3.2 Identify the basic capabilities of client workstations
(i.e. client connectivity, local security mechanisms and authentication).
A "client" is a node on a network that communicates
with a server, which means it is part of a Client/Server network. The client is
where most of the data input is done (compared to the server, where much of the
data communication and connectivity is done). Typically, a client uses the
server for storage, backups, or security (a good example would be a firewall).
Sites generally implement Client/Server networks when the number
of devices on the network surpasses the 10- to 15-device recommended maximum of
the peer-to-peer
network . In addition to offering only limited resources for managing a
network, peer-to-peer offers NO user-level
security . The share-level security it does offer is often not adequate over
the network, and non-existent at the local machine itself.
The server end of this environment is relatively simple. The
server runs software that allows it to service client requests. The benefits of
this include:
- Optimization: a well designed server will quickly service client
requests.
- Centralization: files are stored in one central location (at least
virtually), which makes file administration easier.
- Security: more layers of permissions become available, meaning that
it's much harder for unauthorized users to gain access and do damage.
- Redundancy and Back-up: data can be stored in more than one way and
in more than one location, and still be readily accessible. Plus, if one
backup fails, there’s another to take its place.
A client-server network provides more flexibility than a
peer-to-peer network:
- It is more scalable. As traffic increases, you can add another server to
handle the additional load.
- You can distribute tasks to various servers, which shares the work load
and allows these tasks to be done more efficiently.
- It is more secure. All user names, access rights, and passwords are stored
in one central location (may be replicated to other servers to share tasks
and backup the user database).
- Depending upon the features of the operating system, the user database is
accessed and maintained only by accounts with administrator privileges.
Individual users' physical access to the server(s) may be restricted easily.
Peer-to-peer
vs Client/Server Networks
Purdue
University Article on Client/Server Networks
Microsoft
Article on User-Level and Share-Level Securities
3.3 Identify the main characteristics of VLANs
VLANs (Virtual Local Area Networks) are groups of network nodes
that form a single broadcast
domain based upon logical associations rather than physical connections or
location. VLANs usually use a switch operating at Layer 2 of the OSI Model, but
you’ll usually (but not always) need a Layer 3 device, such as a router, to
allow VLANs to communicate with each other. For the exception, click here
to read about one network’s “router-on-a-stick” design.
VLAN Benefits
- Better bandwidth management – Compared to its hub-serviced (and
bandwidth challenged) alternative, VLANs isolate traffic. Even if a device
goes off the deep end and sends out broadcasts, multicasts, or unicasts, it
only affects the particular segment that it’s connected to. No other
segment will hear those messages. This is great for dealing with broadcast
storms or troubleshooting a hard to track down issue.
- Reduced administration costs - VLANs provide an effective mechanism
to control changes, such as physical movement of users within a network, and
reduce hub and router configuration costs. VLAN users share network address
space, no matter where they are physically. If a group of users moves
physically but their group remains in the same VLAN connected to a switch
port, their network address will not change. All this greatly simplifies the
rewiring, configuration, and debugging usually required to get a user back
online.
- Well-defined workgroups - Since members of workgroups tend to
communicate more among themselves, grouping them together logically will
limit much of their traffic to their own segment defined by the VLAN. You
also can assign VLANs based upon application type and the amount of an
application's broadcasts that can be expected. So, users who share
broadcast-intensive applications can be isolated in the same VLAN.
- Improved network security - By restricting users to their VLAN, you
limit their ability to see other devices on the network. VLANs also can be
used to provide security firewalls, restrict individual user access, flag
any unwanted intrusion into the network, and control the size and
composition of the broadcast domain.