EXPLORING DIRECTORY SERVICES & REMOTE A

Unit - I
1
 SYLLABUS
1.1 Directory Services: Define Directory Service,
Definition of Novell Directory, Windows Domain, MS
Active Directory, X.500 Directory Access Protocol,
Lightweight Directory Access Protocol, Forests, Trees,
Roots and Leaves.

1.2 Active Directory Architecture: Object Types, Object

Naming, Canonical Names, LDAP Notation, Globally
unique identifiers, User Principle Names, Domain,
Trees & Forests.

1.3 Remote Network Access: Need of Remote Network

Access,
PSTN, ISDN, DSL, CATV.

1.4 Virtual Private Network: VPN Protocols, Types of

VPN, VPN Clients, SSL VPNs
2
DIRECTORY SERVICES: DEFINE
DIRECTORY SERVICE
 Directory services is the collection of
software and processes that store
information about enterprise, subscribers or
both and make information available to the
users.
 Example: Domain Name System (DNS)
 A Directory service consists of at least one
instance of Directory Server and at least one
Directory Client Program.
 Client program can access names, phone
numbers, addresses and other data stored in
the directory services.
 Directory server stores all user and
network information in a
 single, network-accessible3
repository.
 Directory services are network services that
identify every resources such as email
address, peripheral devices and computers
on the network and make these resources
accessible to users and applications.
 Most used Directory services are Lightweight
Directory Access Protocol which is used for
email addresses and Netware Directory
Services which is used in Novell Netware
Networks.

4
NOVELL DIRECTORY (NDS)
 It is known as Netware Directory Services.
 Novell directory services is a popular
software product for managing access to
computer resources and keeping track of the
users of a network such as a company’s
intranet from single point of administration.
 Using NDS, a network administrator can set
up and control a database of users and
manage them.
 Users of computers at remote locations can
be added, updated and managed centrally.
5
WINDOWS DOMAIN

 A Windows domain is a form of a computer

network in which all user accounts,
computers, printers and other security
principals, are registered with a central
database located on one or more clusters of
central computers known as domain
controllers.
 Authentication takes place on domain controllers.
 Each person who uses computers within a
domain receives a unique user account that
can then be assigned access to resources
within the domain.
 The concept of Windows domain is in contrast
with that of a workgroup in which each
computer
6
maintains its own database of security principals.
MS ACTIVE DIRECTORY

 Active Directory (AD) is a

directory service that Microsoft developed for
Windows domain networks.
 It is an object-oriented, hierarchical, distributed
directory services database system.
 That provide central database about
hardware,software and human resources of entire
network.
 A server running Active Directory Domain Services
(AD
DS) is called a domain controller.
 It authenticates and authorizes all users and
computers in a Windows domain type network—
assigning and enforcing security policies for all
computers and installing 7
or updating software.
X500 DIRECTORY ACCESS PROTOCOL

 X.500 is a series of computer networking

standards covering electronic directory
services. The X.500 series was developed by
ITU-T, formerly known as CCITT, and first
approved in 1988.
 The primary concept of X.500 is that there is
a single Directory Information Tree (DIT), a
hierarchical organization of entries which are
distributed across one or more
servers, called Directory System Agents
(DSA).
 An entry consists of a set of attributes, each
attribute with one or more values.
8
 Each entry has a unique Distinguished
Name, formed by combining its Relative
Distinguished Name (RDN), one or more
attributes of the entry itself, and the RDNs
of each of the superior entries up to the
root of the DIT.
 As LDAP implements a very similar data
model to that of X.500, there is further
description of the data model in the
article on LDAP.
9
LDAP
 The Lightweight Directory Access Protocol
(LDAP) is an open, scaled-down
implementation of X.500.
 Active directory and eDirectory are based on
LDAP.
 It is light weight and sufficient straight forward.
 Easy to implement.
 Runs directly above TCP/IP.
 LDAP security model defines how information
can be protected.
 Oldest version is written in C, new in Perl or
Java. Client constructs an LDAP message
containing request and send it to server.
 It provides directory access, a centralized
database of information about people, groups
and other entities. 10
 LDAP is based on a simpler subset of the standards
contained within the X.500 standard. Because of
this relationship, LDAP is sometimes called X.500-
lite.
Client-server: LDAP connection

client

 LDAP server(s)

11
OBJECT TYPES, OBJECT NAMING, CANONICAL
NAMES, LDAP NOTATION, GLOBALLY UNIQUE
IDENTIFIERS, USER PRINCIPLE NAMES,
DOMAIN, TREES & FORESTS.
Objects types in AD
 Container object:
 It is simply an object that stores other objects.
 It functions as branches of tree.
 AD uses container object like Organization Unit(OU).
 Rights and permissions flow downward through tree.
 Leaf object
 It stands alone and cannot store other objects.
 Object naming in AD
 Every object is unique and based on LDAP standard.
 Follows DN (distinguished name),RDN
(relative distinguished name)rules.
 Canonical Name: A canonical name in DN in
which domain name comes first then object’s parent
containers
 working down from the root separated by forward slashes.
12
 Ex: tracker.com/sales/inside
ACTIVE DIRECTORY STRUCTURE ELEMENT
FORESTS, TREES, AND DOMAINS
 The Active Directory frameworkthat holds
the objects can be viewed at a number of
levels.
 The object, forest, tree, and
domain are the logical divisions in
an Active Directory network.
 Object: It represents various resources on
network
 Domain: Logical group of network objects
(computers, users, devices) that share the
same Active Directory database. Domains are
identified by their DNS name structure
 Tree: A set of active directory names that
 share a common namespaces.
13
 Forest: A forest is a collection of more domain
trees.
1.3REMOTE NETWORK ACCESS
 In computer networking, remote access
technology allows logging into a system as
an authorized user from remote location.
 Remote access is commonly used on
corporate computer networks but can
also be utilized on home networks.
 If only the files or network services are
needed, then remote network access
would be the right solution.

14
NEED OF REMOTE NETWORK ACCESS

 Internet Access
 Remote access to stored private or shared
files on the LAN
 For send or receive E-Mail
 Remote access to a
centralized application, such
as an accounting system.
 Remote access to groupware programs
or applications.
 Access hosted web application.
 Access centralized database.
15
PSTN
 PSTN (public switched telephone network) is the
world's collection of interconnected voice-
oriented public telephone networks, both
commercial and government- owned.
 It's also referred to as the Plain Old Telephone
Service (POTS).
 This service sets up a path(circuit) between the
calling and called party, and maintains it for the
duration of call , so called public switched
telephone network.
 Switching offices are categorized in five class:
 Regional office
 Sectional office
 Primary office
 Toll office
 End office 16
Region
al
office

Loc 17
al
loo
 A small town may have one toll free office
while large city will have several end
offices.
 End offices are connected to one toll office.
 Many toll offices are connected to primary office.
 Many primary offices are connected
to sectional
office.
 Finally sectional offices are connected to
Regional office.
 Dialing is performedthrough a touch tone
technique.
 The frequency of signal depends on the row
and column of the pressed pad. 18
ISDN
 (Integrated Services Digital Network) An
international standard for switched, digital
dial-up telephone service for voice and data.
 Analog telephones and fax machines are used
over ISDN lines, but their signals are
converted into digital by the ISDN terminal
adapter.
 Channels
 ISDN uses 64 Kbps "B" (bearer) channels to carry
voice and data.
 A separate "D" (delta) channel is used for control.
 The D channel signals the carrier's voice switch to
make calls, put them on hold
and activate features such as19 conference
calling and call forwarding.
20
 Basic Service (BRI)
 ISDN BRI (Basic Rate Interface) uses one wire
pair to carry two 64 Kbps B channels and one 16
Kbps D channel (2B+D).
 Both B channels are often "bonded" into one,
providing a
total data rate of 128 Kbps.

 Higher Capacity (PRI)

 ISDN PRI (Primary Rate Interface) uses four wire
pairs to provide 23 B channels and one 64 Kbps
D channel (23B+D).
 A PRI line is equivalent to a 24-channel T1 line.
Bonding channels is common; for example, six
channels provide 384 Kbps for high-quality
videoconferencing.
21
DSL
 DSL (Digital Subscriber Line) is a technology
for bringing high- bandwidth information to
homes and small businesses over ordinary
copper telephone lines.
 xDSL refers to different variations of DSL, such
as ADSL, HDSL, and RADSL.
 Assuming your home or small business is close
enough to a telephone company central office
that offers DSL service, you may be able to
receive data at rates up to
6.1 megabits (millions of bits) per second (of a
theoretical 8.448 megabits per second),
enabling continuous transmission of motion
video, audio, and even 3-D effects. 22
23
 More typically, individual connections will
provide from 1.544 Mbps to 512 Kbps
downstream and about 128 Kbps upstream.
 A DSL line can carry both data and voice
signals and the data part of the line is
continuously connected.
 DSL installations began in 1998 and will
continue at a greatly increased pace through
the next decade in a number of communities
in the U.S. and elsewhere.
 DSL is expected to replace ISDN in many
areas and to compete with the cable modem
in bringing multimedia and 3-D to homes and
small businesses.
24
CATV
 Cable TV started to distribute
broadcast video signals to locations.
 Antenna at the top of a hill or building
received signals from TV stations and
distributed them, to the community so
known as CATV.
 Cable TV office called the head end
receives video signals from broadcasting
stations and feeds them into coaxial
cables.
 The signal becomes weaker with
distance so amplifiers were installed
through network.
 There could be up to 35 amplifiers between head
25
end and the subscriber channel.
26
1.4VIRTUAL PRIVATE NETWORK
 A VPN ( or Virtual Private Network) is a way of
creating a secure connection ‘to’ and ‘from’ a
network or a computer.
 The VPN uses strong encryption and
restricted, private data access which keeps
the data secure from the other users of the
underlying network which could often be a
public network like the Internet.
 VPNs have been used for years, but they have
become more robust only in recent years.
 They are more affordable and also much faster.

27
28
REMOTE ACCESS VPN

29
SITE TO SITE VPN

30
VPN PROTOCOLS
 IP Security (IPSec)
 Transport mode
 Tunnel mode
 Point-to-Point Tunneling Protocol (PPTP)
 Voluntary tunneling method
 Uses PPP (Point-to-Point Protocol)
 Layer 2 Tunneling Protocol (L2TP)
 Exists at the data link layer of OSI
 Composed from PPTP and L2F (Layer 2 Forwarding)
 Compulsory tunneling method
 SSL & TLS – 31
 is not used as much as the ones above
VPN CLIENT
 To use the VPN, both sides of a VPN
connection must be running compatible
VPN software using compatible protocols.
 A VPN Client software on one computer
connects to a VPN server on another
computer and by using encryption and
other security measures.
 Types of VPN Clients are as below
 SSL VPN Client
 CISCO VPN Client
 IPSec VPN Client
 Open VPN Client
32
ADVANTAGE OF VPN
 Advantages:
Greater scalability
Easy to add/remove users
Reduced long-distance telecommunications costs
Mobility
Security

33
DISADVANTAGE OF VPN
 Disadvantages
 Lack of standards
 Understanding of security issues
 Unpredictable Internet traffic
 Difficult to accommodate products from different
vendors

34
IMP QUESTION FOR GTU EXAM
 Explain X.500 – directory access protocol
 Define forest, tree, root
 Explain DSL in detail
 Explain VPN in detail
 Explain need of remote network access
 Explain Directory Service.
 Explain Light Weight Directory Access Protocol.
 Explain Active Directory Architecture
 Explain PSTN.
35
36
37