Supplement on Computer Networks

What is Co-axial Cable?

The construction of a co-axial cable is revealed in the cross-section illustration here:

The several layers are arranged concentrically about the same axis (hence the name, "co-axial"). "Dielectric" is a fancy synonym for "insulator" - in other words, the bulk of the volume of the coax serves to separate the central conductor from the outer conductor without permitting electric current to flow, except along the length of the conductors. The reason that coax is effective for transmitting signals is that the cylindrical "dielectric core" keeps the outer conductor a uniform distance away from the center conductor, which keeps signal reflections to a minimum. If coax is bent too sharply, it will buckle, distorting the conductors and causing partial reflection of the signal. In ethernet networks this may prevent operation of that segment entirely, or it may make it unreliable without making it completely un-usable.

Odds and Ends

• Recessions happen, and only fringe industries can possibly be "recession-proof."

• The business model of the software vendor has a major impact on the quaility of the product experienced by the consumer.
  • Software service contracts provide technical support and the right to new versions and bug fixes. The vendor's primary revenue stream depends on continuing customers seeing continual improvement (new features without breaking old ones). As a result, each release consists mostly of unchanged code, with the changes usually confined to particular identifiable parts of the software (and therefore more likely to have been effectively reviewed and tested). Sun's Solaris, Digital Unix and VMS, and IBM's mainframe operating systems all follow this model.

  • Selling updates and giving away "service packs" provides the customers with new features all at once, and then gradually fixes the things that got broken. The vendor's primary revenue stream depends on having so many new things in each release that lots of people think it is worth paying to upgrade. That guarantees that a large fraction of the code is new each time. Microsoft follows this model with the Windows and Windows NT operating systems.

• Unix, despite its grammatical appearance, is plural, not singular.

• CGI is designed to work with HTML "Forms," such as the feedback form.

• Electronic communication, even with emoticons ("smileys") cannot include all the cues (tone of voice, pauses, facial expressions, body posture, etc.) that face-to-face communication includes, both for conveying your message and for realizing on-the-fly that you are failing to convey your intended meaning.

• Single-user vs. multi-user operating systems.

• Worker distraction can lead to reduced productivity.

• File servers and application servers are two different things.

• People do print Web pages.

• Token Ring may well be the betamax of networking.

• Asymmetric Digital Subscriber Loop ("ADSL") provides much faster connections for individual and small business internet access.

• There is only one, so we call it the internet; there could be one for each company, so we speak of an intranet.

• Windows NT Server is one thing, Windows NT Workstation is another.

• Flat-rate services have zero marginal cost, but far from zero cost.

Privacy and Integrity

Eavesdropping

The internet was originally designed to be used in a friendly environment, so the data in the network traffic is sent "in the clear." That is, it is not encrypted.

Traffic on networks is divided into "packets" that may contain anywhere from a few to a few thousand bytes of data, together with header or preamble information that identifies the type of packet, the sender, the recipient, and in some cases the length of the data segment. Many network protocols also include trailer or postamble information, such as a redundancy checksum that makes it more likely that any transmission errors will be detected.

Network interface circuitry usually has hardware that reads the header information and discards all data packets that are not destined for that system.

Every ethernet interface has the ability to be placed into so-called "promiscuous mode" in which every data packet on the wire is transferred to the operating system software, whether or not it was addressed to that system. Thus, any computer on an ethernet network is capable of eavesdropping on all traffic on that network. This is one of the reasons that many ethernet-based networks are divided into segments with routers connecting them. The router will transfer each data packet only to a segment containing a system to which that packet is addressed. Other machines on those segments could eavesdrop on the traffic, but no machine will be able to eavesdrop on traffic that doesn't apear on its segment. For example, in the Computer Services Center, we have configured the network so that the public lab machines are on different segments from the staff office machines and from the central server systems. When the University President reads his E-mail, that traffic never appears on any of the public lab segments. (A bridge, like a router, connects two network segments, but unlike a router, a bridge passes all traffic on one segment over the other segment.)

Encryption

Encryption should be distinguished from code as a means for private communication. Encryption involves the replacement of "cleartext" by superficially meaningless encrypted text in a way that permits the intended recipient to recover the cleartext. Coding involves the substitution of a code-word or code-phrase to stand for a pre-arranged other word, phrase, sentence, or paragraph. In computer networks, encryption is commonly used, but coding is not.

Substitution Methods

One letter or number stands for another.

Easy to break, especially for longer messages, once the language (English, Spanish, etc.) is known, because of the statistics of use of various letters.

Private Key Machine Methods

Converts characters into numbers, then combines those numbers with each other and with a fixed key according to a known arithmetic (algebraic) pattern.

Key length is one critical issue in the level of effort required to break.

The key used to encrypt is typically also the key used to decrypt.

Requires transmission of key by secure means.

The larger the total volume of transmitted information encrypted with any one key, the easier to break.

Public Key Machine Methods

Also converts characters into numbers, then combines those numbers with each other and with a fixed key according to a known arithmetic (algebraic) pattern.

The algegraic method is one in which knowledge of the key used to encrypt does not provide any useful clue about the key required to decrypt. The most common method, RSA, is based on the mathematical difficulty of factoring very large numbers.

Each recipient publishes the key to be used to encrypt transmissions to it, but conceals the key it will use to decrypt the messages.

A "digital signature" can be achieved by encrypting your name, a timestamp, and a "checksum" of the valid message, using your private key. Then anyone can use your public key to decrypt that signature block and confirm that the attached message is valid.

If your private key is compromised, then so is all correspondence that has been or will be sent to you with your public key, and there is the risk of forged messages that would appear to have come from you.

One-Time Key Methods

Often referred to as a "one-time pad" because they were most commonly used before machine methods became available. Two copies of a large collection of keys are printed. Each message (or portion of a long message) is encrypted with a key, which is then destroyed. The receiver decrypts with its copy and then destroys it.

The destruction is primarily to ensure against temptation to re-use the keys later.

Requires secure transmission of the keys to the two participants.

Still have a convenience-security trade-off of key length and of maximum message size used with each key.

Multiplexers

• A multiplexer provides the ability to convey multiple independent data streams through a single transmission channel. The most common form of multiplexer is used in a terminal network, connecting serial ports of multiple terminals to multiple serial ports on a distant central system, using only one serial connection between the pair of multiplexers.

• There are two standard types:

  Time-division multiplexers

  With this kind, each of the N connected terminals sees a consistent transmission speed equal to (1/N) times the speed of the shared transmission channel.

  Statistical multiplexers

  With this kind, if only a single terminal is active, it sees a transmission speed equal to that of the shared transmission channel, if two are active, each sees a speed of 1/2 that of the shared channel, and so on. The responsivness of the connection will be more variable, but both the best and the average speed will be faster than that of the more predictable time-division multiplexer.

• Multiplexers are not routinely used in a peer-to-peer computer network.

Cabling

• Copper wiring of all types is much more vulnerable to lightening-induced surges than optical fiber.

• UTP (unshielded twisted pair) wiring comes in various grades, with the more expensive permitting higher-speed data transmission over longer distances. The signal is carried as the potential difference between the two wires; the twisting causes the interference picked up in one loop of the twist to cancel that picked up in the next loop.

• TV-cable is a coaxial cable comparable to "thinwire" used for ethernet connections.

• Sometime the data transmission speed (bits/sec) will be the limiting factor. In other situations the delay time (sec) before transmission starts will be the limiting factor.

• There are many physical alternatives: ethernet, LocalTalk, Token Ring, ISDN, ATM, T1, modem, etc.

• The chemical composition of the plastic used for the insulation on coax or twisted-pair wiring must be chosen based on the physical location of that wire. If it will be placed in spaces that are also used by the building air circulation (most commonly, the space above a drop-ceiling, which may be used for return air circulation, a "plenum") then the insulation must not be made from a material that emits toxic gases in a fire. The plenum-safe cables usually cost significantly more than those that are not.

Baseband vs. Broadband

• Conventional ethernet and LocalTalk networking, for example, are described as "baseband." This means that the information is directly encoded in the electical variations of the signal on the wires, and those variations occur at a rate that matches the rate of information transmission (e.g., 10 Mbits/sec for ethernet data rate implies electrical signals that change 10 million times a second).

• Fiber-optics and TV-cable signals are described as "broadband." This means that the signals exhibit variations at a so-called "carrier" rate much higher than the rate of information transmission. This "modulation" of the carrier permits multiple independent channels of information to be present at the same time without interfering with each other. As a general rule, broadband networks require significantly more expensive electronics to interface each connected system.

NIC

• Many desktop machines have network interface circuitry built-in to the motherboard, and hence do not need a separate Network Interface Card.

• This has the advantages that the system software is more likely to be compatible and that the total cost is likely to be less.

• It has the disadvantage that enhancing it requires a change to the motherboard.

Wide Area Networks

• Commercial On-line Services: you connect by dialing in through conventional telephone and modem, logging in to their multi-user, timeshared system. Many of the resources you use are internal to that timeshared system. Examples include AOL, MSN, or Compuserve (which may merge with AOL).

• Internet Service Provider (ISP): you connect by dialing in through conventional telephone and modem, logging in to their multi-user, timeshared system. The only resources you use that are internal to their system are E-mail and web publishing. Frognet and Eurekanet are ISPs in Athens.

• Internet Access Provider (IAP): you lease a line from a telephone company (local, long distance, or data-only) and connect your end of the leased line to a router on your premises that is also connected to your Local Area Network. The other end of the leased line is connected to a router belonging to the IAP, through which it connects to the internet at large. The telephone company you lease the line from may also be your IAP.

  The line may be a conventional voice-grade connection, providing data throughput of up to 56 kbits/sec, or a higher capacity line. A common high-capacity line is called a "T1" and provides 1.54 Mbits/sec (a T1 line is used by the telephone company to carry 24 regular voice circuits).

  The OARnet link between Athens and Columbus was at one time six T1s in parallel, with four of them dedicated to Ohio University traffic. They were all in the same fiber optic cable, though, so a single inept backhoe operator could (and from time to time did) isolate us from the world!

  We now have a second data path that cannot be taken out by the same accident as the other path. Expense is a significant issue in providing such redunancy.

  If you use an IAP and want to use a timeshared system, you provide it for yourself, on your LAN, or you rent time separately on a system connected elsewhere on the internet. The Ohio Academic Resources Network (OARnet) is the statewide IAP through which Ohio University connects to the internet.

• Private WANs usually involve leased lines, with routers on your premises at both ends of the leased line. Protocols are most often TCP/IP or a proprietary network protocol, such as SNA, DECNET, etc.

Scaling

• Many business practices and many computer systems that work well on a small scale fail miserably when applied to larger environments. A physical example is the mechanical strength of bones, which requires that an elephant's legs be much stouter in proportion to the rest of the body than a mouse's legs are in proportion to its body.

Network Operating System

One usually uses the phrase "network operating system" to refer to the operating system on the server, with the understanding that there must also be a small component of software on the client systems, so that the rest of the client system's software can see the shared disk drives and printers as if they were locally attached.

The major NOS portion on the server has to be aware of multiple individuals' user IDs and passwords, and needs to keep multiple print jobs separated, rather than interleaving pages from one user's job with pages from another user's job.

The minor NOS portion on the client needs to know how to challenge the user for an ID and password, and how to transmit those to the server, but it is still sustaining fundamentally a single-user environment, and so one does not usually speak of the client system as "running an NOS," even though it is running system software that includes a small portion of NOS-aware code.

File serving accomplishes two goals: first, it permits documents to be visible to more than one person, supporting team collaboration. Second, it makes it possible to ensure that critical files will be backed up. This can happen if it is corporate policy to place all critical files on the file server, and not on the individual PC's hard disk. The file server is then equipped with a backup device (tape or cartridge disk, such as JAZ). Finally, a person is assigned the task, as part of his or her regular job duties, of performing the backup operation. In practice, this may well be the only way to secure proper backups of critical files.

Certification

• Learning how to be the system manager of a multi-user system, whether a Novell server, a Windows NT server, a unix system, or a VMS system, requires appropriately sophisticated technical formal education (e.g., Bachelor's degree in Computer Science or MIS) and many months of responsible working experience. The process can be accelerated somewhat by specific training (one or more 40-hour seminars, each likely to cost from $2,000 to $6,000, including travel, lodging, and meals).

• Commercial training is available for a number of certificates, including the following:
  • CNE (Certified Netware Engineer)
  • MCSE (Microsoft Certified Systems Engineer)
  • CCNA (Cisco Certified Network Associate)

• The learning process will require time for the staff member selected and will include on-the job experience, some of it painful for that person and for all the users of the shared system. Furthermore, once that training is complete, and the valuable skill acquired, a salary increase of 20% or more may well be required in order avoid having the person hired by someone else.

Corporate Policy Issues

• Privacy expectations of employees with respect to disk files on PCs, disk files on servers, and E-mail: government property and private property are subject to somewhat different rules. In general, the owner of the equipment can decide how it is to be used, but must clearly and unambiguously inform the users of those conditions.

• Acceptable uses of corporate resources.

Topology

• Physical: how do the wires run?

• Logical: where do the signals go?

• Bus: for example, LocalTalk and ethernet; there is a first node and a last node on the "daisy chain."

• Ring: for example, FDDI and IBM's Token Ring; there is no end; most versatile with dual "counter-rotating" paths: a single break in the circuit still leaves a working data path between every pair of nodes.

• Star: for example, IBM's original SNA; advantage that often the central eqiupment can automatically isolate the rest of the network from a failed node. Vulnerable to failure of that central equipment.

Printer Sharing

• The number of people per printer will depend on their tasks and locations.

• Productivity is lost if people have to take a hike to get their printed documents or if they have to wait around for their job to come out.

• In many situations it will make sense to have cheaper, slower printers at most work locations, with a smaller number of faster, higher quality printers shared centrally (color lasers, for example).

Wireless Networks

• Are by their nature broadband, and therefore require more expensive and more fragile electronics.

• Infrared is limited to a single room.

• Radio suffers on the following grounds
  • Security: it is easy to build scanners for eavesdropping.

  • Bandwidth (data transmission rate in bits/sec) for local circuits.

  • Latency (delay, especially round-trip delay for acknowledgments), especially for satellite circuits.

  • Distance: anything over a few miles is likely to require fancier antennas, more powerful transmitters, and more sensitive receivers.

  • Reliability (e.g., sensivitity to weather conditions).

• Radio does have the advantage of being usable in old masonry buildings through which it would be very difficult to drill holes for running copper or fiber cables.

Internet and Intranet

• Using the internet also makes you visible to potential suppliers who can then try to sell to you. This may provide access to better quality goods, and will surely promote price competition among your suppliers.

• Advertising: many companies find it logical to hire out the creation of advertising materials, and other companies do their own ads in-house. In the same way, hiring out the creation of on-line information is a reasonable choice, but is not the only way to do business.

• Because of the advertising function of many Web pages, it is appropriate to have at least some overlap of the Web team with the conventional advertising team.

• The world wide drive to improve internet technology automatically improves the available technology for use with intranets.

• The experience your employees gain in using the internet, and the skills they build, carries over to their use of the corporate intranet, and vice versa.

• Both internet and an intranet will speed up the transmission of viruses as well as useful information.

• No respectable E-mail system can spread a virus infection, except through attached documents. There is danger if those are executable programs or if they are Microsoft Office (Word or Excel) documents (which can contain embedded Macro program viruses). The latter are particularly difficult for conventional anti-virus software to deal with.

• Conventional filewalls flat-out prevent the passage of specified types of data packets from the external network to or from the internal network. They do not normally have a password that would let you slip through.

• Microsoft's FrontPage web site management software is highly restricted in the servers that it can work with: only the specific combination of hardware, operating system, and web server software that Microsoft has written plug-ins for will work to provide full functionality.

• Experience has shown that a significant number of people will print their E-mail. In order to avoid wasting paper, toner, and time, corporate policy will have to be made and enforced on the subject of which E-mails are to be printed, and which are not. Paper may be less subject to erasure than electronic storage, and so may be required for some documents. Professional auditors should be consulted in creating such policies.

Peer-to-Peer vs. Client-Server Networks

• Logically peer-to-peer networks provide for any node to be both server and client.

• Electronically peer-to-peer networks provide for any node to initiate communication.

• AppleTalk (both LocalTalk and EtherTalk) are peer-to-peer networks both logically and electronically.

• Terminal networks, such as IBM's original Systems Network Architecture ("SNA"), are typically heirarchical (or, in the current buzz-phrase, "client-server"), not peer-to-peer logically and not peer-to-peer electronically.

• Novell networks are logically client-server networks, usually implemented with ethernet (electronically peer-to-peer) connections.

• The internet, using TCP/IP protocols, is a peer-to-peer network.

Client-Server Applications

• One could argue that a terminal connected to a central system is an example of a client-server architecture. In this view, the firmware running in the micro-controller of the terminal provides the user interface (using 24 rows of 80 columns each to display standard characters, and sending any characters typed at the keyboard down the wire to the central system). However, this view is an extremist one. All of the "smarts" of the application are happening on the central system, the terminal is just dumbly displaying what is sent to it.

• Client-server applications are software that is divided so that part of the processing is done by a shared server program, and part of the processing is done by individual client programs. The network connecting the client and server can be peer-to-peer or client-server.

• Usually, but not always, the server software will run on a central system and the client software will run on individual systems. The World Wide Web is an example of client-server software, with the client usually running on the personal computer and the server running on a multi-user system. The PINE E-mail environment on OAK is an example of client-server software with both parts running on the same central system. Eudora and Simeon E-mail are examples of client-server software with the client part running on a personal computer and the server part running on a central system.

• Client-server software development projects are often very complex and challenging, both to design and to debug. One of the key advantages of Web software is that it provides much of the infrastructure for client-server software, simplifying the development of complete client-server applications. In particular, client-server software design requires the creation of a "protocol" - a standardized interface between the client and the server, and the creation of a client that provides the user interface, formatting information for display and accepting input from the user. Web technology does all of this before the project even starts! Web technology has the further advantage of being intrinsically multi-platform: any Web browser can be used to access any Web server. Using Web technology for client-server application projects permits the programmers to focus their efforts on the particular application, without having to invent a new user interface for each project.

• Web-based applications may involve gathering information from the user (using HTML "forms"), providing information to the user (using HTML to format the displayed information), or interactively using the information provided by the user to determine, select, and process the information to be presented to the user. Such dynamic page creation requires dedicated software. There are two extreme cases, although a real situation may involve each of them to varying degrees:
  • The dedicated software runs on the server, using the Common Gateway Interface ("CGI") to transfer information between the Web server and the dedicated software.

  • The dedicated software runs on the personal computer, using Java or similar technology.

• CGI programs have the advantage of running at high speed, because they can be written in compiled programming languages. They can be written in whatever programming language is most appropriate to the problem, is known by the programmer, and is supported on the server (e.g., ADA, C, C++, COBOL, FORTRAN, PASCAL, PERL, shell scripts, or SQL). PERL and shell scripts are interpreted languages, not compiled languages; as such, they are particularly burdensome to the server. They can access very large databases on the server, transferring to the browser (through the network) only the information sought. CGI programs have the disadvantage that a fixed system capacity on the server, or a fixed network capacity connecting the server to the clients, can be overwhelmed as more and more people use them.

• Java programs have the advantage that they run on the browsing system, hence more resources are available in exact proportion as more people use them, so overwhelming the server or network is very unlikely. Java programs have the disadvantages that they are written in an interpreted programming language, so they do not run efficiently. Furthermore, Java programs are only usable on browsers that have been designed to execute them. Java-capable browsers may (and in fact both Netscape and Microsoft have released browsers that did) have bugs that permit evil programmers to write Java-based Web pages that will destroy the files on the browser's hard disk. Designing an intranet application using Java will force all the people using it to configure their browser with Java turned on, and will therefore make them vulnerable at other times when they are surfing the Web, except in the unlikely case that they have the self-discipline to re-configure their browser as they shift between the Java-based internal application and external surfing.

• "Server-side includes" refers to a technique for writing Web pages in which the HTML is split among several files, with the master file having pseudo-HTML tags that direct the server to include the various other files. These "pre-processor directives" are interpreted by the server before it sends the requested page to the client. This can result in a page that is customized on-the-fly for the particular client, without going all the way to CGI or Java applications. This technique does result in an appreciably greater load on the server system than regular HTML, because the pages are being constructed on-the-fly, instead of simply being read off of the server's hard disk and flung down the wire.

Competition

• Just because everyone else is doing something doesn't mean it is the best choice for your company.

• The competitive advantage of any investment of resources may be disproportionate in the early stages, but will eventually diminish as that investment is increased. There is, therefore, a real danger of over-investment in the latest "hot" technology.

Dick Piccard revised this file (http://oak.cats.ohiou.edu/~piccard/mis300/netextra.htm) on October 6, 1998.

Please E-Mail comments or suggestions to "piccard@ohio.edu ".