Archive for June, 2011

Blade computing introduces a new data center paradigm where various thin compute blades share centralized resources in a single chassis. Ablade server is a single circuit board populated with components such as memory, processors, I/O adapters, and network connections that are often found on multiple boards. Server blades are built to slide into existing servers. They are smaller, need less power, and are more cost-efficient than traditional box-based servers.


Managing these servers requires the following:

  • A virtualized view of the servers and resources it uses (such as storage)
  • A high level of security within the server and on the network devices
  • Dynamic resource provisioning that is automated as much as possible
  • A layout that is easy to scale to meet ever-increasing user demands

Data centers will realize a shift from box-based servers to densely packed racks of blade-based servers.



System area networks (SANs) represent an area of computer architecture that has evolved quickly. The term SAN in this section refers to “system” (not “storage”) area networks. After various competing standardization efforts starting in the late 1990s, the state of the SAN field became temporarily unclear. However, the technology has emerged with a richer set of

features that promise to impact the server and clustering arena.


A SAN uses high-speed connections to attach high-performance computers in a cluster configuration. The configuration delivers very high bandwidth of 1+ GB/sec with very low latency. They are switched, with a typical hub What’s Next 579 supporting 4 to 8 nodes. Larger SANs are built with cascading hubs with cable length limitations that vary from a few meters to a few kilometers.


Interconnections in a SAN differ from other existing high-performance media (such as gigabit Ethernet and ATM) in several ways. SAN adapters implement reliable transport services that are similar to TCP or SPX, but directly in hardware. SANs have very low error rates. SANs are often made highly available by deploying redundant interconnect fabrics.


SANs provide bulk data transfer through a remote direct memory access (RDMA) mechanism. The performance within a SAN resembles more that of a memory subsystem than a traditional network (such as an Ethernet LAN). The initiator specifies a buffer on the local system and a buffer on the remote system. Data is then transferred directly between the local and remote systems by the network adapters without involving either of the host CPUs. Both read and write operations are supported in this manner.



Subnetting is a technique of dividing a full Class A, B, or C network into smaller networks. It defines how 1 or more bits are taken from the host portion and added to the network portion. Following are the advantages of this technique:


  •  Saves IP addresses —Avoids the need to assign an entire IP range within a network to one location.
  •  Simplifies network management—Smaller, independent subnets can be created by routers. Internal networks can be restructured without impacting DMZ or external networks.
  •  Reduces network traffic —Links with high network traffic can be isolated to a subnet. Examples are NFS and backup subnets. NFS client (such as a filer) interfaces can be on a one subnet and backup server and dedicated client NICs on another.
  •  Improves security —It is easy to keep DMZ and front-facing networks separated from internal networks.


Subnetting requires taking a bit from the host portion and giving it to the network portion. The more bits we steal from host portion, the more the number of subnets. But more subnets come at the expense of IPs that would otherwise be used for hosts. Each new subnet requires two IP addresses: one for the network ID and the other for its broadcast ID.

Hubs and switches are similar in many ways. Both contain connection ports into which twisted-pair RJ-45 connectors (similar to phone RJ-11 jacks) plug. They can be administered remotely. Either can be used to create a LAN, and they funnel messages to the network backbones.


There are salient differences between hubs and switches, however:


  • Shared or dedicated bandwidth —The main distinction is how they operate. Hosts in a hub-based network share the full bandwidth, but a switch is capable of creating independent full-speed connections for any two devices on the LAN that must communicate. Each connection operates at the full switch bandwidth.
  • How they handle signals —A hub acts like a repeater. It takes an incoming frame and retransmits it to all other attached hosts. Each hub port has a single host connected to it. Hubs are dumb devices and cannot learn. Switches examine incoming frames and immediately transmit them to one or more other ports. This process is very fast. Each switch port can have a single host or a LAN segment connected to it. Switches learn media access control (MAC) addresses and build a contentaddressable memory (CAM) table.
  •  Cost —Switches are more expensive than hubs for the same number of ports because they have more powerful hardware and software capabilities. Switches have more memory, a CPU, and a complete suite of software tools to manage them. Hubs have a trimmed-down version of the firmware code.


Like switches, bridges are also layer 2 devices. They learn MAC addresses, filter and forward frames, and can be used to segment LANs. However, they usually have 16 or fewer ports. Much of the functionality of bridges has been moved to routers.


Just as routers have replaced bridges at layer 3, switches (as their cost continues to fall) may eventually replace hubs at layer 2, but that has not happened yet. Hubs, it must be pointed out, have become smarter, less expensive, and easier to set up and manage. As more and more LANs are being set up, network managers continue to deploy hubs as an easy and inexpensive way to connect printers, low-traffic servers, PCs, and management consoles. The number of installed hubs is increasing mainly because of cost and simplicity.

Smart card logon is supported for Windows 2000 and Windows Server 2003. To implement smart cards, you must deploy an enterprise certification authority rather than a stand-alone or third-party certification authority to support smart card logon to Windows Server 2003 domains. Windows Server 2003 supports industry standard Personal Computer/Smart Card (PC/SC)–compliant smart cards and readers and provides drivers for commercially available plug and play smart card readers. Windows Server 2003 does not support non-PC/SC-compliant or non–plug and play smart card readers. Some manufacturers might provide drivers for non–plug and play smart card readers that work with Windows Server 2003; however, it is recommended that you purchase only plug and play PC/SC-compliant smart card readers.

The cost of administering a smart card program depends on several factors, including:

■ The number of users enrolled in the smart card program and their location.

■ Your organization’s practices for issuing smart cards to users, including the requirements for verifying user identities. For example, will you require users to simply present a valid personal identification card or will you require a back-ground investigation? Your policies affect the level of security provided as well as the actual cost.

■ Your organization’s practices for users who lose or misplace their smart cards. For example, will you issue temporary smart cards, authorize temporary alternate logon to the network, or make users go home to retrieve their smart cards? Your policies affect how much worker time is lost and how much help desk support is needed.

Your smart card authentication strategy must describe the network logon and authentication methods you use, including:

■ Identify network logon and authentication strategies you want to deploy.

■ Describe smart card deployment considerations and issues.

■ Describe PKI certificate services required to support smart cards.

In addition to smart cards, third-party vendors offer a variety of security products to provide two-factor authentication, such as “security tokens” and biometric accessories. These accessories use extensible features of the Windows Server 2003 graphical logon user interface to provide alternate methods of user authentication.