59. Configure Windows NT in the WAN
Windows NT 4.0 as a high-performance 32-bit multitasking, multi-user network operating system, because of its user-friendly interface and powerful and intuitive management capabilities, both novice network and senior system administrators can quickly build a Windows NT-based network environment, Thus won the favor of many users. However, with the continuous increase of user network nodes and the continuous growth of network segments, the scale of networks is increasing, and some problems that cannot be encountered in LAN environment will be exposed gradually. Therefore, how to ensure that Windows NT in the complex environment of multiple network segment, multi-domain, fully meet the users across the network segment access, as well as how to reduce the Windows NT to the network bandwidth consumption, to maintain its efficient operation, is our every system administrator needs to solve the problem.
Here we combine a case to analyze how to set some technical parameters for Windows NT in a multiple-network segment, multiple-domain environment.
In this case, the Windows NT network consists of four physical network segments, which are connected through an ATM switch and each network segment is a separate domain (domain name: HK-PDC, HY-PDC, WC-PDC, PDC1).
The network number of each network segment is:
1. HK-PDC Network number 10.228.17.0 mask is: 255.255.255.0
2. HY-PDC Network number 10.228.18.0 mask is: 255.255.255.0
3. WC-PDC Network number 10.228.19.0 mask is: 255.255.255.0
4. PDC1 Network number 10.228.16.0 mask is: 255.255.255.0
As shown in Figure 1.
In the process of applying Windows NT to a WAN, you need to consider the following four issues:
First, protocol optimization
in a small LAN, the NetBEUI protocol is undoubtedly your best choice, it does not need any manual settings, and the speed of delivery, including TCP/IP, and other protocols can not match. However, its transmission mechanism is based on intensive broadcasting, which inevitably causes a large amount of network bandwidth to be consumed (Ethernet bandwidth utilization over 50% is considered segmented) and cannot be routed to other network segments. Obviously, the NetBEUI protocol is not available for wide area networks. hotspot network
The original design idea of TCP/IP is to use it for packet-switched WAN, its routing mechanism and good cross section affinity, which determines its current indisputable status of the mainstream agreement. So any suspicion and resistance to TCP/IP is unwise, and what we need to do is to move the existing communication protocols in the network to the TCP/IP protocol as quickly as possible.
and windows nt TCP/IP as its built-in default protocol provides good internal support for TCP/IP, minimizing the difficulties users may encounter when implementing TCP/IP scenarios, but that does not mean that they will not be in trouble. Although Microsoft has spent a great deal of effort on this, it still needs a lot of manual intervention, and it is quite extensive.
Ii. establishing a WINS service
We know that WINS is a form of implementation of the name service, which is the same as the use of DNS, which is widely used on the Internet, to map the computer name (known as the hostname in DNS, usually the same) to its IP address. So that two machines can establish a communication connection at the network level. The difference is that wins is dynamically maintained by itself and does not require human intervention, while DNS is static and relies entirely on human maintenance. Unless your network has internet/intranet applications, DNS may not be set up.
in a small LAN, you do not consider the establishment of the WINS service, your network will not be weakened, because on the windows nt, the client can broadcast to find those appearing in the browser (not refer to the Internet explorer) , opening up a variety of resources (such as: Shared directories, printers) machines. hotspot network
in the WAN, in order to suppress broadcast storms, routers do not forward broadcast information, so that based on B nodes (such as the WINDOWS 95/98 client that does not have the WINS option set), the default is B node. These clients are contacted by radio, which results in the inability to share resources across the network segment. At this point, if you install WINS, the problem will be solved. Because your machine can use queries to run a WINS NT Server to pinpoint the IP address of the machine you want to use to share resources.
Of course, you can build only one WINS server in the WAN, but in order to enhance network fault tolerance, it is necessary to establish two WINS servers, one as the primary WINS server (Pirmary wins server), One to do from the WINS server (sencondery wins server) and establish a partner replication relationship for them to ensure data consistency between the two.
Figure 2 shows the content in the WINS database (the WINS server is erected on the 10.228.16.0 network segment), from this we can see that three of network segments of WINS clients are dynamically mapped at the WINS server, with the help of the master browser (which resides in the PDC), the other clients simply access the database and You can easily query the IP addresses of the machines that are in different segments of the network, ensuring continuity of browsing across the network segment.
Iii. establishment of a DHCP service
DHCP allows clients to dynamically acquire IP addresses for a period of time from the DHCP server, which can not only save the IP address, but also greatly simplify the maintenance of the system, in the WAN environment, the use of manual distribution, The behavior of assigning IP addresses to clients without using DHCP is inconceivable.
When you set up the client to automatically obtain the IP mode (such as Windows 95/98, Windows NT client check "Get IP address from DHCP server"), the remaining setup work on TCP/IP can be completed by the DHCP server on your behalf, in Windows NT in the WAN environment, the general need for the DHCP server four options are set as follows:
1.003 option-Specify a default gateway to the client.
2.006 dns-Specifies the IP address server for the DNS server (if not, it may not be set).
3.044 wins/nbns-Specifies the IP address of the WINS server.
4.046 WINS/NBT node Type-set to 0x8 H-node type.
The specific description details of the NBNS (NetBIOS Name Service), NBT (NetBIOS Node Type) refer to the RFC 1001 technical documentation.
Once the above parameters have been set at the DHCP server, when the client reboots, these parameters will be issued to them together with the IP address leased to the customer as the client's established configuration.
In the planning and design of WAN, you can focus on a single DHCP server to manage the distribution of IP addresses for the entire network and its settings for TCP/IP parameters, which can respond correctly to IP address requests from different network segments and issue IP addresses for the corresponding network segments.
As shown in Figure 3, on the DHCP server (IP address: 10.228.16.1), the division of four network segments, respectively, from four network segments of the client to respond to the request, respectively, to the corresponding network segment of the dynamic IP address.
In option configuration on the right, we can see that the four options set above are set.
Take 10.228.16.0 network segment as an example:
1. The default gateway specified to the client is 10.228.16.31.
2. There are two DNS servers assigned to the client, 10.228.16.6, 10.228.0.1, respectively.
3. The primary WINS server specified to the client is 10.228.16.6, from the WINS server to 10.228.16.3.
4. The specified client's node type is the 0x8 node (that is, the H node), which is queried by the wins first, and then by the broadcast method after the failure.
When the client is booted, the winipcfg command (Windows 95), Ipconfig/all command (Windows NT) is used to see if the client gets the correct settings.
Iv. Confidence-building relationships
To achieve sharing of resources between multiple domains of Windows NT and offsite verification of accounts (also known as: Transfer validation), establishing a trust relationship is an essential part of the two domains that have a trust relationship, the domain to which your resources are made available to others is called the trusting domain (Windows NT 4.0 renamed to a delegated domain), domains that can access other domain resources are called trusted domains (Windows NT 4.0 is renamed as a Trustee domain), as to whether a two-way trust relationship or a one-way trust relationship can be defined according to the actual needs of the user.
From the example shown in Figure 4, we can learn:
1. The local domain PDC1 has its own resources open (or commissioned) to HK-PDC, HY-PDC, WC-PDC three domains.
2. HK-PDC and HY-PDC have also delegated their resources to PDC1 for use.
3. Between PDC1 and HK-PDC, PDC1 and HY-PDC are two-way trust relationships.
4. There is a one-way trust relationship between PDC1 and WC-PDC. In this example, PDC1 trusts WC-PDC, but WC-PDC does not trust PDC1, which results in WC-PDC access to PDC1 resources, while PDC1 cannot access WC-PDC resources.
With this example, we can see that, in addition to several of the multiple domain trusts recommended by Microsoft, users are fully able to design a viable, multi-domain trust relationship based on industry characteristics and actual requirements.
V. Concluding remarks
Based on the anatomy of an example, this paper briefly introduces the four problems that should be paid attention to in the application of Windows NT in the construction of WAN, in order to make a contribution to the experience of managing Windows NT in the daily work, and to consult the treatise for Common improvement. Hot Network
Contact Address: zhanghui@netease.com, welcome Letter Exchange