|
|
A surface view of the Windows Server 2003 structure reveals an eloquently simple arrangement of functions that separates system-related events from user-related events. As you move deeper into the components of Windows Server 2003, you will see that Microsoft has designed a very compartmentalized operating system. In this section we will review:
The structural layers of the kernel mode, the Hardware Abstraction Layer (HAL), and the user mode
The role of the Windows Server 2003 executive mode and its managers
The role of the Windows Server 2003 user mode and its subsystems
Windows Server 2003 functions in two primary modes: the privileged kernel, or executive, mode and the open nonprivileged user mode (Figure 2.1). Low-level operating system services, system data, and interfaces to hardware are controlled by the kernel mode.
The user mode handles everything else that is subject to user interface or intervention, including the default Win32 subsystem, optional subsystems, and applications. The user mode interacts with system data and hardware through a tightly integrated API.
The Windows Server 2003 Executive (Figure 2.2) is also known as the kernel mode and the privileged executive mode. Windows Server 2003 breaks its operations into five segments that run in the kernel or privileged mode:
Hardware abstraction layer (HAL)
Microkernel
Device drivers
Executive managers
Executive services buffer
Collectively, these elements handle the system responsibilities that are hidden from the user. In Windows Server 2003, the Executive controls essential operating system functions. Other functions are pushed into the nonprivileged area or into protected subsystems, as discussed in the next section. The elements of the Executive are discretely independent and exchange data through defined interfaces. In theory, any component can be deleted and replaced with a technologically updated version. Assuming adherence to the interface APIs, the operating system should function without difficulty after swapping Executive components.
Each element of the Executive provides two discrete functions. The system services are available in both user-mode and kernel-mode mode operations. By contrast, the internal routines are used only to communicate with other managers or components within the Executive itself.
At the base of the Windows Server 2003 Executive is the Hardware Abstraction Layer. Microsoft originally placed hardware-related interfaces in a discrete segment of code as a means of ensuring greater portability across platforms. Early Windows NT was to be a cross-platform operating system in which HAL provided a layer of code that accounted for system differences. This design criterion has been eliminated. In Windows Server 2003, HAL deals with Intel-compatible CPU and related device-dependent issues.
Concentrating on a single architecture makes the writing of device drivers considerably more straightforward. With a published API, application developers can write instructions for a device that is optimized for Windows Server 2003. Whenever possible, system administrators should use such enhanced device drivers.
In multiprocessor systems, HAL serves an additional function of automatically synchronizing hardware-related threads with the next available CPU. Priorities range from real-time processes (with the highest priority) to variable, or dynamic, processes (lower priority), as discussed in a subsequent section.
In operating systems such as Windows Server 2003 and UNIX, the base-level functions in operating system operations are managed by a kernel. In Windows Server 2003 this component takes the form of a nonconfigurable and nonpageable microkernel. By nonconfigurable, we mean that the microkernel is never modified and never recompiled; by nonpageable we mean that the 4-KB memory pages associated with the microkernel are fixed and not referred to the pagefile.sys file, where dynamic paging activities are retained.
The microkernel dispatches and controls threads. (Where multiprocessors are involved, it also synchronizes that workload.) Dispatcher objects implement and synchronize events, semaphores, timers, threads, and mutants (defined by mutually exclusive resource access). Control objects regulate virtual address processes, system interrupts, thread profiles, and asynchronous procedure calls.
A device driver is a set of instructions that coordinates the operating system with hardware such as printers, storage units, modems, network equipment, fax machines, scanners, and digital cameras. The Windows Device Model (WDM) theoretically allows a common set of device drivers. In theory, the WDM should greatly reduce the system administration's burden of maintaining multiple device driver versions. With the release of Windows Server 2003 and Windows XP, this objective has been largely achieved for the first time.
In the case of streaming media software, the WDM has shifted the processing from the user mode to WDM Kernel Streaming. The objective was to improve overall speed and performance. An application must be specifically written for WDM to take advantage of this architecture. The same principle applies to the new WDM Still Image Architecture for specific support of digital cameras and scanners.
The space available for device drivers and system space has significantly increased. In Windows 2000, device drivers were limited to 220 MB; Windows Server 2003 supports up to 960 MB. Windows 2000 had a total system virtual address space of 660 MB, compared to the 128 GB of Windows Server 2003.
The fourth segment of the Executive is a collection of tightly coupled applications. Known collectively as the Executive managers, they allow the subsystems and user applications to access system resources. Perhaps the biggest change since Windows 2000 is the inclusion of a Cache Manager, which replaces memory storage in paged pools, and the Configuration Manager, which now implements the Registry. The Executive managers are the following:
The Object Manager. This manager is responsible for the creation, deletion, and interim management of object resources: files, directories, threads, processes, ports, semaphores, events, symbolic links, and shared memory.
The Virtual Memory Manager (VMM). The VMM regulates the allocation of 32-bit or 64-bit linear memory. Windows 2003 supports virtual addressable memory—by default, half is allocated to system tasks and half to application workload. (Windows 2003 Enterprise and DataCenter Editions in certain configurations permit the shifting of memory allocation to allow additional dedicated memory for application support. Applications must be coded to use the Very Large Memory (VLM) APIs.) As required, the VMM pages information to disk or physical memory. It also regulates demand paging, which uses the physical hard drive to effectively expand total memory availability.
The Process Manager. Windows Server support for program processes is controlled by threading. A thread is a logical sequence of instructions that is executed to completion or until a higher-priority thread temporarily preempts it. The Process Manager specifically monitors thread and related process objects. Later discussion will clarify the roles of threads and processes.
The Interprocess Communication Manager. This Executive manager regulates both local procedure calls (LPCs) and remote procedure calls (RPCs). The Local Procedure Call Facility manages client and server communications within the computer. As a local procedure that impacts system resources is launched from the user mode, the server elements in the kernel mode are called. The Remote Procedure Call Facility manages client/server communication across different computers.
Security Reference Monitor (SRM). To create or gain access to an object, a request must first flow through the Security Reference Monitor (Figure 2.3). Unlike some of the other Executive managers, the SRM operates in both kernel and user modes. As discussed later, each Windows Server object has a descriptor known as the access control list (ACL). Each user and group with object rights is provided an individual access control entry (ACE) that contains its security ID (SID). Upon logging on, each user is assigned an access token that operates as a passkey to objects that match his or her entry levels. For greater detail, refer to Chapter 9, "Permissions Security, Folder Sharing, and Dfs."
I/O Manager. All input and output functions are controlled by the I/O Manager. These activities are broken into several components that regulate the input and output of the system cache, file system, network drivers, and specified devices (Figure 2.4).
Windows Manager and Graphics Device Drivers. The Windows Manager and Graphics Device Drivers (GDDs) were moved from the user mode, where they resided in Windows NT 3.5 and earlier versions, to the kernel mode in Windows Server 2003. Applications can address the Win32K.sys interface; the GDD talks directly to HAL.
Plug and Play Manager. The new Plug and Play Manager reduces the mundane system administration burden of identifying and configuring devices on the network. It activates devices and adds devices via automatic discovery or with the assistance of the Hardware Wizard.
Cache Manager. This manager monitors pages faults that are required for disk reads and data already in memory. The operating system faults data and code into memory from disk in 4-KB page chunks and then releases before demand. The Cache Manager helps to prefetch pages. It also monitors the initial stages of an application startup (up to 10 seconds). The Cache Manager works in conjunction with the Task Scheduler to signal a named event, and it calls the Memory Manager to read data or code.
Configuration Manager. This manager has been recoded to regulate between registry settings with the executive kernel-mode subsystem. It is designed to significantly increase the size of Registry hive (formerly 376 MB) and therefore have no hard-coded limitations. This increases performance and adds greater support for Terminal Server systems. The Configuration Manager also plays a security role, maintaining its own cache of security descriptors that may be used by multiple keys.
Power Manager. This manager regulates the power to computers and devices. In systems with power management client interfaces, Windows Server 2003 can automatically and remotely order a system to boot, shut down, or go into temporary hibernation.
The Executive Services buffer consists of a relatively small layer of code that sits on top of the other Executive components. It separates the kernel and user modes and acts as the medium for passing API and system calls.
The user mode comprises components that work together to facilitate user and application integrity. It has two parts:
Protected environmental subsystems. Windows Server 2003 supports user-mode subsystems that maintain specific requirements for native Windows (16/32-bit and legacy MS-DOS), POSIX, and OS/2 applications as well as user-related system calls. An examination of protected subsystems follows.
Dynamic integral user intervention. This part oversees the unprotected actions of individual users. We discuss the impact of this dynamic intervention when we deal with the processes later in this chapter.
The subsystem structure can be viewed as a buffer between user applications and the kernel-mode services structure. The term protected refers to these subsystems because they are not directly changed or modified by the administrator or the user but merely pass and manage API calls. They are configurable only through APIs and built-in utilities.
Windows Server 2003 supports two protected subsystems:
The integral subsystem performs underlying operating system tasks—for example, security management.
The environmental subsystem establishes the foundation for applications and user interfaces.
The integral subsystems overlay and interact with the environmental subsystems. For example, the API that provides access to the network is either the Workstation Services or the Server Services subsystem, depending on the version of Windows Server installed. As another example, the integral Security subsystem acknowledges logon requests, authenticates logons, monitors the use of resources by a user, and manages user rights and permissions.
The user mode supports three environmental subsystems, as shown in Figure 2.5. The intent behind this was to provide support for applications originally written for other operating systems or to make porting of applications easier. Depending on the environmental subsystem, this "support" ranges from executing shrink-wrapped applications to merely providing programming APIs. With Windows Server 2003, this multiple environment subsystem support has been reduced.
Environmental subsystems may be thought of as operating system "multiple personalities." The Win32 subsystem provides native support for applications written to support Microsoft's 16- and 32-bit APIs. The other subsystems are a set of APIs that emulate other operating system calls.
Win32 subsystem. Win32 is the mother of all subsystems. It supports standard Windows Server input and display output. Specifically, it controls the graphical user interface. All Win32 applications are run directly inside this subsystem. Win32 also takes on a type of arm's-length relationship with the other sub systems by switching personalities when necessary.
MS-DOS and 16-bit applications use both the Virtual DOS Machine (VDM) and the Win32 system. The VDM is created automatically when these programs are launched. The application process technically runs as a VDM process, but its display handling is offloaded to Win32. Because API "stubs" support the old graphical drivers and dynamic-link libraries (DLLs), Win16 applications generally operate without affecting other operating system activities. It should be remembered that Windows Server 2003 is a preemptively multitasking operating system that supports numerous single processes simultaneously. In the case of Win16 applications, WOW, or Windows on Windows, defines the interplay between VDM and Win32.
OS/2 subsystem. The OS/2 subsystem was available in Windows NT and Windows 2000 but is not supported on Windows Server 2003.
POSIX subsystem. The Portable Operating System Interface computing environment subsystem was available in Windows NT and Windows 2000 but is not supported on Windows Server 2003.
For those interested in POSIX and UNIX interoperability, Microsoft has made available its Services for UNIX 3.0. This offers an assortment of third-party UNIX applications and utilities, including Korn and C shell support and NFS. By adding these features, it is possible to use many scripts written in a UNIX environment and move them directly across to Windows Server 2003. This is to be offered as part of an optional service package known as Microsoft Services for UNIX. The Interix code actually replaces Microsoft's POSIX subsystem and overlays a complete UNIX 95 environment within Windows. In this configuration, true operating system interoperability is achieved. It is also possible to migrate existing UNIX applications to Windows Server 2003 with comparative ease. Among the common UNIX features that Interix provides are the following:
More than 300 UNIX commands and utilities
Shell support for the Korn shell, Bourne shell, and C shell
Scripting languages—awk, Perl, sed, Tcl/Tk—with full shell job control
POSIX.1, POSIX.2, and ANSI C interfaces
BSD sockets implemented with Winsock
SVID IPC (message queues, semaphores)
Shared memory, memory-mapped files
ODBC and OpenGL application library support
X11R5 Windowing System clients and libraries
The X11R6.3 Windowing System display server
X11R6 fonts and font management
The OSF/Motif® 1.2.4 Window Manager and libraries
Execution of Win32 applications from Microsoft Services for UNIX
Full tty semantics mapped to console windows and pseudoterminal support
Full integration with the Windows NT security model, administration, file systems, networking, and printers
Telnetd and rlogind services (multiuser logon support)
Berkeley r-utilities (servers and clients)
MKS and its DataFocus division's NutCRACKER development product also provide POSIX utilities and application porting directly to the Win32 API.
 |
|
|
| Top |