Lesson 7: Explaining Network Application and Storage Services

DiffServ Code Point (DSCP)

DiffServ is an IP (layer 3) service tagging mechanism. It uses the Type of Service field in the IPv4 header (Traffic Class in IPv6) and renames it the Differentiated Services field. The field is populated with a 6-byte ___________ by either the sending host or by the router. Packets with the same DSCP and destination are referred to as Behavior Aggregates and allocated the same Per Hop Behavior (PHB) at each DiffServ-compatible router.

Layer 4 load balancer

Early instances of load balancers would base forwarding decisions on IP address and TCP/UDP port values (working at up to layer 4 in the OSI model). This type of load balancer is stateless; it cannot retain any information about user sessions.

TCP port 443

Encrypted traffic between the client and server is sent over _________ (by default), rather than the open and unencrypted port 80. A web browser will open a secure session to a server providing this service by using a URL starting with https:// and it will also show a padlock icon in the address bar to indicate that the connection is secure. A website can be configured to require a secure session.

Foreign Exchange Subscriber (FXS) gateway

Finally, a VoIP gateway or adapter can be used to connect legacy analog handsets and fax machines to a VoIP PBX. This type of device is also called a _______________.

Multiprotocol Label Switching (MPLS)

For example, if a network link is congested, there is nothing that DiffServ and 802.1p can do about it, but a protocol such as ________________ with QoS functionality can reserve the required bandwidth and pre-determine statistics such as acceptable packet loss and maximum latency and jitter when setting up the link.

Public Key

HTTP Secure (HTTPS) is a subset of HTTP that allows for a secure dialog between the client and server using SSL/TLS. To implement HTTPS, the web server is assigned a digital certificate by some trusted certificate authority (CA). The certificate proves the identity of the server, assuming that the client also trusts the CA. The certificate is a wrapper for a public/private encryption key pair. The private key is kept a secret known only to the server; the ________ is given to clients via the digital certificate.

Stateless protocol

HTTP is a ________; this means that the server is not required to preserve information about the client during a session. However, the basic functionality of HTTP servers is also often extended by support for scripting and programmable features (web applications).

Incorrect time

If a server or host is configured with the __________, it may not be able to access network services. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices. In this situation, errors are likely to be generic failed or invalid token type messages. Always try to rule out time synchronization as an issue early in the troubleshooting process.

Root certificate

If the certificate presented by a subject (server or user) is not trusted by the client application (such as a browser), the client will notify the user. The most common reason for a certificate not to be trusted is that the certificate issuer is not trusted. If you trust the issuer, you can add their certificate to the client device's _____________ store.

Data deduplication

Refers to techniques to consolidate multiple copies of the same file in a single location. _____________ is greatly facilitated by storage virtualization, as each user reference to a file can point to the same physical file location (without the user having to track where this might be).

Non-delivery report (NDR)

SMTP is not used for transferring the message from the recipient's SMTP server to its email client because it requires that both source and destination are online to make a connection. The SMTP server retries at regular intervals before timing out and returning a ____________ to the sender. The ______will contain an error code indicating the reason the item could not be delivered.

Mailbox

SMTP is useful only to deliver mail to hosts that are permanently available. Mail users require the convenience of receiving and reading their mail when they choose. A __________ access protocol is designed to allow mail to be downloaded to the recipient's email client at his/her convenience.

Cookies

Servers can also set text file ________ to preserve session information.

Server Message Block (SMB)

This protocol _____ allows a machine to share its files and printers to make them available for other machines to use. On legacy networks, ______ ran as part of the NetBIOS API on TCP port 139. If no legacy client support is required, however, _______ is more typically run directly over TCP port 445. ________ should be restricted to use only on local networks.

VoIP PBX

This type of PBX is being replaced by hybrid and fully IP/______. A _________ maintains a list of the internal accounts assigned to user endpoint devices. For internal calls and conferences, the PBX establishes the connection between local VoIP endpoints with data transmitted over the local Ethernet network. A ________ can also route incoming and outgoing calls with external networks. This might involve calls between internal and external VoIP endpoints, or with voice telephone network callers and receivers. A _________ will also support features such as music on hold and voice mail. _________ can be implemented as software running on a Windows or Linux server.

Virtual machine monitor (VMM)

Manages the virtual environment and facilitates interaction with the computer hardware and network.

Network Time Protocol (NTP)

Many applications on networks are time-dependent and time-critical, such as authentication and security mechanisms, scheduling applications, and backup software. The _____________ enables the synchronization of these time-dependent applications. _____ works over UDP on port 123.

Transport Layer Security (TLS)

One of the critical problems for the provision of early e-commerce sites was the lack of security in HTTP. Under HTTP, all data is sent unencrypted, and there is no authentication of client or server. Secure Sockets Layer (SSL) was developed by Netscape in the 1990s to address these problems. SSL proved very popular with the industry. ______________was developed from SSL and ratified as a standard by the IETF.

Secure Sockets Layer (SSL)

One of the critical problems for the provision of early e-commerce sites was the lack of security in HTTP. Under HTTP, all data is sent unencrypted, and there is no authentication of client or server. ____________________ was developed by Netscape in the 1990s to address these problems. SSL proved very popular with the industry. Transport Layer Security (TLS) was developed from SSL and ratified as a standard by the IETF.

Apache

Open source software and powerful, robust features combine to make this server the most popular. It is available for UNIX, Linux, Mac OS X®, and Windows, but it is most widely deployed on Linux. ___________ accounts for about 50% of the most active websites.

Virtual machines (VMs)

Operating systems installed under the virtual environment. The number of operating systems is generally only restricted by hardware capacity.

Internet Message Access Protocol (IMAP)

POP has some significant limitations, some of which are addressed by the _______________. Clients connect to an ______ server over TCP port 143. SMTP is still needed to support mail delivery. Like POP, _______ is a mail retrieval protocol, but with mailbox management features lacking in POP. ______ supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. It also allows a client to manage the mailbox on the server (to organize messages in folders and to control when they are deleted, for instance) and to create multiple mailboxes.

TCP offload

The ability to group HTTP packets from a single client into a collection of packets assigned to a specific server.

Microsegmentation

The basic function of an Ethernet switch is ___________: that is, putting each port in its own collision domain so that the effect of contention on the network is eliminated and two hosts can in effect establish point-to-point, full-duplex links.

Caching

As some information on the web servers may remain static, it is desirable for the load balancer to provide a caching mechanism to reduce load on those servers.

Layer 7 load balancer (content switch)

As web applications have become more complex, modern load balancers need to be able to make forwarding decisions based on Application-level data, such as a request for a set of URLs or data types like video or audio streaming. This requires more complex logic, but the processing power of modern appliances is sufficient to deal with this.

Service Level Agreement (SLA)

As with any third-party service, analyze the ______________ to confirm what the ISP is contracted to do and satisfy yourself that these obligations are being met (for example, demand reports of backup operations, security patch management, effective account management, and so on).

Certificate authority (CA)

HTTP Secure (HTTPS) is a subset of HTTP that allows for a secure dialog between the client and server using SSL/TLS. To implement HTTPS, the web server is assigned a digital certificate by some trusted _______________. The certificate proves the identity of the server, assuming that the client also trusts the ________. The certificate is a wrapper for a public/private encryption key pair. The private key is kept a secret known only to the server; the public key is given to clients via the digital certificate.

Bare metal

A ________ virtual platform means that the hypervisor (Type I hypervisor) is installed directly onto the computer and manages access to the host hardware without going through a host OS.

VoIP gateway

A _________ is a means of translating between a VoIP system and voice-based equipment and networks, such as public switched telephone network (PSTN) lines.

VoIP/SIP endpoint

A __________ can be implemented as software running on a computer or smartphone or as a dedicated hardware handset. ________ can establish communications directly in a peer-to-peer architecture, but it is more typical to use intermediary servers, directory servers, and VoIP gateways.

Network attached storage (NAS)

A ___________ appliance is a hard drive (or RAID array) with a cut-down server board, usually running some form of Linux, that provides network access, various file sharing protocols, and a web management interface. The appliance is accessed over the network, either using a wired Ethernet port—in a SOHO network, you would plug it into an Ethernet port on the Internet router—or Wi-Fi. At layer 3, the ______ is allocated an IP address.

Private branch exchange (PBX)

A ____________ is an automated switchboard providing a single connection point for an organization's voice lines. A TDM-based _______ connects to the telecommunications carrier over a digital trunk line, which will support multiple channels (inward and outward calls). The _________ allows for the configuration of the internal phone system to direct and route calls to local extensions, and provides other telephony features such as call waiting, music on hold, and voice mail. ___________ is supplied as vendor-specific hardware.

Load balancer

A bottleneck could be eased by upgrading the affected link or system, but if this is not possible, additional links and systems can be added and the service managed by a __________. A _________ distributes client requests across available server nodes in a farm or pool. Clients use the single name/IP address of the ________ to connect to the servers in the farm. This provides for higher throughput or supports more connected users. A __________ also provides fault tolerance. If there are multiple servers available in a farm, all addressed by a single name/IP address via a ________, then if a single server fails, client requests can be routed to another server in the farm.

Uniform Resource Locator (URL)

A client connects to the HTTP server using an appropriate TCP port (the default is port 80) and submits a request for a resource, using a __________. The server acknowledges the request and responds with the data (or an error message).

Private key

HTTP Secure (HTTPS) is a subset of HTTP that allows for a secure dialog between the client and server using SSL/TLS. To implement HTTPS, the web server is assigned a digital certificate by some trusted certificate authority (CA). The certificate proves the identity of the server, assuming that the client also trusts the CA. The certificate is a wrapper for a public/private encryption key pair. The _______ is kept a secret known only to the server; the public key is given to clients via the digital certificate.

Server consolidation

A typical hardware server may have resource utilization of about 10%. This implies that you could pack the server computer with another 8 or 9 server software instances and obtain the same performance. This saves on equipment costs and can reduce energy consumption.

nginx

An open source web server and load balancer specially designed to cope with very high traffic. __________ accounts for about 17% of the active sites.

Real-time services

Are those that require response times measured in milliseconds (ms), because delayed responses will result in poor call or video quality. This type of data can be one-way, as is the case with media streaming, or two-way, as is the case with VoIP and video teleconferencing (VTC).

External

Binds to the host's NIC to allow the VM to communicate on the physical network via a bridge.

Microsoft Internet Information Server (IIS)

Bundled with Windows Server® (and client versions of Windows). _________ accounts for about 12% of busy sites.

Voice over IP (VoIP)

Can provide both short-range and long-haul communications, so it can replace traditional telephone links by converting and then transmitting analog voice communications to digital signals sent over data cabling. As in a typical packet-switched network, digital signals are broken down into packets, to transmit voice as data. After reassembling the packets, the digital signals are reconverted into audio signals. Because voice communications are time-sensitive, the system must ensure that packets arrive complete and in sequence.

URL writing

Changing the URL requested by a client on the fly can be performed to disguise the actual location of content, make a complex URL more readable, perform Search Engine Optimization (SEO), and disguise active content to make attacking the server more difficult (rewriting .php file extensions to .html, for instance).

Internal

Creates a bridge that is usable only by VMs on the host and the host itself. This type of switch does not permit access to the wider physical network.

Private

Creates a switch that is usable only by the VMs. They cannot use the switch to communicate with the host.

Self-assigned

Frequently, certificates are untrusted because they are _________ (the certificate holder is both the issuer and the subject of the certificate). This is often the case with the certificates used to protect the web management interfaces of budget appliances and server applications.

Digital certificate

HTTP Secure (HTTPS) is a subset of HTTP that allows for a secure dialog between the client and server using SSL/TLS. To implement HTTPS, the web server is assigned a ____________ by some trusted certificate authority (CA). The certificate proves the identity of the server, assuming that the client also trusts the CA. The certificate is a wrapper for a public/private encryption key pair. The private key is kept a secret known only to the server; the public key is given to clients via the digital certificate.

Port 995

Like other TCP application protocols, unless an encryption service is configured, POP transfers all information as cleartext. This means anyone able to monitor the session would be able to obtain the user's credentials. POP can be secured by using SSL/TLS. The default TCP port for secure POP (POP3S) is ______________.

Guest OS (host-based)

In a __________ system, the hypervisor application (known as a Type II hypervisor) is itself installed onto a host operating system.

Storage area network (SAN)

In a virtual storage platform, a software layer is inserted between client OSes and applications and the physical storage medium—a ____________. This abstraction makes it easier to expand or shrink storage capacity allocated to any given client without having to reconfigure the client. It can also simplify operations such as backup, replication, and migration by consolidating data storage in one physical location.

HTTP Secure (HTTPS)

Is a subset of HTTP that allows for a secure dialog between the client and server using SSL/TLS. To implement __________, the web server is assigned a digital certificate by some trusted certificate authority (CA). The certificate proves the identity of the server, assuming that the client also trusts the CA. The certificate is a wrapper for a public/private encryption key pair. The private key is kept a secret known only to the server; the public key is given to clients via the digital certificate.

Virtualization

It means that multiple operating systems can be installed and run simultaneously on a single computer.

Traffic shaper

Protocols, appliances, and software that can apply Control, Data, and Management plane can be described as _________ or bandwidth shapers. _________ enable administrators to closely monitor network traffic and to manage that network traffic. The primary function of a __________ is to optimize network media throughput to get the most from the available bandwidth.

Virtual Desktop Infrastructure (VDI)

Provision client desktop instances as VMs. This allows low-cost thin client PC hardware to be deployed and provides better management over desktop configuration and updates.

Fibre Channel over Ethernet (FCoE)

Provisioning separate Fibre Channel adapters and cabling is expensive. As its name suggests, _____________ is a means of delivering Fibre Channel packets over 10G Ethernet cabling, NIC/HBAs [referred to as converged network adapters (CNAs)], and switches. _________ uses a special frame type, identified by the EtherType value 0x8096. The protocol maps WWNs onto MAC addresses.

RTP Control Protocol (RTCP)

RTP does not guarantee reliability or real-time delivery. In fact, depending on the underlying network technology, this may be impossible to achieve. Instead, RTP works closely with the _____________. Each RTP stream uses a corresponding ______ session to monitor the quality of the connection and to provide reports to the endpoints. These reports can then be used by the applications to modify codec parameters or by the network stacks to tune Quality of Service (QoS) parameters.

Tail drop

Simpler devices, performing traffic policing, do not offer the enhanced traffic management functions of a shaper. For example, typical traffic policing devices will simply fail to deliver packets once the configured traffic threshold has been reached (this is often referred to as _________).

Application virtualization

Software is run on the server and either accessed by a remote desktop client or streamed to the client PC.

Port 465

Some providers and mail clients use this port for message submission over implicit TLS (SMTPS), though this usage is now deprecated by standards documentation.

Offline storage

Storage virtualization also assists the implementation of tiered storage hierarchies. The principle here is of where to store archived information. An __________ medium might require physical interaction to access the data, such as putting a tape into a drive.

Nearline storage

Storage virtualization also assists the implementation of tiered storage hierarchies. The principle here is of where to store archived information. _________ refers to technology such as tape loaders or "slow" hard disk media that can operate in low-power states.

Simple Mail Transfer Protocol (SMTP)

The ____________________ specifies how email is delivered from one system to another. It is a relatively straightforward protocol that makes the connection from the sender's server to that of the recipient and then transfers the message.

Configurable load

The ability to assign a specific server in the farm for certain types of traffic or a configurable proportion of the traffic.

Virtual Private Server (VPS)

The ISP allocates you a virtual machine (VM) on a physical server. This is isolated from other customer instances by the hypervisor.

Dedicated server

The ISP allocates your own private server computer. This type of service is usually unmanaged (or management comes at additional cost).

Session Initiation Protocol (SIP)

The ___________ is one of the most widely used session control protocols. ______ endpoints are the end-user devices (also known as user agents), such as IP-enabled handsets or client and server web conference software. Each device, conference, or telephony user is assigned a unique _____address known as a _____ Uniform Resource Indicator (URI).

Differentiated Services (DiffServ)

The ____________ framework (RFC 2474) classifies each packet passing through a device. Router policies can then be defined to use the packet classification to prioritize delivery. _________ is an IP (layer 3) service tagging mechanism. It uses the Type of Service field in the IPv4 header (Traffic Class in IPv6) and renames it the _________ field.

Post Office Protocol (POP)

The ____________ is an early example of a mailbox protocol. _____ is often referred to as ____3 because the active version of the protocol is version 3. A ______ client application, such as Microsoft Outlook® or Mozilla Thunderbird®, establishes a connection to the ____ server on TCP port 110. This can be a different service running on the same machine as the SMTP server. The user is authenticated (by username and password), and the contents of his or her mailbox are downloaded for processing on the local PC.

Host(s)

The platform that will host the virtual environment. Optionally, there may be multiple computers networked together.

Real-time Transport Protocol (RTP)

The principal one is _______________. __________ enables the delivery of a stream of media data via UDP, while implementing some of the reliability features usually associated with TCP communications. The data is packetized and tagged with control information (sequence numbering and timestamping). UDP is used to minimize overhead and because some of the reliability features of TCP could adversely affect the quality of a media stream.

HyperText Markup Language (HTML)

The response and request formats are defined in the HTTP header. The HTTP payload is usually used to serve ________web pages, which are plain text files with coded tags ________ describing how the page should be formatted. A web browser can interpret the tags and display the text and other resources associated with the page, such as binary picture or sound files linked to the ________ page.

Foreign Exchange Office (FXO) gateway

There are many types of VoIP gateways, serving different functions. For example, a company may use VoIP internally, but connect to the telephone network via a gateway. To facilitate this, you could use a hybrid or hardware-based VoIP PBX with a plug-in or integrated VoIP gateway, or you could use a separate gateway appliance. There are analog and digital types to match the type of incoming landline. An analog version of this type of gateway is also called a ___________.

Quality of Service (QoS)

These protocols and appliances are designed to support real-time services on packet-switched networks. Applications such as voice and video that carry real-time data have different network requirements to the sort of data represented by file transfer. Provides information about the connection to a _____ system, which in turn ensures that voice or video communications are free from problems, such as dropped packets, delay, or jitter.

SMTPS

This establishes the secure connection before any SMTP commands (HELO, for instance) are exchanged. This is also referred to as implicit TLS.

STARTTLS

This is a command that upgrades an existing unsecure connection to use TLS. This is also referred to as explicit TLS or opportunistic TLS.

General Positioning System (GPS)

Top-level NTP servers (stratum 1) obtain the Coordinated Universal Time (UTC) from a highly accurate clock source, such as an atomic clock accessed over the _______________. Lower-tier servers then obtain the UTC from multiple stratum 1 servers and sample the results to obtain an authoritative time.

Virtual switch

Typically, a hypervisor will implement network connectivity by means of one or more _________es (or vSwitch in VMware's terminology). These perform the same function as layer 2 physical switches, except that they are implemented in software instead of hardware. Connectivity between the virtual network adapters in the guest VMs and the _______es is configured via the hypervisor. This is analogous to connecting patch cables between real computers and real switches.

Port 587

Used by mail clients or message submission agents (MSAs) to submit messages for delivery by an SMTP server. Servers configured to support port 587 should use STARTTLS and require authentication before message submission.

Port 25

Used for message relay between SMTP servers, or message transfer agents (MTAs). If security is required and supported by both servers, the STARTTLS command can be used to set up the secure connection.

Session control

Used to establish, manage, and disestablish communications sessions. They handle tasks such as user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.

Apache Tomcat

Used to host Java-based applications.

HyperText Transfer Protocol (HTTP)

Websites and web applications are perhaps the most useful and ubiquitous of network services. Web technology can be deployed for a huge range of functions and applications, in no way limited to the static pages of information that characterized the first websites. The foundation of web technology is the ___________. _________ enables clients (typically web browsers) to request resources from a _________ server.

SSL offload

When you implement SSL/TLS to provide for secure connections, this imposes a load on the web server (or another server). If the load balancer can handle the processing of authentication and encryption/decryption, this reduces the load on the servers in the farm.

Storage area network (SAN)

Where NAS is typified as providing access to clients at file level (File I/O), in a _____________, access is provided at block level. Each read or write operation addresses the actual location of data on the media (Block I/O). This is much more efficient for database applications, as it does not mean copying the whole file across the network to access a single record. A ____ can integrate different types of storage technology—RAID arrays and tape libraries, for instance. It can contain a mixture of high-speed and low-cost devices, allowing for tiered storage to support different types of file access requirements without having to overprovision high-cost, fast drives. Unlike NAS, the ____is isolated from the main network. It is only accessed by servers, not by client workstations.

Bottleneck

Where a network has high bandwidth requirements or applications that are sensitive to latency, performance problems could be exacerbated by a _______. A __________ is a link or forwarding/processing node that becomes overwhelmed by the volume of traffic.

Bursty

With "ordinary" data, it might be beneficial to transfer a file as quickly as possible, but the sequence in which the packets are delivered and the variable intervals between packets arriving do not materially affect the application. This type of data transfer is described as ______.

Virtual NIC

Within the VM, the _______ will look exactly like an ordinary network adapter and will be configurable in the same way. For example, protocols and services can be bound to it, and it can be assigned an IP address. In other words, a ________ functions identically to a physical NIC for data transmission; it is just wholly software-based instead of being a combination of physical hardware, firmware, and driver software.

Management plane

monitors traffic conditions.

Shared hosting

Your website is hosted within a private directory on a shared server. Performance can be severely affected by other sites hosted on the server, because all the sites are competing for the same resources.

Cloud hosting

Your website is run on a cloud over several hardware computers, allowing more scalability if demand patterns change.

Jitter

_______ is defined as being a variation in the delay. __________ manifests itself as an inconsistent rate of packet delivery. ________ is also measured in milliseconds, using an algorithm to calculate the value from a sample of transit times.

Latency

________ is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms).

H.323

__________ is an alternative session control protocol to SIP. It predates SIP, having been first standardized by the ITU-T in 1996, although the current version was published in 2009. In the _________ model, endpoints (known as terminals) connect to gatekeepers in order to request services. When used for standard VoIP communications, the respective gatekeepers of the two endpoints communicate to establish whether the connection will be allowed, and then the endpoints communicate directly with one another to establish the session.

Direct-attached storage

__________ means that the data a server hosts is stored on its internal hard drives or on a USB or eSATA external device connected only to that server.

Class of Service (CoS)

__________ mechanisms such as DiffServ and 802.1p just categorize protocols into groups that require different service levels and provide a tagging mechanism to identify a frame or packet's class.

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

______________ works as a layer between the Application and Transport layers of the TCP/IP stack, or, in OSI terms, at the Session or Presentation layer.

Load balancing switch (multilayer switch)

__________es provide switching functionality higher up the OSI model, at layer 4 or at layers 4-7, respectively. In TCP/IP terms, these are the Transport (TCP) and Application (HTTP) layers. Layer 4 or 4-7 switches are used for load balancing applications, typically for the web (HTTP and HTTPS) or SSL-based VPNs, although they can be used to switch for any specified TCP or UDP port.

Data plane

handles the actual switching of traffic.

Control plane

makes decisions about how traffic should be prioritized and where it should be switched.