to update the information at no further cost; the work of updating is not forgotten or lost because you get too busy.
In addition, you get immediate feedback about the documents published on your intranet. With paper-based documents or publicly available files stored on a server, you cannot determine whether or not people are reading the documents. If you published the documents on an intranet server, however, the network could track how many people read the documents and which documents were used the most.
Businesses are continually finding more ways to use intranets to decrease costs, especially since the specification for World Wide Web documents has been extended to include graphics, audio clips, and movies. For example, many companies have installed applications that allow employees to access company databases directly from a Web browser, thereby avoiding the cost of specialized database access programs. Recent products such as Novell's GroupWise allow employees to read their e-mail messages and view and modify their appointment schedules directly from a Web browser.
Another factor that makes an intranet valuable is that it can be configured to enable you to access it over the Internet. Traveling employees, suppliers, and customers can access any information published on the intranet over the Internet, but you can still control access to information. For example, you might allow the general public to view some documents and restrict access to other documents to authorized users. Also, you can allow employees using your intranet to connect to the Internet and to access the vast information resources available there.
An "extranet" is two or more intranets connected in such a way that they enable collaboration among the companies that own the separate intranets. On an extranet each connected company usually makes some selected part of its intranet accessible to the employees of one or more other companies. For example, several companies might create an extranet to consolidate data gathering and share data, to jointly develop and share training programs and other material, or to coordinate project management for a common work project. On an extranet each company uses the security inherent in its own intranet to the keep employees of other companies from accessing information they do not need to see.
The collaborative business application is a powerful extranet tool. Such applications—possibly developed jointly by participating companies—enable the employees of these companies to work together effectively without leaving their offices (which might be located in different places across the world).
For example, a consumer company might work with a supply company to connect their intranets and create a supply ordering system so that all employees of the consumer company could order whatever supplies they needed, whenever they needed them, directly from the supply company. The consumer company employees might order supplies by using their Web browsers to look through one or more electronic catalogs that the supply company published on the extranet. The employees might check a box next to each of the items they needed. Different employees might be given different rights to different catalogs so that they could see and order only from selected parts of a catalog. Underlying parts of the collaborative business application could sort all ordered items by company division, group, and employee, and fill out one daily purchase requisition containing all items ordered by all employees. Each purchase requisition could be immediately delivered over the extranet. For the supply company the application could automatically generate a shipping ticket that contained the items to be shipped, broken down by division, group, and the person to whom each item was to be delivered.
For the consumer company the end result might be the elimination of stocked supplies and a considerable reduction in purchasing costs. The consumer-company employees might get the supplies they needed in less time than ever before. And the supply company might sell more supplies and deliver them faster with fewer staff members.
Because almost all intranets and extranets will eventually be connected to the Internet, intranet technology should be designed to deal as effectively as possible with the security problems and other problems inherent in the Internet. Therefore, Novell is constantly working on new technologies such as the BorderManager family of services and iChain.
Of course, intranets and extranets need not be connected to the Internet: an intranet may be purely local or, if it is a WAN intranet, the various locations might be connected by means other than the Internet. In addition, an extranet may connect several of these types of intranets without any Internet connection. However, an important technology called virtual private networking enables you to create intranets and extranets using the Internet as a ready-made, low-cost WAN backbone.
Virtual Private Network (VPN)
A VPN is a private WAN that uses the public Internet as a low-cost WAN backbone to transport data between two or more geographically separate sites. By contrast, traditional WANs connections are made by means of dedicated communications equipment and dedicated leased lines (such as T1 lines). Although VPNs may not provide the same data-transfer performance as a dedicated-line WAN, there are some advantages that a VPN has over a dedicated-line WAN that have made VPNs increasingly popular.
Figure 43: A VPN securely connects remote sites by using the Internet as a WAN backbone.
The most obvious advantage is the cost of implementation. Because you are using the Internet as the backbone, there is no need to lay cable or lease dedicated lines between the remote sites you wish to connect. This eliminates an incredible amount of overhead. Second, because the VPN uses the Internet, the Internet becomes part of your network. In today's computer-based market the Internet is one of the most powerful tools available for large-scale commerce. With a VPN you are preparing for future expansion onto the Internet as the need arises. You can use your Internet connection to make more information available to Internet consumers. With a conventional dedicated-line network, an additional Internet connection would be required to reach this market. Using a VPN, you can network your remote offices into one large WAN and provide access to the Internet.
The technology used in VPNs to connect remote sites is known as "tunneling." Using this technology, you can transfer data across the Internet by encapsulating it into TCP/IP packets and transmitting it across a secure Internet connection referred to as a tunnel.
Tunneling is accomplished through use of a tunneling (or VPN) protocol. Using the tunneling protocol, two sites set up and maintain a trusted session (or tunnel) between them. After the trusted session is established, each site secures data packets by encrypting the contents, encapsulating them in a TCP/IP packet, and sending them through the tunnel. The receiving site extracts the encapsulated packet, decrypts the contents, and routes the information to the appropriate local destination. The most commonly used tunneling protocols are Internet Protocol Security (IPSec) and Point-to-Point Tunneling Protocol (PPTP).
The IPsec protocol operates at the network layer (OSI Layer 3). A core part of IPsec is the subprotocol Internet Security Association Key Management Protocol (ISAKMP)/Okaley, which is the protocol used to establish a secure session. The secure session is based on a shared public key. ISAKMP/Okaley allows the receiving site to obtain a public key and authenticate the sending site using digital certificates. Many vendors currently use IPSec as the basis of their VPN products, and the IETF may adopt IPSec as the standard for a network-layer VPN security protocol.
Like IPsec, PPTP operates by transferring encapsulated data through a secure tunnel. PPTP uses a Generic Routing Encapsulation (GRE) mechanism to encapsulate PPP packets. There are two parallel components of PPTP: (1) a control connection operating over TCP; and (2) an IP tunnel that is used to transport GRE-encapsulated PPP packets. The existing PPTP specification does not detail security other than that addressed in PPP. PPP security includes Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). One useful feature of PPTP is the ability to connect IP-based networks with private network addressing schemes: you can connect two networks even if their private addresses conflict with globally unique addresses already registered on the public Internet. PPTP can also authenticate remote clients accessing an intranet site across the Internet.Return to Primer Index | Next Section