Planning a Banyan Network
Chapter 1 - Understanding Banyan Networks and Their Administration
What Is a Banyan Network?
A Banyan® network is a group of workstations and other components connected to at least one Banyan server. A Banyan server is a computer that runs the Banyan Virtual Networking System (VINES) software and provides VINES® services such as global naming and security.
DOS, Windows® 3.1, Windows 95, Windows NT, and OS/2® workstations also run Banyan networking software to communicate with services. However, Macintosh® computers attached to a Banyan network do not run Banyan networking software. Instead, they use AppleTalk® protocols to communicate with native VINES servers, which can be configured to run AppleTalk.
Note: StreetTalk® for Windows NT does not allow a Macintosh workstation user to store files on a StreetTalk for Windows NT file service.
Many different kinds of computers can act as Banyan servers. Server platforms include single processor Intel® 386®, 486®, and Pentium® machines as well as more powerful multi-processor machines. Banyan has certified more than 100 vendors' systems as Banyan servers. You should use only a Banyan certified platform as a server.
Banyan servers can be connected directly to one another, to minicomputers, to mainframe computers, and to devices such as bridges and routers. Workstations are usually connected to servers over local-area networks (LANs), but they can also dial in to the network over phone lines or X.25 Public Data Networks (PDNs). LAN cards or serial communications lines attach workstations to Banyan networks.
Banyan servers are not inherently limited or dedicated to meet specific connectivity needs. You can decide what combination of communications and other functions each server provides, based on physical location, security, load balancing, and other concerns. For example, one server can provide printer and file sharing along with communications between workstations, servers, mainframes, and minicomputers at both local and remote sites. Alternatively, that same server can be dedicated to a particular function, such as printer sharing, if that scheme provides a more balanced workload within the context of the entire Banyan network.
Although the server is a key component in a Banyan network, the network is service-based, not server-based. On a server-based network, users log in to use the programs (services) that the server provides. In a Banyan network, users log in to the network to take advantage of services that the network provides. In effect, the entire network and all its resources appear to the user as a single computer.
VINES software enables computers and users to share resources that include services. Services are programs that run on a server to organize and manage the network's available resources. These services can include mail, file, and print services, terminal emulation, and third-party programs written with the Banyan Applications Toolkit.
Each server on a Banyan network can contain some or all of these services. For example, if you have two servers, both can provide a full range of services, or you can dedicate one of them to provide access to host computers and the other can be dedicated to mail and file services. DOS, Windows, and OS/2 users can have access to services on all Banyan servers if you grant them access to those services and servers.
Note: References to Windows users or Windows workstations include Windows 3.1, Windows 95, and Windows NT unless otherwise noted.
Network managers and administrators are responsible for starting and configuring the services on the network and controlling how they are made available to users.
Managers and Administrators
Network managers are usually responsible for designing and administering entire networks. Network managers cannot be distinguished from other kinds of administrators by Banyan software. Native VINES does not have the equivalent of the UNIX® "super-user" at the network level. Banyan management programs do let you distinguish between administrators of servers and administrators of StreetTalk groups.
Administrators are defined in a list of names called an AdminList that is maintained on a server. Server administrators can add new servers to the network and services to a server. A StreetTalk group is a group of users who have something in common (for example, belonging to the same department). A group administrator can manage only the resources associated with that group.
Membership in an AdminList controls what users can do based on their StreetTalk name. Your company or organization can use the AdminList structure to divide or combine administrative responsibilities based on the company's needs. A user can be designated as the network manager by being defined as an administrator of all servers and groups on the network.
Administrators assign StreetTalk names to users. These names let users access services and send network mail to one another. You associate access rights with StreetTalk names to control user access to services.
Chapter 3 describes StreetTalk names and AdminLists in more detail.
Only the native VINES print service lets you designate users as operators through software. For example, while only administrators can create or delete print services, operators can reschedule or stop print jobs. Chapter 10 describes the duties of print service operators and administrators.
The one component that all native VINES servers and StreetTalk for Windows NT servers have in common is VINES software. It controls how resources in the network are allocated and shared. VINES software has two parts: system software that runs only on the server, and network software that runs on a workstation and on the server.
System software, common to all native VINES servers, runs as user programs on UNIX and in the UNIX kernel (native VINES) or as user programs on StreetTalk for Windows NT and drivers in the Windows NT kernel. All standard communication protocols, including AppleTalk, are integrated into the UNIX kernel on a native VINES server.
System software includes services for sharing printers and disks attached to the server, and a service (StreetTalk) for naming and managing all the parts of the network. On native VINES servers, each service consists of one or more UNIX processes that run in user space with root access privileges.
Services communicate with each other and VINES software on workstations. For example, the StreetTalk service identifies every element in the network by a unique name and provides this information to other services. The Server Service is a supervisory process that manages all the services on a server.
Figure 1-1 illustrates the relationship between system and network software on a native VINES server.
The network software, which runs on DOS, Windows, and OS/2 workstations, exchanges information with the system software on the server. The disk that boots the workstation contains DOS, Windows, or OS/2 files and VINES programs called drivers and redirectors that work with the particular LAN or asynchronous communications card.
System software and network software work together to control the exchange of information between users, computers, and devices such as disks and printers. For example, when a user wants to store files on the network, DOS, Windows, or OS/2 client programs communicate with the UNIX process on the native VINES server that manages all the files on that server.
Programs that run at users' workstations and at the server console, a terminal attached to server, interact with VINES software. The programs provide user and administrative interfaces to the system through menus and interactive screens, or windows, and command-lines. Administrators and users work with these interfaces to perform tasks on the network. These tasks include using and managing the resources available on the network, such as server disks, shared printers, connections to other computers, and so on.
When you purchase the native VINES Option for Macintosh, the AppleTalk protocol suite is in the UNIX® kernel. AppleTalk protocols let a native VINES server perform AppleTalk routing functions and let VINES services communicate with AppleTalk devices such as Macintosh computers and Apple® LaserWriter® or PAP-compatible PostScript® printers. AppleTalk is built in to the operating system of a Macintosh computer. When AppleTalk protocols are configured on a native VINES server, the native VINES server operates like an AppleShare® file server.
If users run the optional VINES MAIL for Macintosh and other VINES programs (for example, Messaging), you must copy the VINES driver and the VINES utilities application folder to the system folder of the workstation. You can copy this software from the VINES Macintosh Installation diskette or from the network.
If users will only access network file volumes, you do not have to install any VINES software on a Macintosh computer connected to a Banyan network.
How Workstations Access a Banyan network
How a workstation accesses a network depends on the type of workstation and its operating system. The discussion in the next sections applies to DOS, Windows, and OS/2 workstations with fixed or diskette drives.
Starting the Login Process
To access the network, a workstation must first boot with DOS, Windows, or OS/2 system files and run either of these operating systems. The login process can then begin, either automatically from a batch file or explicitly when the user runs the BAN program and loads the redirector program.
The BAN program (BANCOMM.SYS for OS/2 users) loads network software into the workstation, including the driver for the user's LAN card, and any special programs specified in the workstation configuration file. The workstation then issues a network broadcast. The server that responds first to the workstation's broadcast becomes the workstation's routing server. Usually the server with the fastest processor responds first.
The routing server is the workstation's initial link to the network and gives the workstation a Banyan network address. With this address, a workstation becomes part of the Banyan network and can communicate with servers and workstations that are located on any LAN cable in the network.
After the routing server gives the workstation a Banyan network address, the client software loads the redirector program into the memory of a DOS workstation. The redirector determines whether a command entered at the workstation is sent to the native operating system of the workstation or to VINES.
The DOS redirector is implemented as a terminate-and-stay resident (TSR) program that can be loaded into high memory.
The CONFIG.SYS file loads the OS/2 redirector, which is implemented as an OS/2 Installable File System (IFS). The VINES OS/2 redirector can co-exist with IFS redirectors from other vendors.
After the redirector is loaded, another network broadcast is sent and responded to by a server. The broadcast establishes the server that gives the workstation access to a special network file service called VINES Files. VINES Files is set to the workstation's drive Z. VINES Files contains VINES programs for accessing and managing network resources.
The workstation's version of VINES and the time it takes a server to respond to the workstation's broadcast determine what drive Z the workstation connects to. A workstation broadcasts a request zero hops looking for a revision of VINES that matches its own. (A hop is a step in the transmission of data.) If more than one server matches, the first one that responds to the workstation will provide drive Z. If no server matches, the workstation broadcasts a request one hop. The broadcasts are issued three times and are limited to a maximum of one hop.
Figure 1-2 shows a workstation on a network with three servers. Server A's revision of VINES does not match the workstation's revision. Therefore the workstation's first broadcast, zero hops away, is not answered. Its second broadcast, one hop away, is answered by Server B because Server B's revision matches that of the workstation. Server C, which is two hops away from the workstation, does not receive the workstation's broadcast.
When drive Z is set, the LOGIN program executes and a user is prompted to log in. When the login process is completed, drive Z is automatically inserted into a DOS user's path so that access to any drive Z program does not require changing drives. An OS/2 user's path to drive Z must be specified in the CONFIG.SYS file.
Because different servers can run different VINES revisions as well as different translations (multilingual versions of VINES), the user's drive Z is always specific to their revision, language, and client.
A drive Z that is compatible with the revision of the workstation's revision must be within one hop (intermediate server) of the workstation or else the VINES NEWREV program is invoked. NEWREV searches the network and lets a user change the revision of software on the workstation.
See Chapter 7 for more information on VINES Files and drive Z. Managing Communications describes in more detail how a workstation finds a compatible drive Z. The StreetTalk for Windows NT Installation Guide describes how to disable client routing on a StreetTalk for Windows NT server.
What Happens When a User Logs In
When a user runs the LOGIN program or is prompted to log in, the user enters a StreetTalk name and a password. The LOGIN program locates a VINES Security Service. That service, in turn, opens a connection to the StreetTalk service that has the user's StreetTalk name in its database. (The StreetTalk service and the Security Service are on all Banyan servers and start automatically when VINES software is installed on a server.)
The StreetTalk service, at the request of the Security Service, makes sure that the user's StreetTalk name and password are valid. The service examines the user profile and any security information associated with the user or the user's StreetTalk group. (The user profile is a special file stored on a server. It contains information about the user's path, default directory, workstation color settings, and file, print, and mail services to be accessed.)
If the name and password are not valid, the workstation displays a message and the user must try again. The name and password may be invalid because the user typed them incorrectly or because of a security violation.
When the user provides a valid name and password, the name is registered with the Security Service as a logged-in user and the commands in the user's profile are executed.
Setting the User Environment
When you add users to the system, you provide them with a user profile, along with their names and passwords. The user profile is like a batch file for VINES and DOS or OS/2 commands. The commands are processed whenever the user logs in to the network.
The VINES commands in the profile make services available to the user without requiring any explicit action. The commands in the DOS, Windows, and OS/2 user's profile perform functions, such as specifying search paths for programs, changing directories, and providing access to file, print, and mail services. The commands in a Macintosh user's profile only specify the user's mail service.
You can modify the profile of a DOS, Windows, or OS/2 user so that different commands are executed depending on the type of workstation that the user logs in to. For example, a profile can specify that a user who logs in at a DOS workstation access one file service and access another when the same user logs in at an OS/2 workstation. Configuring the environment for the OS/2 user requires that you modify the CONFIG.SYS and STARTUP.CMD files.
See Chapter 6 for more information on user profiles and managing the user environment.
Because organizational needs vary, there is no single formula for working with Banyan software as an administrator. An administrator's involvement with network hardware and software varies with the site and the complexity of the network.
You must first understand how VINES works and then decide what your role as an administrator will entail. If your job is to manage a Banyan network with one server and several workstations running the same operating system, your job is relatively easy. If your network consists of many servers and workstations, your job is more complex. Managing a large network with heterogeneous workstations (DOS, Windows, OS/2, and Macintosh computers) and wide area networks (WANs), requires more technical knowledge.
VINES provides a standard management interface at the server console, and at DOS and OS/2 workstations, for administration of equipment and human resources anywhere on the network. In addition, there are graphical administrative tools that run on Windows 3.1, Windows 95, Windows NT, and OS/2 workstations. VINES also includes diagnostic programs for identifying hardware problems at the server or workstation, and network management software for monitoring and evaluating server performance. Woven throughout these programs is the ability to implement security.
VINES security takes the following forms:
User and group security, which includes setting passwords and preventing users changing passwords Physical location security, which includes restricting users to specific workstations or types of workstations Access to servers connected by serial links and TCP/IP links Access to file, print, and host communication services Access to resources that services manage (for example, files and directories)
Security can be extremely strict or nearly ignored, depending on the requirements of a particular site or resources within a site. For example, access to one set of network files can be granted to all users, while another set of files can be restricted to only one user. Similarly, you can prevent one or more users from dialing in to the network, yet allow other users that privilege. Administrators can also control the exchange of information between interconnected remote servers.
No super user or other global administrator can override system security. Instead, distributed lists of StreetTalk names throughout the network control who can administer individual servers or groups of users and resources. Administrators can use StreetTalk lists to distribute or centralize network management in response to site-specific needs. Chapter 3 explains StreetTalk lists.
Each chapter discusses security as it applies to a specific administrative task or VINES program.
For more information on security, see Managing VINES Security.
Network administration includes these tasks:
Planning the network topology Locating and naming users and resources Adding servers to the network and managing them Adding workstations to the network Managing users Managing workstation and VINES software Managing file, print, and other services Adding software options Scheduling and performing routine operations
The remaining chapters of this book provide more information on these topics, but they do not cover all the highly technical areas specific to each kind of workstation that can be connected to a Banyan network. Instead, this book tells you what you must do before you run specific programs or procedures. Each chapter will point you to more detailed information in Banyan IQ.
If you are an administrator on a server that is already installed, taking on day-to-day administrative tasks in an operational network, concentrate less on the planning information of this book and more on the sections that provide information on managing features with which you may not be familiar.
If you are creating a new network or adding a new server (either the first one in the network or an additional one), planning from the outset is important. You will also need information about management and routine operations.
Note that Banyan Customer Education can be very helpful for administrators responsible for network design or hardware. Contact your Banyan representative for more information on training.
The chart on the next two pages summarizes the major planning tasks discussed in this guide and the order in which they should be accomplished. Chapter numbers and the topics found in the chapters are listed under each task.
The next chapter contains examples of network topologies on which VINES can run and suggests ways to maximize the performance of your network.
When you finish reading this chapter, you should be familiar with these terms:
Administrator - The person who manages Banyan servers and network resources and monitors users and network activity.
Drive Z - The logical drive to which VINES automatically maps the VINES Files service. This service contains VINES programs for administrators and users.
Kernel - The lowest level of the native VINES operating system. Routines in the kernel allocate and coordinate system resources.
Multilingual VINES - An implementation of VINES that allows users of many nationalities to log in to the same network to perform their daily tasks in their native language.
Network software - The software that runs on DOS, Windows, and OS/2 workstations and exchanges information with the system software on the server.
Redirector - A Banyan workstation client program that accepts file and print requests from users and from user applications and directs them to the network.
Server - A computer that provides a particular service or set of services across a network.
Server console - A terminal connected to a native VINES server. Many server operations and maintenance tasks can be performed only from the server console.
Services - Banyan software that provides network features to users.
System software - Software that runs on a Banyan server and exchanges information with network software, which runs on DOS, Windows, and OS/2 workstations.