Unix V Case Studies
Unix V Case Studies
Unix V Case Studies
A Linux-based system is a modular Unix-like operating system. It derives much of its basic design from
principles established in UNIX. Such a system uses a monolithic kernel which handles process control,
networking, and peripheral and file system access.
Shell - Linux provides a special interpreter program which can be used to execute commands of the
operating system.
Security - Linux provides user security using authentication features like password protection/
controlled access to specific files/ encryption of data.
5.4 Architecture
User programs and other system programs work in User Mode which has no access to system
hardware and kernel code.
User programs/ utilities use System libraries to access Kernel functions to get system's low level
tasks.
o The graphical environment primarily used with Linux is called the X Window System (X
for short) that provides tools with which a GUI can be implemented. Some popular
window managers are blackbox and windowmaker. There are also two popular desktop
managers, KDE and Gnome.
6. Network logins (telnet, rlogin & ssh)
Network logins work a little differently than normal logins. For each person logging in via the
network there is a separate virtual network connection. It is therefore not possible to run a separate
getty for each virtual connection. There are several different ways to log in via a network, telnet and
ssh being the major ones in TCP/IP networks.
Most of Linux system administrators consider telnet and rlogin to be insecure and prefer ssh,
the ``secure shell'', which encrypts traffic going over the network, thereby making it far less likely that
the malicious can ``sniff'' the connection and gain sensitive data like usernames and passwords.
7. Network File System (NFS & CIFS)
One of the more useful things that can be done with networking services is sharing files via a
network file system. Depending on your network this could be done over the Network File System (NFS),
or over the Common Internet File System (CIFS).
NFS is typically a 'UNIX' based service. In Linux, NFS is supported by the kernel. CIFS however is
not. In Linux, CIFS is supported by Samba. With a network file system any file operations done by a
program on one machine are sent over the network to another computer.
A web administrator maintains web server services (such as Apache or IIS) that allow for
internal or external access to web sites. Tasks include managing multiple sites, administering
security, and configuring necessary components and software.
A computer operator performs routine maintenance and upkeep, such as changing backup
tapes or replacing failed drives in a redundant array of independent disks (RAID).
A postmaster administers a mail server.
A Storage Administrator (SAN) can create, provision, add or remove Storage to/from
Computer systems. Storage can be attached locally to the system or from a storage area
network (SAN) or network-attached storage (NAS).
A Linux machine can be configured as a server either by compiling several well-defined scripts
multifunction server, the system administrator should have knowledge about a series of shell
commands. A Linux machine can be configured as any of following application servers such as,
search server
nameserver 70.153.258.42
nameserver 70.253.158.45
nameserver 151.164.1.8
5. Now edit /etc/hosts and add your IP addresses:
127.0.0.1 localhost.localdomain localhost server1
70.153.258.42 server1.centralsoft.org server1
6. Now, to set the hostname, enter these commands:
# echo server1.centralsoft.org > /etc/hostname
# /bin/hostname -F /etc/hostname
7. verify that you configured your hostname correctly by running the hostname
command:
~$ hostname -f
server1.centralsoft.org
5.9 Providing Domain Name Services (BIND - the ubiquitous DNS server)
Debian provides a stable version of BIND in its repositories. BIND can be installed, setup
and secure it in a chroot environment, meaning it won’t be able to see or access files
outside its own directory tree. This is an important security technique.
The term chroot refers to the trick of changing the root filesystem (the /directory) that a
process sees, so that most of the system is effectively inaccessible to it.
The BIND server also can be configured to run as a non-root user. That way, if someone
gains access to BIND, he/she won’t gain root privileges or be able to control other
processes.
1. To install BIND on your Debian server, run this command:
# apt-get install bind9
Debian downloads and configures the file as an Internet service and the status can be
seen on the console:
Setting up bind9 (9.2.4-1)
Adding group `bind' (104) - Done.
Adding system user `bind'
Adding new user `bind' (104) with group `bind'.
Not creating home directory.
Starting domain name service: named.
2. To put BIND in a secured environment, create a directory where the service can run
unexposed to other processes. First stop the service by running the following command:
Sri vidya College of Engineering & Technology, Virudhunagar Course material
# /etc/init.d/bind9 stop
3. Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind,
chrooted to /var/lib/named. Change the line:
OPTS="-u bind"
So that it reads:
OPTIONS="-u bind -t /var/lib/named"
4. To provide a complete environment for running BIND, create the necessary directories
under /var/lib:
# mkdir -p /var/lib/named/etc
# mkdir /var/lib/named/dev
# mkdir -p /var/lib/named/var/cache/bind
# mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
# mv /etc/bind /var/lib/named/etc
Next, create a symbolic link to the new config directory from the old location, to avoid
problems when BIND is upgraded in the future:
# ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices for use by BIND, and fix the permissions of the directories:
# mknod /var/lib/named/dev/null c 1 3
# mknod /var/lib/named/dev/random c 1 8
Then change permissions and ownership on the files:
# chmod 666 /var/lib/named/dev/null
/var/lib/named/dev/random
# chown -R bind:bind /var/lib/named/var/*
# chown -R bind:bind /var/lib/named/etc/bind
5. Finally, start BIND:
# /etc/init.d/bind9 start
6. To check whether named is functioning without any trouble.
Execute this command:
server1:/home/admin# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
Sri vidya College of Engineering & Technology, Virudhunagar Course material
5.10 Virtualization
Virtualization refers to the act of creating a virtual (rather than actual) version of
something, including a virtual computer hardware platform, operating system (OS),
storage device, or computer network resources.
For example, a computer that is running Microsoft Windows may host a virtual machine
that looks like a computer with the Ubuntu Linux operating system; Ubuntu-based
software can be run on the virtual machine.
Hardware Virtualization
Benefits of Virtualization
1. Instead of deploying several physical servers for each service, only one server can
be used. Virtualization let multiple OSs and applications to run on a server at a time.
Consolidate hardware to get vastly higher productivity from fewer servers.
2. If the preferred operating system is deployed as an image, so we needed to go
through the installation process only once for the entire infrastructure.
3. Improve business continuity: Virtual operating system images allow us for instant
recovery in case of a system failure. The crashed system can be restored back by
coping the virtual image.
4. Increased uptime: Most server virtualization platforms offer a number of advanced
features that just aren't found on physical servers which increases servers’ uptime.
Some of features are live migration, storage migration, fault tolerance, high
availability, and distributed resource scheduling.
5. Reduce capital and operating costs: Server consolidation can be done by running
multiple virtual machines (VM) on a single physical server. Fewer servers means
lower capital and operating costs.
Sri vidya College of Engineering & Technology, Virudhunagar Course material
Architecture - Virtualization
The heart of virtualization is the “virtual machine” (VM), a tightly isolated software
container with an operating system and application inside. Because each virtual machine is
completely separate and independent, many of them can run simultaneously on a single
computer. A thin layer of software called a hypervisor decouples the virtual machines from the
host and dynamically allocates computing resources to each virtual machine as needed.
This architecture redefines your computing equation and delivers:
Many applications on each server: As each virtual machine encapsulates an entire
machine, many applications and operating systems can run on a single host at the same
time.
Maximum server utilization, minimum server count: Every physical machine is used to
its full capacity, allowing you to significantly reduce costs by deploying fewer servers
overall.
Faster, easier application and resource provisioning: As self-contained software files,
virtual machines can be manipulated with copy-and-paste ease. Virtual machines can
even be transferred from one physical server to another while running, via a process
known as live migration.
VMware Workstation
VMware Workstation is developed and sold by VMware, Inc., a division of EMC
Corporation. VMware Workstation is a hypervisor that runs on x86 or x86-64 computers; it
enables users to set up one or more virtual machines (VMs) on a single physical machine, and
use them simultaneously along with the actual machine.
Each virtual machine can execute its own operating system, including versions of
Microsoft Windows, Linux, BSD, and MS-DOS. VMware Workstation supports bridging existing
host network adapters and share physical disk drives and USB devices with a virtual machine.
In addition, it can simulate disk drives. It can mount an existing ISO image file into a virtual
optical disc drive so that the virtual machine sees it as a real one. Likewise, virtual hard disk
drives are made via .vmdk files.
VMware Workstation can save the state of a virtual machine (a "snapshot") at any
instant. These snapshots can later be restored, effectively returning the virtual machine to the
saved state.
Sri vidya College of Engineering & Technology, Virudhunagar Course material
VMware Workstation
VMware Workstation includes the ability to designate multiple virtual machines as a
team which can then be powered on, powered off, suspended or resumed as a single object,
making it particularly useful for testing client-server environments.
VMWare Player
The VMware Player, a virtualization package of basically similar, but reduced,
functionality, is also available, and is free of charge for non-commercial use, or for distribution
or other use by written agreement.
VMware Player is a virtualization software package supplied free of charge by VMware,
Inc. VMware Player can run existing virtual appliances and create its own virtual machines. It
uses the same virtualization core as VMware Workstation, a similar program with more
features, but not free of charge. VMware Player is available for personal non-commercial use,
or for distribution or other use by written agreement.
VMware claims the Player offers better graphics, faster performance, and tighter
integration for running Windows XP under Windows Vista or Windows 7 than Microsoft's
Windows XP Mode running on Windows Virtual PC, which is free of charge for all purposes.
VMware Tools
VMware Tools is a package with drivers and other software that can be installed in guest
operating systems to increase their performance. It has several components, including the
following drivers for the emulated hardware:
VESA-compliant graphics for the guest machine to access high screen resolutions
Network drivers for the vmxnet2 and vmxnet3 NIC
Sri vidya College of Engineering & Technology, Virudhunagar Course material
If you select Typical, the wizard prompts you to specify or accept defaults for the
following choices:
The guest operating system
The virtual machine name and the location of the virtual machine's files
The network connection type
Whether to allocate all the space for a virtual disk at the time you create it
Whether to split a virtual disk into 2GB files
Sri vidya College of Engineering & Technology, Virudhunagar Course material
If you select Custom, the wizard prompts you to specify or accept defaults for the
following choices:
Make a legacy virtual machine that is compatible with Workstation 4.x, GSX
Server 3.x, ESX Server 2.x and VMware ACE 1.x.
Use an IDE virtual disk for a guest operating system that would otherwise have
a SCSI virtual disk created by default
Use a physical disk rather than a virtual disk and Set memory options that are
different from the defaults
4. Select a guest operating system and type a name and folder for the virtual machine.
Linux hosts: The default location for this Windows XP Professional virtual machine is
<homedir>/vmware/winXPPro, where <homedir> is the home directory of the user who is
5. Specify the number of processors for the virtual machine. The setting Two is supported
only for host machines with at least two logical processors.
Sri vidya College of Engineering & Technology, Virudhunagar Course material
If you selected Custom as your configuration path, you may adjust the memory settings
or accept the defaults, then click Next to continue.
6. Configure the networking capabilities of the virtual machine.
If you selected Typical as your configuration path, click Finish and the wizard
sets up the files needed for your virtual machine.
If you selected Custom as your configuration path, continue with the steps
below to configure a disk for your virtual machine.
7. Select whether to create an IDE or SCSI disk and specify the capacity of the virtual disk.
8. Click Finish. The wizard sets up the files needed for your virtual machine.
XEN Environment
Responsibilities of the hypervisor include memory management and CPU scheduling of
all virtual machines, and for launching the most privileged domain - the only virtual machine
which by default has direct access to hardware. From the dom0 the hypervisor can be managed
and unprivileged domains can be launched.
Administering XenServer
There are two methods by which to administer XenServer: XenCenter and the XenServer
Command-Line Interface (CLI).
XenCenter is a graphical, Windows-based user interface. XenCenter allows you to manage
XenServer hosts, pools and shared storage, and to deploy, manage and monitor VMs from
your Windows desktop machine.
The XenCenter on-line Help is a useful resource for getting started with XenCenter and for
context-sensitive assistance.
If rpm reports that VNC is not installed, it may be installed from root as follows:
yum install vnc
2. Running virt-install to Build the Xen Guest System
virt-install must be run as root and, once invoked, will ask a number of questions before
creating the guest system. The question are as follows:
i. What is the name of your virtual machine and install location?
ii. How much RAM should be allocated (in megabytes)?
iii. What would you like to use as the disk (path)?
iv. Would you like to enable graphics support? (yes or no)
The following transcript shows a typical virt-install session:
# virt-install
3. Once the guest system has been created, the vncviewer screen will appear containing the operating
system installer:
Linux System - Design Principles, Kernel Modules, Process Management, Scheduling, Memory
OS - iOS and Android - Architecture and SDK Framework, Media Layer, Services Layer, Core
The role of the Media layer is to provide iOS with audio, video, animation and graphics
capabilities. As with the other layers comprising the iOS stack, the Media layer comprises a
number of frameworks which may be utilized when developing iPhone apps. In this section we
will look at each one in turn.
The Core Video Framework provides buffering support for the Core Media framework. Whilst
this may be utilized by application developers it is typically not necessary to use this framework.
The iOS Core Text framework is a C-based API designed to ease the handling of advanced text
layout and font rendering requirements.
The Image I/O framework, the purpose of which is to facilitate the importing and exporting of
image data and image metadata, was introduced in iOS 4. The framework supports a wide range
of image formats including PNG, JPEG, TIFF and GIF.
The Assets Library provides a mechanism for locating and retrieving video and photo files
located on the iPhone device. In addition to accessing existing images and videos, this
framework also allows new photos and videos to be saved to the standard device photo album.
Core Graphics Framework (CoreGraphics.framework)
The iOS Core Graphics Framework (otherwise known as the Quartz 2D API) provides a
lightweight two dimensional rendering engine. Features of this framework include PDF
document creation and presentation, vector based drawing, transparent layers, path based
drawing, anti-aliased rendering, color manipulation and management, image rendering and
gradients. Those familiar with the Quartz 2D API running on MacOS X will be pleased to learn
that the implementation of this API is the same on iOS.
A new framework introduced with iOS 5 providing a set of video and image filtering and
manipulation capabilities for application developers.
The purpose of the Quartz Core framework is to provide animation capabilities on the iPhone. It
provides the foundation for the majority of the visual effects and animation used by the UIKit
framework and provides an Objective-C based programming interface for creation of specialized
animation within iPhone apps.
For many years the industry standard for high performance 2D and 3D graphics drawing has
been OpenGL. Originally developed by the now defunct Silicon Graphics, Inc (SGI) during the
1990s in the form of GL, the open version of this technology (OpenGL) is now under the care of
a non-profit consortium comprising a number of major companies including Apple, Inc., Intel,
Motorola and ARM Holdings.
OpenGL for Embedded Systems (ES) is a lightweight version of the full OpenGL specification
designed specifically for smaller devices such as the iPhone. iOS 3 or later supports both
OpenGL ES 1.1 and 2.0 on certain iPhone models (such as the iPhone 3GS and iPhone 4).
Earlier versions of iOS and older device models support only OpenGL ES version 1.1.
GLKit Framework (GLKit.framework)
The GLKit framework is an Objective-C based API designed to ease the task of creating
OpenGL ES based applications.
The Newsstand application is a new feature of iOS 5 and is intended as a central location for
users to gain access to newspapers and magazines. The NewsstandKit framework allows for the
development of applications that utilize this new service.
iOS is capable of supporting audio in AAC, Apple Lossless (ALAC), A-law, IMA/ADPCM,
Linear PCM, µ-law, DVI/Intel IMA ADPCM, Microsoft GSM 6.10 and AES3-2003 formats
through the support provided by the following frameworks.
An Objective-C based framework designed to allow the playback, recording and management of
audio content.
The frameworks that comprise Core Audio for iOS define supported audio types, playback and
recording of audio files and streams and also provide access to the device‟s built-in audio
processing units.
OpenAL is a cross platform technology used to provide high-quality, 3D audio effects (also
referred to as positional audio). Positional audio may be used in a variety of applications though
is typically used to provide sound effects in games.
Media Player Framework (MediaPlayer.framework)
The iOS Media Player framework is able to play video in .mov, .mp4, .m4v, and .3gp formats at
a variety of compression standards, resolutions and frame rates.
Introduced in iOS 4, the Core MIDI framework provides an API for applications to interact with
MIDI compliant devices such as synthesizers and keyboards via the iPhone‟s dock connector.
The iOS Core Services layer provides much of the foundation on which the previously
referenced layers are built and consists of the following frameworks.
The Address Book framework provides programmatic access to the iPhone Address Book
contact database allowing applications to retrieve and modify contact entries.
The CFNetwork framework provides a C-based interface to the TCP/IP networking protocol
stack and low level access to BSD sockets. This enables application code to be written that
works with HTTP, FTP and Domain Name servers and to establish secure and encrypted
connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
This framework is provided to ease the creation of data modeling and storage in Model-View-
Controller (MVC) based applications. Use of the Core Data framework significantly reduces the
amount of code that needs to be written to perform common tasks when working with structured
data within an application.
The Core Media framework is the lower level foundation upon which the AV Foundation layer is
built. Whilst most audio and video tasks can, and indeed should, be performed using the higher
level AV Foundation framework, access is also provided for situations where lower level control
is required by the iOS application developer.
The iOS Core Telephony framework is provided to allow applications to interrogate the device
for information about the current cell phone service provider and to receive notification of
telephony related events.
An API designed to provide applications with access to the calendar, reminders and alarms on
the device.
The Foundation framework is the standard Objective-C framework that will be familiar to those
who have programmed in Objective-C on other platforms (most likely Mac OS X). Essentially,
this consists of Objective-C wrappers around much of the C-based Core Foundation Framework.
The iOS Mobile Core Services framework provides the foundation for Apple‟s Uniform Type
Identifiers (UTI) mechanism, a system for specifying and identifying data types. A vast range of
predefined identifiers have been defined by Apple including such diverse data types as text, RTF,
HTML, JavaScript, PowerPoint .ppt files, PhotoShop images and MP3 files.
The purpose of the Store Kit framework is to facilitate commerce transactions between your
application and the Apple App Store. Prior to version 3.0 of iOS, it was only possible to charge a
customer for an app at the point that they purchased it from the App Store. iOS 3.0 introduced
the concept of the “in app purchase” whereby the user can be given the option to make additional
payments from within the application. This might, for example, involve implementing a
subscription model for an application, purchasing additional functionality or even buying a faster
car for you to drive in a racing game. With the introduction of iOS 6, content associated with an
in-app purchase can now be hosted on, and downloaded from, Apple‟s servers.
SQLite library
Allows for a lightweight, SQL based database to be created and manipulated from within your
iPhone application.
The Quick Look framework provides a useful mechanism for displaying previews of the contents
of file types loaded onto the device (typically via an internet or network connection) for which
the application does not already provide support. File format types supported by this framework
include iWork, Microsoft Office document, Rich Text Format, Adobe PDF, Image files,
public.text files and comma separated (CSV).
The Core OS Layer occupies the bottom position of the iOS stack and, as such, sits directly on
top of the device hardware. The layer provides a variety of services including low level
networking, access to external accessories and the usual fundamental operating system services
such as memory management, file system handling and threads.
The Accelerate Framework provides a hardware optimized C-based API for performing complex
and large number math, vector, digital signal processing (DSP) and image processing tasks and
calculations.
Provides the ability to interrogate and communicate with external accessories connected
physically to the iPhone via the 30-pin dock connector or wirelessly via Bluetooth.
Security Framework (Security.framework)
The iOS Security framework provides all the security interfaces you would expect to find on a
device that can connect to external networks including certificates, public and private keys, trust
policies, keychains, encryption, digests and Hash-based Message Authentication Code (HMAC).
System (LibSystem)
As we have previously mentioned, iOS is built upon a UNIX-like foundation. The System
component of the Core OS Layer provides much the same functionality as any other UNIX like
operating system. This layer includes the operating system kernel (based on the Mach kernel
developed by Carnegie Mellon University) and device drivers. The kernel is the foundation on
which the entire iOS platform is built and provides the low level interface to the underlying
hardware. Amongst other things, the kernel is responsible for memory allocation, process
lifecycle management, input/output, inter-process communication, thread management, low level
networking, file system access and thread management.
As an app developer your access to the System interfaces is restricted for security and stability
reasons. Those interfaces that are available to you are contained in a C-based library called
LibSystem. As with all other layers of the iOS stack, these interfaces should be used only when
you are absolutely certain there is no way to achieve the same objective using a framework
located in a higher iOS layer.