The set of server and client parts of the OS providing access to a specific type of computer resource through the network is called a network service. In the example above, the client and server part of the OS, which jointly provide access via the network to the computer file system form the file service.

It is said that the network service provides network users some set of services. These services are sometimes called the network service (from the English-speaking term "Service"). It should be noted that this term in the technical literature is translated as "service", and both "service" and as a "service". Although the specified terms are sometimes used as synonyms, it should be borne in mind that in some cases the difference in the values \u200b\u200bof these terms is fundamental. Further in the text under the "service" we will understand the network component that implements some set of services, and under the "service" - a description of the set of services provided by this service. Thus, the service is the interface between the consumer services and the service provider (service).

Each service is associated with a specific type of network resources and / or a certain way to access these resources. For example, the print service provides network users access to shared network printers and provides a print service, and the postal service provides access to the network information resource - emails. The way to access resources is different, for example, service remote access - It provides users computer network Access to all its resources through switched telephone channels. To obtain remote access to a specific resource, such as a printer, the remote access service interacts with the print service. The most important for users of the network OS is the file service and the print service.

Among the network services, you can select those that are not focused on a simple user, but on the administrator. Such services are used to organize the network. For example, the Bindery service of the Novell NetWare 3.x operating system allows the administrator to database on network users of the computer on which this OS is running. More progressive is an approach with the creation of a centralized reference service, or, differently, the directory service, which is intended for maintaining a database not only about all network users, but also about all its software and hardware components. NOVELL and Streettalk NDS are often given as NDS of the NOVELL and StreetTalk company of Banyan. Other examples of network services that provide the service administrator are a network monitoring service that allows you to capture and analyze network traffic, the security service, in the function of which can be included, in particular, the execution of a logical entry procedure with a password check, service reserve copy and archiving. From how much a rich service kit offers an operating system to end users, applications and network administrators depends on its position in the total number of network OS.

Network services are by their nature are client-server systems. Since when implementing any network service Naturally there is a source of queries (client) and the executor of requests (server), then any network service contains two asymmetric parts in its composition - client and server (Fig. 2.2). The network service can be represented in the operating system or both (client and server) parts, or only one of them.

Fig. 2.2.

It is usually said that the server provides its resources to the client, and the client uses them. It should be noted that when providing a network service of some service, resources are used not only by the server, but also the client. The client can spend a significant part of its resources (disk space, processor time, etc.) to maintain the operation of the network service. For example, when implementing the postal service on a client disk, a local copy of the database containing its extensive correspondence can be stored. In this case, the client performs a great job when generating messages in various formats, including complex multimedia, supports the maintenance of the address book and performs many more different auxiliary work. The principled difference between the client and the server is that the client is always the initiator of the work of the work of the network service, and the server is always in passive queries' expectation mode. For example, mail server delivers mail to the user's computer only when the request from the mail client is received.

Usually, the interaction between client and server parts is standardized, so that one type of server can be designed to work with clients of different types, implemented in various ways and, maybe different manufacturers. The only condition for this - clients and the server must support the overall standard interaction protocol.

In terms of high competition, the business expects from the IT unit, and therefore the IT manager, ensuring the high availability of IT systems and services, as well as their development in accordance with changing and not always projected requirements. Since networks and network services (actually data transfer, as well as telephony, video conferencing, access to corporate IT resources from remote sites, etc.) are critical for the functioning of IT as a whole, the task of ensuring their reliability acquires particular importance .

Risks

The first series of obstacles is risks. It is impossible to completely avoid them, nevertheless you can and minimize them.

Technical risks. Even the most perfect technique may refuse. It is necessary to assess the possible consequences of a business failure and take measures to level them or minimize.

Human risks. Frame fluidity, temporary unavailability of the desired employee, the insufficient qualifications of a specialist may make it difficult or to make it impossible to fulfill the IT division of its functions at a critical moment.

Financial risks. The solution of unexpected tasks, such as large-scale failures, eliminating Internet attacks, urgent expansion or implementation of information systems or services is not always supported by sufficient budget reserves, including overhaul.

Organizational risks . It is difficult for the company, and it is not advantageous to organize and maintain rarely used complex processes, such as elimination of large-scale failures or mass migrations. There are often shortcomings in the workflows and documentation, which is also usually associated with the cost savings.

Control

The network and network services can be viewed as an object of management, in which the IT manager organizes and controls many functions, including:

• network equipment and service management (administration);
• local support for equipment and users of services, in particular on remote sites. Often, local support is made by external resources with respect to the IT division, which further complicates the management task;
• supply and logistics;
• network development - planning, design, implementation;
• manage third parties (vendors, contractors, Internet and telephony providers), coordination of their actions with the internal IT team and among themselves;
• budgeting, including predicting expenditure articles and budget spending control, as well as budget adjustment actions in case of unforeseen expenses;
• personnel Management. Selection, training, development, retention of employees - Functions not only by the personnel department, they require high costs of strength and time and from linear managers.

Management is the cost process. It requires resource attracting no matter how they are monitored and the corresponding costs are rated. Well, if managers or coordinators are assigned to manage various processes and functions, in the worst case, technical experts and managers are distracted from the main activity. There is a risk of improving the management of micro-generation and fragmentation of managerial tasks and processes. The result is the growth of unproductive costs.

Resources

Resources are always limited, every year restrictions become tougher, and the IT managers have to look for ways to solve these tasks with these restrictions.

The budget is never enough. A rare IT leader considers IT budget sufficient, and the current economic situation and deterioration of financial indicators of companies lead to even greater cost reductions. In recent years, world currencies in recent years, on the contrary, pushing the costs up - the currency component of IT costs is consistently high.

Limited human resources. Moreover, this applies to both domestic resources - full-time and freelancers and labor market resources, especially outside major cities. With high-level specialists or rare profile, the situation is even more complicated.

A number of companies have encountered sanction restrictions on the part of the United States and the EU who have made the maintenance of many vendors of network equipment and software for them.

SOLUTION - SERVICE

What to do, when you have a series of obstacles and a ball of problems: risks, costs, lack of resources, - and all this with consistently high business requirements? Probably, you can mobilize all IT resources to solve the listed problems, but will it be enough, will it be enough for experience and qualifications? Is there a more suitable way out?

This output can be the use of network services from a qualified contractor. Today there are service proposals on the market, which suggests the different degree of contractor involvement in the development and support of the operation of the network infrastructure and customer services. You just need to choose those that are suitable for you.

Service objects can be a corporate data network, including geographically distributed, voice and video communication systems, conference systems. If we are talking about the solutions of the operator class, you can charge the Contractor to implement and support such technologies such as DPI (Deep Packet Inspection, Deep Traffic Analysis), DSR (Diameter Signaling Router, Signal Traffic Routing System for 3G / 4G Networks) and others. On the market There are proposals for qualified integration and support for most hardware and software solutions of the world's leading manufacturers.

Structure of network services

Consider the structure of proposals for network services and their levels presented on figure 1.

Basic services

Services of this level include basic technical support, which provides for repairing or replacing failed devices or their components in the event of a customer's appeal. The service object in this case is a separate device, even if there are many devices on support. In contrast, the basic services are provided in accordance with SLA, i.e. As part of the agreed response time on the treatment and performance of repair work.

The cost of basic services is minimal, but minimal and their value for the customer. Basic services do not provide for maintaining the functionality of systems at the time of elimination of failure, in particular search and applying bypass decisions or replacing equipment. In addition, they do not provide the configuration and system settings to the state to failure. The basic level network services do not save the customer from the need to have its own qualified personnel, as well as manage all operational processes.

Extended support

Extended support includes a number of services in addition to the basic:

Elimination of incidents;

Expert support;

Monitoring.

Elimination of incidents It implies the full range of works to restore the operation of systems and software, and not just physical replacement or repair of devices and components. To quickly eliminate the incident and restore system functionality and services, a temporary change in configurations and settings can be applied to the initial state upon completion of all repair activities. At the time of recovery work is provided by substitutable equipment.

Expert support It provides for a connection to solving complex and border (related) issues of the highest level experts (3rd support line), it provides solving all operational tasks, with the exception of those that require the connection of the vendor. As part of this type of support, the Customer also provides advice from the expert level.

Monitoring systems and services include continuous tracking of their status, as well as periodic control of statistical indicators. This allows you to prevent the occurrence of critical failures or speed up their elimination.

As an object of service in this case, the whole subsystem of the customer's network infrastructure is already performing: a data network, telephony system, video conference system, and not separate devices. The contractor is responsible for the performance of the system as a whole, therefore, the SLA provides for the timing of eliminating the refusal or indicators of the availability of relevant services.

Extended support allows you to reduce the number of critical failures and the time of the downtime of the system, reduces the risks by creating a single area of \u200b\u200bresponsibility for the functioning of systems, reduces customer needs in qualified personnel and management costs.

Operational support

Within the framework of operational support, all extended support services are provided, in addition to them, system management and service management services, IT proceedings, as well as third parties management.

Management of systems and services It implies the execution of routine operations, such as backup, testing, preventive inspections, etc., current reconfiguration of systems and the introduction of current changes, managing network services, support for audiovisual measures, etc.

IT Process Management It is aimed at streamlining the necessary IT functions and can be described in the terms ITIL / ITSM. This service category includes, for example, configuration management (Capacity Management), change control (Change Management).

Third parties management Provides management and coordination of actions with other contractors, as well as Internet and telephony providers.

The main volume of labor operations is removed from the customer, the need for its own qualified personnel is reduced. As a result, the share of the Customer accounts for significantly less tasks for managing staff, its development, training and certification. The customer is concentrated on setting tasks and control of execution.

Operational support creates a single point of responsibility for the status and operation of networks and services, and also reduces the cost of the customer to management, enlarging the formulation of tasks. The investigation and elimination of border care is simplified and accelerated.

Outsourcing

Outsourcing involves the provision of network resources and network services as services, equipment and licenses for software are on the balance sheet of the outsourcer. The customer pays for the actual use of resources and services during certain period time. The amount of resources consumed and services, and accordingly, the cost of the customer can vary aside both increase and decrease.

Third-party management, in particular telephone and Internet providers, carries out an outsourcer; Updating equipment and software versions occur transparently for business users and without capital costs from the customer.

Professional services

Professional services are not focused on maintaining the current operational readiness and availability of networks and services. They are aimed at identifying ways and ways to improve the functioning of networks and customer services, as well as for detailed planning and implementing these methods.

Audit network infrastructure is carried out in order to determine the current state of networks and services, as well as to dispose of physical resources and licenses. The audit results are the accurate "diagnosis" for the customer's network, restored technical and operational documentation, recommendations for the correction of identified deficiencies.

Optimization The network is carried out in order to reduce infrastructure and software maintenance costs. In addition, as part of optimization, incorrect or non-optimal configurations and settings are corrected.

Support the customer in the development of systems and services implies the development and implementation of medium-and long-term developmental development plans and services that are performed in accordance with the customer's business plans and in conjunction with the customer.

When and how it works

So, the customer decided to resort to network services from the contractor to improve the reliability of networks and network services and risk management efficiency. What is he entitled to expect from the contractor, what actions and results? Based on the experience of our company, we note the main tasks that the Contractor must solve.

Reorganization of infrastructure. First of all, bottlenecks and potential single points of refusal must be revealed, after which the Contractor helps the Customer to move to fault tolerant configurations of its systems and corrects the detected configuration errors.

Proactive support, network monitoring and services. Having the opportunity to learn in advance about the likely failures, the contractor can significantly reduce their number and influence on the customer's business. And the upset response procedures make it possible to reduce failover time.

Raising the share of remote support. Practice shows that up to 90 and more percent of support and management work and services can be performed remotely. Since the contractor's engineers and experts do not have to spend time on the road, the deadlines for the elimination of incidents are reduced, at the same time the contractor can more rationally plan to load its specialists. This positively affects the speed of work and the cost of services for the customer.

Rational Organization of Local Support . Places support should also be available. In each particular case, and for each site, the customer can be planned and organized the least costly method of local support, which is either the forces of the contractor himself, or with the involvement of trusted partners - subcontractors, and sometimes even with the help of the customer's non-philic personnel after passing the necessary instruction.

Minimization of human factor. A qualified contractor assumes all the tasks related to the recruitment / training / management / holding / holding staff, and also provides problems with the escalation of problems and the necessary availability of human resources.

Reducing the financial risks of the customer. The cost of the service is fixed for the term of the contract, and the cost of the customer is optimized on the basis of the ratio of the volume of tasks and the available budget.

Attracting additional expertise. An experienced contractor has the ability to attract specialists from adjacent profiles and a higher level of competence. This allows him to not just carry out the action contract provided for by the agreement, but also to work on the result, helping the customer to solve current business tasks.

Improving processes. Coordination at the level of performers and full-time procedures is not enough to solve non-standard issues. All procedures and regulations of interaction should be thought out and coordinated in advance, if necessary, the missing documentation has been restored. To organize the interaction of the Customer and the performers, a dedicated service manager is appointed.

Sources of economy

The use of network service capabilities of the Contractor allows you to ensure the required network functioning parameters, effectively manage all types of risks and at the same time to reduce costs.

Extending the life of existing equipment and services. Even if the equipment is outdated or no longer on the support of the vendor, an experienced contractor will be able to provide its support using the ZIP. A number of companies use a combined approach, updating only the critical components of the network infrastructure, for example, the kernel, and leaving no new ones, but still quite reliable and efficient access control devices.

Optimization of support levels. The IT budget may not allow to pay for those level support levels that traditionally use the customer. For such a case, the Contractor together with the Customer can develop a new support plan with the real criticality and fault tolerance opportunities - the Customer will only pay for what is really necessary.

No need to contain expensive unique experts . Functions performed by customer experts can be provided in the required amount in the form of service. The customer's risks associated with the dismissal of an expert or his temporary unavailability (release, illness) are eliminated. Some large companies have been using contractors services for many years to provide network services. For example, the well-known network of medical laboratories has in the state of just one computer network specialist, which is responsible for their promising development and controls contractors.

Cost reduction of vendor support. The required amount of expensive vendon support can be reduced if the Contractor is ready to provide the required SLA level by adding its own work, as well as the provision of submenu equipment. Even a complete rejection of the Vendor Service is possible, which is relevant for customers who came under the action of sanctions. Additional effect is a decrease in the currency component of current costs.

Simplify management and control. Employment of service tasks allows you to simplify the task of management and control - coordination functions are transmitted to the contractor, personnel management tasks and micro-generation are minimized, the set of SLA parameters and the reporting volume decreases. Accordingly, the customer's cost-related costs are reduced.

Raising awareness of the network status. The better the customer knows his network, the less he spends on it. Audit of existing physical resources and software licenses, as well as constant tracking of their use will help to reduce the cost of their support only to the most necessary. For example, part of unused devices can be used as a zip. In the Russian office, one of the global technological companies Audit allowed us to identify almost two-time excess of network ports on the access network over the number of actually connected network devices.

Refusal of capital costs . The customer may face the need to introduce a new or modernization of the available network decision when the capital budget is insufficient or absent. Solving the problem - the transition to the service model for obtaining the required resources and / or services with time-based payment. The leased resource can be placed on the customer's site or provided from the cloud.

Where to begin?

Suppose you estimate the potential benefits of using various types of network service. How to approach the practical implementation of approaches outlined in this article?

Start working from the worst . What segment of the network infrastructure or network service generates the greatest number of failures, complaints, inconvenience in operation? Find the most problem area. The risk of worsening the functioning of the already problematic segment is relatively low, and the positive effect may be significant.

Put the task together . The correct construction of the network service begins with the correct setting of the problem - the errors made at this stage may be very expensive. You should not neglect the experience of the service partner: invite technological and service experts to formulate the objectives of the network service and setting the problem.

Survey the service object. The correct idea of \u200b\u200bservice object, its condition and used operational procedures will avoid conflicts and the emergence of "gray" zones in processes. The survey is better to spend together with the service partner - the result will be more accurate and will cost cheaper.

Develop a model for providing the service with the Contractor . With the same initial conditions, various maintenance models can be applied by the volume of the contractor's obligations, SLA level, the separation of roles, interaction schemes, etc. The service model is developed in conjunction with the service partner and adapts to the possibilities and restrictions of the customer.

The need for access to a remote printer may occur from users of a wide variety of applications: a text editor, a graphical editor, a database management system (DBMS). Obviously, duplication in each of the applications common for all of them functions on the organization of remote printing is redundant.

A approach is more effective in which these functions are excluded from applications and are made in the form of a pair of specialized client software modules and a print server (Fig.), The functions of which were previously executed according to applications A and B. Now this pair client server can be used by any application. performed on computer A.

Summarizing this approach in relation to other types of resources shared, let the following definitions:

Client - This is a module designed to form and transmit message requests to a remote computer resources from different applications with subsequent reception of results from the network and transferring them to the relevant applications.

Server - This is a module that is constantly waiting for coming from the customer requests network, and accepting the request, trying to serve it, as a rule, with the participation of the local OS; One server can serve the requests of several customers at once (alternately or at the same time).

Couple clientThe server that provides access to a specific type of computer resource through the network forms network service.

Each service is associated with a specific type of network resources. So, in fig. Client and server modules that implement remote access to the printer form a network printing service.

File service Allows you to access files stored on the disk of other computers. Server file service component is called file server.

To search and view information on the Internet, a web service is used, consisting of a web server and a client program called a web browser (Web Browser). The shared resource in this case is the website in a certain way organized a set of files containing information connected in meaning and stored on external accumulator Web server.

On the web service scheme shown in Fig. Two computers are not connected directly as it was in all previous examples, but through many intermediate computers and other network devices that are part of the Internet. In order to reflect this fact graphically, we placed between two computers the so-called communication cloud that allows us to abstract from all the details of the messaging environment. Messaging between client and server parts of the web service is performed according to the standard HTTP protocol and does not depend on whether these messages are "from hand to hand" messages (from the interface of one computer to the other interface) or through a large number of intermediaries - transit communication devices . At the same time, the complication of the messaging environment leads to new additional tasks, the solution of which was not designed previously the simplest network interface card driver. Instead, more developed software vehicles should be installed on interacting computers.

Network operating system

The computer's operating system is often defined as an interconnected set of system programs that provides efficient computer resource management (memory, processor, external devices, files, etc.), and also provides the user. convenient interface To work with computer hardware and application development.

Speaking about the network OS, we obviously have to expand the boundaries of managed resources beyond the same computer.

Network operating system They call the computer's operating system, which in addition to managing local resources provides users with users and applications the ability to effectively and convenient access to information and hardware resources of other network computers.

Today, almost all operating systems are network.

From the examples discussed in previous sections, we see that remote access to network resources is provided:

· Network services;

· Tools for transport messages over a network (in the simplest case - network interface cards and their drivers).

Consequently, it is these functional modules that must be added to the OS so that it can be called network (Fig.).

Among the network services, you can select those that are not focused on a simple user, such as the file service or print service, and on the administrator. Such services are aimed at organizing the network. For example, a centralized reference service, or directory service, is designed to maintain a database on network users, about all its software and hardware components *. As other examples, you can call the network monitoring service that allows you to capture and analyze network traffic, the security service, in the functions of which can be included, in particular, performing a logical entry procedure with a password check, backup service and archiving.

From how much a rich set of network services and services offers an operating system to end users, applications and network administrators depends on its position in the total number of network OS.

In addition to network services, the Network OS should include software communication (transport) means providing together with hardware communication messages that communicate client and server parts of network services. The task of communication between the network computers solve drivers and protocol modules. They perform features such as the formation of messages, partitioning the message to parts (packets, frames), converting computer names to numeric addresses, duplicating messages in case of their loss, determining the route in a complex network, etc.

And network services, and vehicles may be integral (built-in) OS components or exist as separate software products. For example, a network file is usually embedded in OS, but the web browser is most often purchased separately. A typical network OS has a wide range of drivers and protocol modules, however, the user will usually have the opportunity to supplement this standard set by the programs necessary for it. The decision on the method of implementing customers and network service servers, as well as drivers and protocol modules is made by developers, taking into account the most different considerations: technical, commercial and law. So, for example, precisely on the basis of the US antitrust law, Microsoft was forbidden to include its browser Internet Explorer. The composition of the OS of this company.

The network service can be represented in OS or both (client and server) parts, or only one of them.

In the first case, the operating system, called peer-to-peer, not only allows you to access the resources of other computers, but also provides its own resources at the disposal of users of other computers. For example, if clients and file service servers are installed on all network computers, then all network users can share each other files. Computers that combine client and server functions are called peer-to-peer nodes.

The operating system, which mainly contains client parts of network services, is called client. Client OS are installed on computers that appeal to the resources of other network computers. For computers, also called client, ordinary users work. Usually, client computers belong to the class of relatively simple devices.

Another type of operating systems includes server OS - it is focused on processing requests from the network to the resources of the computer and includes mainly server parts of network services. A computer with a server OS installed on it, which is solely servicing other computers, is called a dedicated network server. For a dedicated server, as a rule, ordinary users do not work.

Network applications

The computer connected to the network can perform the following types of applications:

· The local application is entirely performed on this computer and uses only local resources (Fig. And). No network tools are required for such an application, it can be performed on a self-operating computer.

· The centralized network application is entirely performed on this computer. But addresses in the process of its execution to the resources of other network computers. B Example in Figure B The application that runs on the client computer processes the data from the file stored on the file server, and then prints the results on the printer connected to the print server. Obviously, the work of this type of application is impossible without the participation of network services and means of transporting messages.

· Distributed (network) application consists of several interacting parts, each of which performs some particular completed work to solve the application problem, and each part can be performed and, as a rule, is performed on a separate network computer (Fig. B). Parts of a distributed application interact with each other using network services and vehicles OS. Distributed application in the general case has access to all computer network resources.

An obvious advantage of distributed applications is the ability to parallelize computing, as well as computer specialization. Thus, in the application, for example, for the analysis of climatic changes, it is possible to distinguish three sufficiently independent parts (see Fig. 2.6, B), allowing parallelization. The first part of the application running on a relatively low-power personal computer could maintain a specialized graphical user interface, the second - to do statistical processing Data on high-performance mainframe, and the third - generate reports on the server with the installed standard DBMS. In general, each part of the distributed application can be represented by several copies running on different computers. For example, in this example, part 1, responsible for supporting the specialized user interface, could be launched on several personal computers, which would work with this application to several users simultaneously.

However, to achieve all the advantages that distributed applications, developers of these applications have to solve many problems, for example: how many parts should be divided by an application which functions to assign to each part, how to organize the interaction of these parts so that in case of failures and failures, the remaining parts Correctly completed work, etc., and so on.

Note that all network services, including file service, print service, service email, remote access service, Internet telephony, etc., by definition refer to the class of distributed applications. Indeed, any network service includes client and server parts that can and usually run on different computers.

In fig. 2.7, illustrating the distributed nature of the web service, we see different types of client devices - personal computers, laptops and cell phones - with web browsers installed on them that interact over the network with a web server. Thus, with the same website, a lot of hundreds and thousands of network users can simultaneously work at the same time.

Numerous examples of distributed applications can be found in such a area as processing these scientific experiments. This is not surprising, since many experiments generate such large amounts of data generated in real time, which simply cannot be processed on one, even very powerful, supercomputer. In addition, experimental data processing algorithms are often easily parallelized, which is also important for the successful use of interrelated computers in order to solve any common task. One of the last and very well-known examples of a distributed scientific application is the data processing software of a large hadron collider (Large Hadron Collider, LHC), launched on September 10, 2008 in CERN - this application works more than 30 thousand computers united in the network.

Remote control tools for UNIX, Windows NT and NetWare operating systems.

When they talk about remote control, they usually have in view of the network control platform based on the SNMP protocol. Among the most common platforms can be called HP OpenView, Microsoft SMS, Novell ManageWise, etc. However, their capabilities are quite limited: they are well suited for monitoring network devices, but much worse - to directly manage the operation of servers and OS. So, using the network management platform, it is impossible to create a user account, run the program on the server, write an executable script and much more. Therefore, instead of the "Management Platform" it would be more correct to consume the term "monitoring platform".

It is well known that the most convenient server administration tool is its console. (The NetWare operating system represents a special case that we will consider separately.) From the console, the administrator can track any activity on the server, as well as manage the resources of the network OS. However, the administrator does not always have the ability to be at the UNIX or Windows NT console.

Although now everyday phenomenon has become the placement of servers in special server rooms, network administrators do not seek to move to such premises. First, server rooms are filled with only servers, but also active network equipment, powerful sources. uninterrupted power, switching cabinets, backup tools, etc. due to the unfavorable electromagnetic background, the permanent finding of the staff in the server room is undesirable. Secondly, there are quite high noise in such rooms, because of which it is sometimes difficult to use even a telephone. After 8 hours of work in such conditions, a person feels completely broken. Thirdly, server rooms in a large organization may be several. At the specified reasons, the administrator would like to have a workplace outside the server room, but to enjoy all the advantages of the console.

In addition, users constantly have certain problems, and the administrator is forced to visit customer places. In such cases, it is important for him to be able to remote control Network OS, for example, to assign access rights, creating a new user account, increasing the size of the file system, etc.

Finally, problems may occur and at home when the administrator is at home. In such cases, it is desirable that it, using his home computer and a modem, could remotely identify and correct the problem, and not rush through the head into the office.

All network operating systems have remote administration tools, or built-in or supplied by independent companies. Some of them implements the concept of the remote console (or remote terminal), the part provides disparate administration tools aimed at solving only some specific tasks.

Operating Systems and Administration

Before talking about the remote control of the network OS, we briefly consider the principles of administering the most popular operating systems: Windows NT, Unix and NetWare. Perhaps the most powerful system is not only for functional parameters, but also by administration capabilities is UNIX OS. In UNIX, the kernel is separated from the graphic shell, while the graphics shell is not needed for the server, although it is used quite often. Interactive interaction between the user and the OS is carried out through the Shell command shell. It has several implementations, with especially popularity of Bourne Shell (SH), C Shell (CSH), Korn Shell (KSH) and Bourne Again Shell (Bash). Each of the command shells has its own programming language to write scripts. In addition, UNIX is famous for the richest set of applied utilities, including utilities of sorting, searching, streaming editing, lexical analysis, macros processing, filters and many others. With Shell, system utilities, applied software And UNIX conveyors allows you to create unusually flexible administration programs.

The X Window System (x11) graphics envelope is used in UNIX. In contrast to such shells in the composition Microsoft Windows. And Apple MacOS, Wednesday X11 is a network and separated from the kernel. That is, from the point of view of the kernel, the X11 system is a conventional user program. Within the X11, any UNIX computer (with appropriate rights) can act as a client or server x11. It should be borne in mind that, with a generally accepted practice, the X11 server is called the computer, the image is displayed on the display, and the client is the machine on which the program is launched. The server by x11 exists for many common OS, including Windows, MacOS, etc., while the client software is implemented mainly on UNIX.

In modern UNIX, utilities with three types of interfaces are used for management tasks: command line, interactive text and graphic. Nevertheless, the most powerful and covering all the capabilities of the OS are utilities on the command line. Such programs are actively used to perform repetitive operations like creating account user or assignment of access rights. Interactive text and graphic utilities appeared as part of UNIX relatively recently, but due to the interactive nature of communicating the benefit from their application in the composition of the programs on Shell is far from unwise. Such utilities are used mainly for episodic and fine settings of OS and equipment. Thus, any emulator of the text terminal is suitable for administration of UNIX.

Despite its widespread, Microsoft Windows NT cannot be filled with UNIX in administrative issues. For the convenience of administration - yes, but it is not for its capabilities. As you know, the graphic shell of the Windows is inseparable from the system kernel. Although in terms of reliability it is not the best wayThis implementation allows you to achieve extremely high performance indicators on graphic operations. Another thing is that on the NT server, it is a bit from this - the server assignment is not in the rapid output of graphic information. Microsoft actually drove users into an angle, offering as a client (NT WorkStation) and server (NT Server) in essence and the same system. In addition, the Windows graphics environment is not a network.

For Windows NT, there are several administration utilities on the command line database. However, their set is rather limited, moreover, the possibility of the built-in command processor does not go to any comparison with the Shell from UNIX. Included with Windows NT Server also includes a number of remote user management programs, domains, access rights, etc. Such programs can be installed on windows computers 9x and NT. Nevertheless, many network applications, especially independent developers, do not have remote controls. Therefore, for full control of the network environment, the administrator is forced to sit behind the console or emulate the console using specialized programs.

The NetWare Management Structure is radically different from the network OS adopted. All server setup operations, including the launch of applications, are carried out from the console. At the same time, managing accounts, printers, files, NDS directory service is made from client seats. True, B. latest version NetWare 5 There is a single ConsoleOne network management console, with which the administrator can manage network resources from anywhere in the network, including the console. However, ConsoleOne features are too limited, and it works slowly because it is written on Java. In addition, the share of NetWare 5 in the network OS market is negligible, since the main part of Novell networks is created on the basis of NetWare versions 4.x. The NetWare Console operates in text mode (in NetWare 5, the server supports both graphic mode), so control is carried out using programs with a command line and an interactive text interface. NetWare's command language is sufficiently weak, but the Basic and Perl interpreters are available as part of the OS, allowing you to create quite serious programs. The list of the remote console is included in the NetWare provides access to the server console over the network with DOS client machines, MacOS, UNIX.

To manage NDS, accounts, printers, access rights, etc. There are graphic and interactive text programs designed to work on client locations. The number of available utilities on the basis of the command line is small, and their ability is limited. If we talk briefly, in terms of NDS management, graphic utilities have the most powerful features (and first - NetWare Administrator), then interactive text programs (Netadmin, Pconsole, etc.) and only then the command line utility.

Having considered the basic features of the network OS management structure, we can now go to acquaintance with the most common means of remote control.

Telnet

Perhaps the most famous Unix remote control program is Telnet, especially since it is included in the delivery of almost any modern operating system. Telnet is a terminal emulation program that uses its own Telnet application protocol. To support the Telnet service on the server must be launched system program (called the UNIX demon) TelNetD, which processes Telnet customer requests. Telnet server can serve several customers at once, while Telnet protocol uses TCP (port 23) as the TCP Transport Protocol.

Using Telnet, you can manage not only UNIX computers, but also with network devices such as routers, switches, remote access servers, etc. Telnet can also be used to administer Windows NT (server software for this service available in the form of several free and commercial Programs), but only in command line mode. Telnet gives the user the ability to connect from its place to the remote server and work with it in text mode. At the same time, a full illusion is created for the user, that he is sitting behind the text terminal of this server.

Telnet is perfect for heterogeneous networks, because it relies on the concept of the network virtual terminal (Network Virtual Terminal, NVT). It is known that various operating systems and hardware have specific features related to the introduction / output and processing of information. So, in UNIX, LF is used as a symbol to another string, while in MS-DOS and Windows - a pair of CR-LF characters. NVT network virtual terminal allows you to abstract from the specific equipment features by using a standard set of characters. The Telnet client is responsible for converting client codes to NVT codes, and the server makes the reverse transformation (see Figure 1).

Telnet provides for a mechanism for configuring parameters in which the client and the server can negotiate specific options, including the data encoding (7- or 8-bit), transmission mode (half-duplex, temple, line), the type of terminal and some others. Teams and data in Telnet are transmitted independently of each other. To do this, using a special Telnet code is translated from the data transfer mode to command transmission mode, and vice versa. Commands are information that serves to manage the Telnet service, while the data is something that is entered / is displayed through the terminal drivers (client) or pseudo-terminal (server).

Telnet is a fairly powerful remote control program, but it has a number of fundamental flaws. The most important thing is that all data, including passwords, are transmitted between computers in the open form. Connecting to the network, any person using the simplest protocol analyzer can not only read the information, but even seize the password for unauthorized access. IN local network The probability of such attacks can be reduced by using switches (commuting hubs). Of course, on the local network, large-scale use of switches is very consistent, but administrators' jobs are better to connect through them. However, when accessing through the Internet, in particular when the administrator works at home, the problem remains. However, you can organize access to servers through remote access servers, applying authentication protocols such as CHAP, and not use Internet providers' communication channels. Unfortunately, this approach is not acceptable for all organizations.

The second problem I would call what free client Programs Telnet included in operating systems have limited capabilities. It often happens that the interactive text program cannot even be launched, since the Telnet client does not support the type of server terminal, and interactive program Does not want to work with those types of terminals that are available as part of the Telnet client.

However, despite the specified disadvantages, Telnet remains the most common remote control program.

Rlogin.

For the first time that appeared in 4.2BSD UNIX, the RLOGIN program at the same time was extremely popular in the UNIX environment. As a means of terminal access, RLOGIN is very similar to Telnet, but due to the close integration with the OS, there has been very limited use in other systems. RLOGIN There are no many options that are characteristic of Telnet, in particular, the parameter matching mode between the client and the server: the type of terminal, data encoding, etc. Therefore, the size of the RLOGIN program code is almost ten times less than that of Telnet. However, RLOGIN provides trust relationships between hosts: On the RLOGIN server in special system files (usually /etc/hosts.equiv and $ home / .rhosts), the administrator can list computers, access to which this server will be allowed without a password. Users of other computers (not listed in these files) can enter the server only after entering the password.

Another version of the RLOGIN program, known as RSH, allows you to run programs on a remote machine, and input and output are performed on a local computer. Another program - RCP - is intended for copying files between network computers. RLOGIN, RSH and RCP utilities are often combined under the general name of R-commands.

Unfortunately, as practice has shown, trusting relationships based on host names are extreme danger, since they open the opportunity for unauthorized access. Wide use of Hackers IP address substitution technology (IP Spoofing) and domain names (DNS-Spoofing) makes the service of the R-commands unprotected. This is true even when the trust relationships between hosts are not installed at all. Therefore, the RLOGIN service has been applied only on networks completely closed from the Internet. Just like Telnet, data and passwords (in the absence of trust relationships) are transmitted in open form.

In addition, the client software for R commands on DOS and Windows platforms is spread less than for Telnet, and it is mostly available only as part of fairly expensive commercial products.

Secure Shell.

Obviously, data transfer and particular passwords over the network in the open form in Telnet and RLOGIN programs cannot be satisfied even with minimal safety requirements. Protect information systems from attacker attacks in several ways. Some of them provide for password protection, while others are aimed at encrypting the entire information flow. Among the latter most popular use sECURE program Shell (SSH), which is part of any Gentleman's Safety Unix Terminal Access. The non-profit version of Secure Shell can be downloaded from the author's server T. Mealonen ( http://www.ssh.fi.). However, the free SSH version is available only for UNIX. Data Felows ( http://www.datafellows.com.) Supplies a commercial, improved SSH version, including a Windows platform.

Secure Shell provides features similar to those available at Telnet and R commands, including not only terminal access, but also tools for copying between computers. But, unlike them, SSH also provides a secure connection by x11.

SSH safety operation is achieved through the use of the transport level protocol, the authentication protocol and the connection protocol. The transport layer protocol is responsible for server authentication, authentication protocol - for reliable identification and customer authentication. The connection protocol forms an encrypted information channel.

As already mentioned, Secure Shell has become a kind of standard for secure access, including in Russia. This is a very interesting product that can be spent very long. However, we will not do this (more detailed information about Secure Shell can be learned in the article M. Kuzminsky "SSH - a daily safe work" in the journal "Open Systems" No. 2 for 1999). The thing is that this product is the same as many similar, prohibited for use in Russia.

According to the decree of the President of the Russian Federation No. 334 of 03.04.95 to individuals and any organizations, including public, private and joint-stock, the operation of cryptography systems that did not undergo certification in FAPSI are prohibited. And Secure Shell is just such a system. However, it is not worth offended by our special services - we are not alone in the world, in some countries, for example in France, the rules are even more stringent (justice it is worth noting that in France from March of this year the restrictions in the field of encryption systems are significantly weakened). It is also not necessary to think that we are trying to prohibit protect confidential information: organizations will not only can, but are also obliged to protect important information. Only for this, they must apply certified funds, and not freely distributed in the Internet. Of course, programs based on SSH, SSL, PGP, etc. are common with us everywhere, but it should be remembered that their use is fraught with considerable troubles. Users of similar programs are potentially at risk of proceedings from the special services. In any case, we have no right and desire to promote this approach.

Safe authentication

In most, administrators management tasks are not interested in the protection of the transmitted data, but reliable user authentication so that the attacker cannot intercept and use the administrator password. Solutions may be several. First of all, it is Kerberos technology based on issuing mandates (Ticket). (In fact, Kerberos provides not only authentication, but also encrypting network communications, which, again, falls under the action of the presidential decree.) True, due to export restrictions of the US government, the encryption mechanism is significantly weakened. IN corporate systems Switchable access can be used such reliable authentication services as RADIUS, TACACS + and XTACACS. But all these services (including Kerberos) imply a large-scale opening of the network infrastructure that entail high costs. It is unlikely that it is justified if the range of tasks of remote access is limited only by networking problems of network OS.

For such tasks, disposable password support means are more suitable (One-Time Password, OTP). The essence of such systems is that the user password transmitted over the network is valid for only one communication session. That is, even if the attacker managed to intercept the password, then he will not be able to use it, because the password will already be changed at the next session.

To use OTP on the server, Telnet demons, RLOGIN, FTP will have to be replaced (of course, new services can be started selectively, for example, using upgraded Telnetd, but leave the native FTPD). In this case, the client software does not need to be updated, which is very convenient. For the first time, the operational OTP system was issued by Bell Core (now Telcordia Technologies) in 1991 called S / Key. An important feature of S / KEY is that at first it was a non-commercial product working with a multitude of UNIX versions. Now the most popular are the following versions of OTP systems (all of them, except S / KEY version 2.0 and higher, are distributed free of charge):

• S / KEY of Telcordia Technologies (FTP://FTP.Bellcore.com);
• Opie US Navy Research Laboratory (FTP://ftp.nrl.navy.mil);
• Logdaemon, developed by Viites (FTP://FTP.Porcupine.org/PUB/Security).

Listed systems are back compatible with S / KEY 1.0. The current implementations of OTP are based on MD4 and MD5 hashing algorithms (in S / KEY 1.0 used exclusively MD4).

How do OTP systems work? When initializing OTP on the server, each user assigns two parameters: the secret key (it is not transmitted over the network) and the number of iterations, i.e. the number of inputs into the system at which this secret key will act. On the server to a secret key, an MD4 or MD5 algorithm is used, and the hashized value is remembered. After that, the user can work with the server over the network through the usual Telnet, FTP, etc.

User authentication during terminal access is carried out as follows. After entering the name of the user, the number of the next iteration and a certain source (SEED) is issued. The start of the user authentication procedure is shown in Figure 2. Here the iteration number is 967, and the source is JAR564. In the Password field, the user must enter not a secret key, and the password phrase consisting of six words. This phrase is formed on the basis of the secret key, the iteration numbers and the source using a special calculator (see Figure 3). To obtain a password phrase, the user enters the iteration number, source and its secret key (in the resulting example, the final password phrase has the form: "No Huff Ode Hunk Dog Ray").

The password phrase is then entered in the Password field of the terminal access program, after which the user is identified by the server. It should be borne in mind that with the next authentication, the iteration number will decrease by one, the source will not change, and the password phrase will be completely different. Thus, the interception of the password phrase will not give anything to the attacker, since when trying to register, the system does not identify it. The main security component is the secret key, and it is never transmitted over the network. Due to the use of the MD4 and MD5 algorithms, calculate the secret key of the password phrase, the iteration number and the source is almost impossible.

When the numeral iteration number is reached, the user account must be initialized again.

It may seem that the main inconvenience is a calculator. But this is not quite the case, since the calculator is a very small program that does not require any settings. Such calculators are freely distributed for all popular platforms, including MS-DOS, Windows, Macintosh and Unix. Moreover, the password phrases can be remembered (or write) in advance, to several sessions of terminal access, consistently reducing the iteration number. Thus, to remotely manage the server, the administrator does not need to install a calculator to all client places on which it may have to work.

X Window System

Although almost all UNIX management tasks can be executed in text mode, administrators often prefer a graphical interface as more convenient. In addition, some UNIX applications that appeared on the market can only be controlled in the graphics environment. Software The X-Server responsible for the output of graphic information is available for a variety of platforms, including DOS, Windows, Macintosh, Unix, etc. However, in most cases (with the exception of UNIX) it comes with expensive commercial products. The X11 clients (as already underlined, the concept of the client and the server in the X Window System does not match the generally accepted practice) are used mainly, UNIX servers.

It should be borne in mind that the application of the X Window System implies the presence of a fairly large bandwidth network. The system works perfectly in local networks, but very slowly - on global channels. Therefore, when using the X Window System on the administrator's home computer, the control is better carried out through the terminal utilities like Xterm, and not by means of graphic utilities.

When connecting to the UNIX server (on which the X11 clients are launched), authentication can be carried out by two methods: through terminal utilities (Telnet, RLOGIN, etc.) and through the X Display Manager, XDM displays. In the first transmission of the password in the open form, you can avoid using the already mentioned SSH and OTP programs instead of Telnet and Rlogin. In the case of X Display Manager, the default passwords are transmitted in the open form. Therefore, when you remotely manage the Unix server on publicly available XDM networks, it is not necessary to use.

Very carefully administrators must approach the use of the UNIX server as a server x (i.e., speaking of understandable language, to the launch of the X11 graphic shell on the UNIX server). X Window System is designed so that the user can run the client x on remote server X and intercept on it input / output information. As a result, the attacker gets the ability to read confidential information from the server X, including passwords entered by the user on the server x (although the Xterm terminal emulator allows you to block the password interception, this opportunity is rarely used).

On servers X, two client authentication schemes apply: by host name and with the help of "magic buns" (MIT-Magic-Cookie-1). When authenticating the host name on the server x, system files are created, where hosts are listed, from where the client programs x are allowed on this server X. But you can't call such protection enough, since the attacker can be attacked using the IP addresses or domain names on x11. When using the "magic buns" scheme (their support is embedded in the XDMCP protocol, on which X Display Manager is based) authentication is carried out on the basis of user accounts. To be eligible to run the client on the X server, the user in its home catalog of the Customer X11 must have system file. With the recorded secret server code X. This secret code is called a magic bunch. The trouble is only that the bun is transmitted over the network in an open form, so this method is also unlikely to be considered safe.

The X Window System 11 Release 5 has added two more schemes (XDM-Authorization-1 and Sun-DES-1), which resemble the MIT-Magic-Cookie scheme, but using DES encryption algorithm. However, due to export restrictions, such schemas included in the delivery of the X Window System do not include. Based on the above considerations, it is possible to run the server by X11 on the UNIX server only when X11 customer access is denied from other computers.

All that was mentioned about the low security server x on the UNIX server is fully applied to the client administrator client machines on which the X Window System is functioning.

Windows NT Server

When installing Microsoft Windows NT Server, it is assumed that the OS administration will be carried out from the server console. Nevertheless, the NT Server kit contains remote control utilities. They are on the Windows NT Server distribution in the \\ clients \\ srvtools directory. These utilities can be installed both on Windows NT Workstation and on Windows 9X (see Figure 4). With their help, you can perform administration of user accounts and groups, rights and privileges, NT domains, monitor event logs on servers and workstations. The utilities work in graphical mode, similar to the "native" utilities of the NT Server control utilities. Although remote control utilities allow you to perform most of the work on the administration of the system, there are no number of important programs in this set. For example, with their help, it is impossible to carry out hardware configuration of the server, backup, license management, performance monitoring, etc. In addition, there are many server applications by third firms have no remote control programs.

The kit of Windows NT Server Resource Kit, supplied by Microsoft, includes a number additional programs administration, including on the basis of the command line. The most important of them are adduser.exe (create new user accounts and groups), cacls.exe (access rights management), dumpel.exe (output to the screen or in event information file from event logs), RMTShare (network resource management ). Using even a weak command processor NT, the administrator will not be difficult to write a standard program for creating a new account with automatic rights and privileges.

For Windows NT there are also several programs that implement the Telnet server. With it, the administrator can receive remote access to the NT server and run the program on the command line. Again, it should be remembered that in most Telnet implementations the password is transmitted in the open form.

But, as already noted, the utilities of remote access and the program on the command line database cannot solve all administrative tasks. Therefore, some solutions suggest emulation graphic interface Windows NT server on a remote computer.

First of all, I would like to mention the WinFrame products of Citrix and Windows Terminal Server (WTS) of Microsoft. In accordance with the architecture of these products, applications are performed on the NT server, and the input / output of information is carried out on client computers. According to their manufacturers, WinFrame and WTS are acceptable to work already at 28 kbit / s speeds, so you can even manage servers from home. To use these funds on the NT server, it is necessary to place the server part of the software, and at the workplaces of administrators - client software. WinFrame and WTS do not pass passwords in the open form.

For example, it is worth saying that such solutions are redundant for administration tasks. WinFrame and WTS technology implies connection to a server of several clients. (Usually, the administrator is enough to have access to the server only it is one.) Because of this solution based on these products, quite expensive. For example, the client's connection to the WinFrame server will cost $ 200 to $ 400, which is very expensive, since an organization may not be one server and not one administrator.

More appropriate, in my opinion, for remote administration are specialized remote control packages, such as the PCanywhere of Symantec and Reachout of Stac. When using such products, the contents of the NT server screen is duplicated on the local computer display, entering the information from the keyboard (and mouse) of the local computer and is transmitted to the remote (in this case - to the NT server). Everything looks like the administrator sits at the server console. Pcanywhere and other similar products function not only on the local network, but also by slow switching lines. However, they have a limit on the number simultaneous connections to the server (usually only one connection). PCanywhere products have built-in encryption tools, so the ability to intercept the password is unlikely.

Common disadvantages of remote windows management NT is the need to install on customer places of administrators of additional software products.

NetWare.

Due to the uniqueness of the Novell Netware architecture, the problems of remote access to the console should be separated from network resource management problems.

Managing user accounts, groups, NDS objects, NetWare access rights are carried out from client seats, so administration is initially remote. Nevertheless, administrators may encounter one obstacle: to the fifth version of NetWare the main network Protocol Was IPX / SPX. It created and creates large problems when managing NetWare servers via the Internet. If the administrator must be able to manage the network OS from a home computer, then he should think about connecting to a local network through a remote access server that supports IPX / SPX protocols. Fortunately, most hardware servers support such a mode.

However, the costs of creating the necessary infrastructure may be unacceptable, so often home computers of administrators are connected to the local network via the Internet. In such a situation, you can offer the following option: Install the PCanyWhere program on one of the local network computers, and the network management with home Computer Implement through this intermediate link. Such an approach, by the way, may be more attractive from the point of view of performance, because by switching communication channels of the network management program (especially NetWare Administrator) work very slowly. Another way is to upgrade NetWare to the fifth version (or install NetWare / IP).

As for remote access to the console, the NetWare includes the RCONSOLE utility to access the console with workstation network. However, she has two limitations: first, the console password is transmitted in the open form, secondly, the IPX / SPX is used as a protocol. Avoiding the transmission of passwords in open form allows the utilities of independent manufacturers that implement secure remote access to the console. Among them, the commercial program SecureConsole for NetWare Protocom Development Systems ( http://www.serversystems.com). When access, it uses an encrypted administrator password.

As in other cases, an obstacle in the form of IPX / SPX protocols can be eliminated by using PCanywhere software (i.e. use one of the local network computers as a gear ratio). Another method is to apply XConsole program that implements access to the console through the X Window System, i.e. by TCP / IP. Written on the Java remote access utility RCONSOLEJ as part of NetWare 5 also uses TCP / IP as transport. However, the XConsole and RConsolej password programs are transmitted in the open form. Summing up, we can say that for remote NetWare control, it is recommended to use specialized funds like Pcanywhere.

Web technology technology

Web technology has an increasing effect on network media management. Already, many routers, switches, network printers allow management through Web browsers. But this list is far from being exhausted by them, Web invades the scope of the network OS control. At first, the Web could only manage HTTP and FTP servers, but this list is constantly expanding and covers now the DBMS, file systems, firewater screens, DNS network services, DHCP and much more. Even the NDS directories can be controlled through browsers using special commercial programs. Despite the above, before the full management of the entire network environment, the Web has not yet grown. The problem exacerbates and the fact that for many applications and, especially, network devices, the HTTP password is transmitted in the open form.

Conclusion

When organizing remote control servers, many factors must take into account, first of all, the characteristics of the network OS, the performance of communication lines, secure authentication issues. The most complete set of management tools provides UNIX, however, with a competent approach, windows administrators NT and NetWare also no reason for concern.

The set of server and client parts of the OS providing access to a specific type of computer resource through the network is called a network service. The client and server part of the OS, which jointly provide access via the network to the computer file system form the file service. It is said that the network service provides network users some set of services. These services are sometimes called network service. The service is an interface between the consumer services and the service provider (service). Each service is associated with a specific type of network resources and / or a certain way to access these resources. For example, the print service provides network users access to shared network printers and provides a print service, and the postal service provides access to the network information resource - emails. The method of access to resources is different, for example, a remote access service - it provides computer network users access to all its resources through switched telephone channels. To obtain remote access to a specific resource, such as a printer, the remote access service interacts with the print service. The most important for users of the network OS is the file service and the print service. Among the network services, you can select those that are not focused on a simple user, but on the administrator. Such services are used to organize the network. More progressive is an approach with the creation of a centralized reference service, or, differently, the directory service, which is intended for maintaining a database not only about all network users, but also about all its software and hardware components. Other examples of network services providing the service administrator are a network monitoring service that allows you to capture and analyze network traffic, the security service, in the function of which can be included, in particular, the execution of a logical entry procedure with a password check, backup and archiving service. From how much a rich service kit offers an operating system to end users, applications and network administrators depends on its position in the total number of network OS. Network services are by their nature are client-server systems. Since when implementing any network service, the source of queries (client) and the executor of requests (server), then, and any network service contains two asymmetric parts in its composition - client and server (Fig. 2.2). The network service can be represented in the operating system or both (client and server) parts, or only one of them.

It is usually said that the server provides its resources to the client, and the client uses them. It should be noted that when providing a network service of some service, resources are used not only by the server, but also the client. The client can spend a significant part of its resources (disk space, processor time, etc.) to maintain the operation of the network service. For example, when implementing the postal service on a client disk, a local copy of the database containing its extensive correspondence can be stored. In this case, the client performs a great job when generating messages in various formats, including complex multimedia, supports the maintenance of the address book and performs many more different auxiliary work. The principled difference between the client and the server is that the client is always the initiator of the work of the work of the network service, and the server is always in passive queries' expectation mode. For example, the mail server delivers mail to the user's computer only when requesting a request from the mail client. Usually, the interaction between client and server parts is standardized, so that one type of server can be designed to work with clients of different types, implemented in various ways and, maybe different manufacturers. The only condition for this - clients and the server must support the overall standard interaction protocol.