Tutorial Program Monday February 12

Instructor: Dr. Marshall Kirk McKusick, Author and Consultant

Marshall Kirk McKusick writes books and articles, consults, and teaches classes on UNIX-and BSD-related subjects. While at the University of California at Berkeley, he implemented the 4.2BSD fast file system, and was the Research Computer Scientist at the Berkeley Computer Systems Research Group (CSRG) overseeing the development and release of 4.3BSD and 4.4BSD. His particular areas of interest are the virtual-memory system and the filesystem. He earned his undergraduate degree in Electrical Engineering from Cornell University, and did his graduate work at the University of California at Berkeley, where he received Masters degrees in Computer Science and Business Administration, and a doctoral degree in Computer Science. He is a past president and current board member of the USENIX Association, and is a member of AAAS, ACM, and IEEE.

Who should attend:
Who should attend: This course provides a broad overview of how the FreeBSD kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. Individuals involved in technical and sales support can learn the capabilities and limitations of the system; applications developers can learn how to effectively and efficiently interface to the system; systems programmers without direct experience with the FreeBSD kernel can learn how to maintain, tune, and interface to such systems. This course is directed to users who have had at least a year of experience using an UNIX-like system and the C programming language. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays). Students will not need to prove relationship with a source license holder, as source code examples will be taken from the freely distributable FreeBSD system.

Abstract:
This course will provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces will be used as examples where they are defined. Where they are not defined, the FreeBSD interfaces will be described. The course will cover basic kernel services, process structure, virtual and physical memory management, scheduling, paging and swapping. The kernel I/O structure will be described showing how I/O is multiplexed, special devices are handled, character processing is done, and the buffer pool is managed. The implementation of the filesystem and its capabilities including soft updates will be described. The filesystem interface will then be generalized to show how to support multiple filesystem types such as Sun Microsystem’s Network File System (NFS). The course will also cover the FreeBSD socket-based network architecture, layering and implementation. The socket communications primitives and internal layering will be discussed, with emphasis on the interfaces between the layers; the TCP/IP implementation will be used as an example. A discussion of routing issues will be included.

The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as device drivers.

• Day 1 morning – Kernel Overview
  • Kernel terminology
  • Basic kernel services
  • Process structure
• Day 1 afternoon – Kernel Resource Management
  • Virtual memory management
  • Paging and swapping
  • Scheduling Signals
• Day 2 morning – Kernel I/O structure
  • Special files
  • Terminal handling
  • Multiplexing I/O
  • Autoconfiguration strategy
  • Structure of a disk device driver
• Day 2 afternoon – Filesystems
  • Filesystem services
  • Block I/O system (buffer cache)
  • Filesystem implementation
  • Soft Updates
  • Support for multiple filesystems
  • Network File System (NFS)
• Day 3 morning – Interprocess Communication
  • Concepts and terminology
  • Basic IPC services
  • Example use of IPC and network facilities
• Day 3 afternoon – Networking
  • Implementation
  • System layers and interfaces
  • Routing issues
  • Internet protocols (TCP/IP)

Instructors: Phil Cox, Consultant for System-Experts Corporation and Gerald Carter, VA Linux Systems

Phil Cox frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login:, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. He is the lead author of the “Windows 2000 Security Handbook” by Osborne McGraw-Hill (published fall of 2000). Phil holds a B.S. in computer science from the College of Charleston, South Carolina.

Gerald Carter is employed by VA Linux Systems and a member of the SAMBA Development Team since 1998. He is currently working on a guide to LDAP for system administrators with O’Reilly Publishing. He holds a master’s degree in computer science from Auburn University where he was also previously employed as a network and systems administrator. Gerald has published articles with various web-based magazines such as Linuxworld, and has authored instructional course for companies such as Linuxcare. In addition to this, he acted as the lead author of “Teach Yourself Samba in 24 Hours” by Sam’s Publishing.

Who should attend:
System administrators who are responsible for heterogeneous Windows NT- and UNIX-based systems. Attendees should have user-level knowledge of both UNIX and Windows NT, and it is recommended they have systems administration experience in at least one of these OSes.

Abstract:
Today’s organizations choose computing solutions from a variety of vendors. Often, integrating the solutions into a seamless, manageable enterprise is an afterthought, left up to system administrators. This course covers specific problem areas in administering a mixture of UNIX and Windows NT systems. The focus will be on practical solutions that can be applied today to real-world administration problems.

Topics include:
Overview of NT and UNIX Basic homogeneous setups Services: what’s offered, and how similarities differentiate potential sticking points.

Areas of interest

• Electronic mail Web servers
• User authentication
• File serving
• Printing
• Faxes and modems
• Host-to-host connectivity
• Remote administration
• Backup and restore

For each of the areas of interest we will cover:

• Current uses in homogeneous environments
• Available answers - where integration can happen
• Integration solutions, how to choose one, some useful tools
• Security considerations

Instructor: Roland Hedberg, Catalogix

Roland Hedberg has been work-ing on and off with directory services since 1988, at the start with X.500 but over the years more and more with LDAP. Since 1993 he has been active-ly involved in the IETF standardization work around directory services and is the author/co-author of a num-ber of RFCs in that area. He has also written a num-ber of applications based on LDAP, been heavily in-volved in the SUNET email directory, in the TISDAG project and has contributed to the soon to be published Swedish LDAPv3 implementation. Presently he is run-ning his own company and is working with integrating large distributed information systems.

Who should attend:

Systems administrators who want to learn about LDAP, how it works and what good it can do for them.

This will be an intense, fast-paced, full-day tutorial intended for people with little or no experience with LDAP.

Topics include:

After introducing a bit of the philosophy and history under-lying LDAP, this tutorial covers:

• The basic concepts of LDAP: Datamodel, protocol operations
• Demonstration of the two available public domain implementations
• Practical examples of usage
• Ongoing work with LDAP within the IETF

Instructor: Tina Bird, Counterpane Internet Security

Tina Bird is a network security architect at Counterpane Internet Security, which provides a Managed Security Monitoring Service. She has implemented and managed a variety of wide-area-network security technologies, such as firewalls, VPN packages and authentication systems built and supported Internet-based remote access systems and developed, implemented and enforced corporate IS security policies in a variety of environments.

Tina Bird is the moderator of the Virtual Private Networks mailing list, and the owner of “VPN Resources on the World Wide Web”, a highly regarded vendor neutral source of information about VPN technology (kubarb.phsx.ukans.edu/~tbird/vpn.html). Tina has BS in physics from Notre Dame and an MS and Ph.D. in astrophysics from the University of Minnesota.

Tina Bird is the moderator of the Virtual Private Networks mailing list, and the owner of “VPN Resources on the World Wide Web”, a highly regarded vendor neutral source of information about VPN technology (kubarb.phsx.ukans.edu/~tbird/vpn.html). Tina has BS in physics from Notre Dame and an MS and Ph.D. in astrophysics from the University of Minnesota.

Who should attend:
System administrators and network managers responsible for remote access and wide area networks within their organization. Participants should be familiar with TCP/IP networking and fundamental network security, although some review is provided. The purpose of this intro tutorial is to provide a step-by-step guide to evaluating an organization's VPN requirements, selecting the appropriate VPN architecture, and implementing it within a preexisting security infrastructure. Virtual private networking technology provides a flexible mechanism for addressing connectivity needs within many organizations. This class focuses on assessing business and technical requirements for remote access and extranet connections; evaluating VPN technology; integrating VPNs within an existing network infrastructure; common implementation difficulties; and VPN security issues.

Topics include:

• VPN security features (encryption, access control, NAT) and how they protect against common Internet threats
• Assessing your organization’s needs for remote access
• IPSec, PPTP, application layer VPNs, and where they fit
• A brief review of commercial VPN products
• Implementing VPN technology within your organization’s network
• Common VPN difficulties
• VPN security issues

After completing this course, students will be ready to evaluate their requirements for remote access and begin testing commercial VPN implementations.

Instructor: Adrian Cockcroft, Sun Microsystems

Since presenting a tutorial at the first NordU conference Adrian has become a Sun Distinguished Engineer and now works for Sun's Integrated Products Group. He is researching the performance and manageability of extremely complex future system configurations. From 1995 to 1999 Adrian produced a monthly Performance Q&A column for Sunworld Online magazine and has given many tutorials, training classes, seminars and conference papers over the 12 years he has worked for Sun. Adrian is the co-author of three books: “Sun Performance and Tuning”, “The Sun Blueprint on Resource Management”, and “The Sun Blueprint on Capacity Planning for Internet Services”. His tutorial will cover material drawn from all three books, and will also allow plenty of time for audience interaction, so bring your own questions!

Who should attend:
This tutorial is targeted at System Administrators, Systems Engineers, Capacity Planners and Developers. All of Adrian's experience and examples are based on the Sun SPARC and Solaris platform, but many of the techniques are applicable to other versions of UNIX. Adrian has presented several tutorials to UNIX users converting from a Mainframe background and he can answer their usual questions like “where do I get performance metrics from and what do they mean”.

Topics include:
Performance tuning tools and techniques, updated since the book was published to cover Solaris 7 and 8, the latest UltraSPARC III based systems and the latest releases of performance tools.

Server consolidation, resource management and techniques for advanced process and workload based performance measurement and analysis.

Capacity planning techniques that can be used in high growth and high rate of change environments where there is no time to do complex in-depth performance modeling. The alternative to driving blind in these Internetdriven environments is presented as a set of simple guidelines, example processes and spreadsheet based models that can be implemented very quickly.

OBS! Only half a day!

Instructor: Rolf Åberg, Senior Consultant, Duplex Datautbildning AB and Simplex System

Rolf Åberg has been System Support Manager at Microsoft Swedish subsidiary and an applications developer before joining Microsoft. His view on Visual Basic is: “The only computer game I need.” Another area of interest is SQL Server and he also has extensive experience in administering live networks. Holding an M.Sc. degree, Rolf has been training and con-sulting, as independent, on Windows 2000, Windows NT, Visual Basic and SQL Server since well into last cen-tury. As a writer his latest book is called “Allt om Windows NT Server” (All About Windows NT Server), which on almost 1400 pages attempts at living up to its bold name. In the (slow) works is another book by the tentative name of “Vägen till Windows 2000 och Active Directory” (The Road to Windows 2000 And Active Directory).

Abstract:
Active Directory is Microsoft’s first attempt at a directory service, i.e. something akin to Novell’s NDS, Banyan StreetTalk or even NIS/NIS+. This half-day tutorial will equip the attendant with all necessary vocabulary such as Domain Forests, Kerberos Trusts and Multi-Master Replication. The tutorial will start by presenting the problems in the Directory Service in Windows NT and how Active Directory purports to solve these problems. Also, we will discuss what new problems Active Directory introduces, such as the root domain that has to be carved in stone and the inability to join two existing domains with the new Kerberos trusts.

In contrast to Novell’s NDS Microsoft has chosen to keep the domain as the main replication boundary in Active Directory and also to increase the number of types of group in Active Directory, up to five. The role of the new Super Administration Group, Enterprise Admins will also be discussed. Active Directory has excellent features for delegating administration, every object (user account, group, etc.) and every attribute belonging to the objects is protected by an Access Control List, ACL. There are wizards in Active Directory to help in setting up dele-gation, but it is also possible to change the ACL on one attribute to allow one user account to change only one attribute for one other user account. Without DNS support Active Directory cannot function. The only mandatory feature of the DNS servers are that they can handle SRV records (RFC 2782, which replaces RFC 2052). Thus there are several DNS servers that can play this vital part for Active Directory: the DNS Server in Windows NT, DNS Server in Windows 2000 and BIND 8.x. Kerberos is the primary logon authentication proto-col used in Active Directory domains whenever two Windows 2000 computers communicate. As an, hope-fully, interesting part we will demonstrate the use of Active Directory on Windows 2000 Server as a Kerberos logon server (Kerberos KDC) for UNIX and also how to use UNIX Kerberos to validate logons from Windows 2000.

Topics include:

• Problems in Window NT “Directory Service” that Microsoft wanted to solve with Active Directory
• Overview of Active Directory: Domain, Domain tree, Domain forest, Kerberos trusts, Schema
• Particulars of Active Directory
• Interesting design decisions made by Microsoft
• Use of Organizational Units, OUs, in Active Directory and delegation of administration, Access Control Lists, ACLs in Active Directory
• DNS and Active Directory: Active Directory must have DNS support
• Kerberos in Windows 2000: Used only when two Windows 2000 computers communicate, or?
• Active Directory Domains: the most secure Windows environment

OBS! Only half a day!

Instructor: Paul Massiglia, Veritas Software Corporation

Paul Massiglia has been in the storage industry for over 20 years. He has held engineering and marketing positions with major storage suppliers, including, Digital, Adaptec and Quantum. He is currently employed with VERITAS Software Corporation, where he acts as the company’s representative to storage industry associations, including the SNIA. He also writes and presents technology white papers on subjects of importance to VERITAS, and is a frequent participant in industry conferences.

Paul Massiglia is former Vice-Chairman of the RAID Advisory Board and author of “The RAIDbook”, “The Digital Large System Mass Storage Handbook”, and “Managing Online Volumes in Windows Operating Systems”.

Abstract:
Abstract: The tutorial will begin with a discussion of host-based volume management, the challenges involved in making volume managers “cluster aware”, and how the VERITAS SANpoint Volume Manager overcomes these challenges. The second segment of the seminar will focus on similar issues at the file system level. The semantics of UNIX file systems and how to implement those semantics in a multi-host environment will be discussed. The final segment will cover clustering. The VERITAS cluster server application model, and the cluster capabilities it enables will be reviewed. Cluster capabilities enabled by SANs will be discussed, as well as challenges introduced by SANs (e.g., zoning). VERITAS cluster server solutions to these problems will be reviewed. The SANpoint Control SAN management tool will be discussed in the context of enabling SAN functionality for clusters. The seminar will wrap up with a brief look at global computing using the VERITAS Global Cluster Manager.

This tutorial will discuss the VERITAS software products that build on SAN hardware capabilities to make robust, scalable enterprise computing environments. The basic premise of storage area networks is the connection of large numbers of storage devices to large numbers of servers. To beneficially exploit this connectivity, however, environmental software is required. Volume managers, which increase the availability and scalability of both disk drives and RAID subsystems must be made mutually aware, so that volume managers running in multiple SAN-attached servers can coordinate access to a pool of storage. Similarly, file system instances running in different servers must be aware of each other so that file systems can be shared. For application availability and scaling, clustering is required. VERITAS has spent the last 18 months enhancing both its foundation volume manager and file system products and its cluster manager to fully exploit SAN capabilities.