Networking Services  «Prev  Next»
Lesson 4Designing Internet and remote access connectivity
ObjectiveDefine network services that help manage access to the Internet and support remote users.

Designing Internet and Remote Access Connectivity

For users on private networks, you will need to design a way to connect them to your network. Connectivity is key to network extensibility. In the past, most corporate networks lived within the confines of their own network infrastructure. However, the days of the isolated network are over. Companies require real-time processing of information and intelligence, and this requires high-speed connections between networks. To meet these interconnectivity demands, Windows 2000 provides integrated LAN and WAN connectivity services.

Remote Access

Remote access solutions enable employees to connect to a corporate network from any telephone line in the world. A remote access solution can be implemented by having employees call via a modem band at the home office by dialing an 800 number. A better solution is to take advantage of the Windows 2000 RRAS[1] services Virtual Private Networking (VPN) capabilities. With VPNs[2], remote employees can dial-in to a local Internet Service Provider (ISP) and connect to the corporate network over the Internet. This obviates the cost of direct dial-in solutions via modems.
Windows 2000's Internet and Remote Access Service outstrip those available with Windows NT 4.0. VPNs are highly secure, as they take advantage of NAT[3] and L2TP and IPSec technologies. RRAS Clients can also have access controlled via RAS policies, giving the administrator granular control over RAS access to the corporate network. In your network designs, you will include the routing services to connect private networking segments within a geographic location or between locations over public networks, such as the Internet. This will enable remote users to connect to the private network by using authenticated and encrypted connections. The remote-access below describes those routing and remote access features.

Network services that help manage access to the Internet and support remote users using the Dynamic Host Configuration Protocol (DHCP) are essential components in modern networking environments. They are typically software-based tools or components that facilitate seamless access and utilization of network resources, particularly in distributed and remote access scenarios. Two of the key network services involved in this scenario are DHCP and Virtual Private Networks (VPNs).

Dynamic Host Configuration Protocol (DHCP):

DHCP is a network protocol that enables automatic assignment of IP addresses to devices on a network. It centralizes and simplifies network configuration, allowing network devices to request and receive an IP address from a DHCP server. This dynamic assignment of IP addresses streamlines network operations, reducing the need for manual IP address configuration and mitigating IP address conflicts. In a remote access environment, DHCP can aid in managing IP address assignment for remote devices, ensuring they can communicate with other network resources seamlessly.

Virtual Private Network (VPN):

A VPN is a network service that allows users to securely access a private network over public networks like the Internet. It uses encryption and other security measures to ensure that only authorized users can access the network and that the data transmitted across the network is secure. VPNs are instrumental in supporting remote users by creating secure connections to the network, regardless of the users' physical location. It provides the remote user with an IP address that belongs to the local network, allowing them to interact with the network as though they were physically present.
To illustrate these services in a typical scenario, consider a remote employee trying to access their company's network. When the user connects to the VPN, it establishes a secure tunnel between the user's device and the company network. The VPN server, equipped with DHCP, then assigns an IP address to the user's device, enabling it to access network resources securely and efficiently.
Network services like DHCP and VPN play pivotal roles in managing access to the Internet and supporting remote users. By ensuring seamless, secure access and communication between devices and network resources, these services underpin the infrastructure necessary for distributed and remote work in today's digital environment.

1) IP routing occurs through the Routing and Remote access service
1) IP routing occurs through the Routing and Remote access service

2) You can secure these communications over public networks with various encryption algorithms
2) You can secure these communications over public networks with various encryption algorithms

3) When your design requires remote user access to the private network, use the remote access features of the Routing and Remote Access Service
3) When your design requires remote user access to the private network, use the remote access features of the Routing and Remote Access Service

4) When designing for remote access, you can secure the user credentials and confidentail data
4) When designing for remote access, you can secure the user credentials and confidentail data

5) To support a variety of remote access servers or to outsource remote access connectivity to an ISP
5) To support a variety of remote access servers or to outsource remote access connectivity to an ISP

6) You should include RRAS and IAS - Internet Authentication Service in your design
6) You should include RRAS and IAS - Internet Authentication Service in your design

7) For Internet-specific connectivity, you will need to consider Network Address Translation or NAT
7) For Internet-specific connectivity, you will need to consider Network Address Translation or NAT

8) NAT provides Internet connectivity in solutions where simplistic implementation and management are necessary
8) NAT provides Internet connectivity in solutions where simplistic implementation and management are necessary

9) NATs method of securing the private network are adequate to protect resources not available to Internet users
9) NATs method of securing the private network are adequate to protect resources not available to Internet users

10) Microsoft Proxy Server 2.0 allows organizations to control the information exchange between their private networks and the Internet
10) Microsoft Proxy Server 2.0 allows organizations to control the information exchange between their private networks and the Internet

11) Include Proxy Server to your design to improve the performance of internet access through existing connections
11) Include Proxy Server to your design to improve the performance of internet access through existing connections

Remote Access Services
Note that these services are not directed to an organization of any particular size. Your organization may or may not use a service such as NAT. In the next lesson, you will learn to define tasks involved in creating an integrated networking services design.

[1] VPNs: Virtual Private Networks. Virtual network connections established over public networks that allow for authentication and encryption of data. VPNs use tunneling technology and private network communications take place inside the encrypted tunnel over the public network.
[2] NAT: NAT enables private IP addresses to be translated into public IP addresses for traffic to and from the Internet.
[3] RRAS: The Routing and Remote Access Service. A collection of network services relating to routing and remote access that are brought together into a single Microsoft Management Console.