The Supplemental CD-ROM consists of the eBook and a number of files and folders containing content intended to augment this book. To view the eBook, you need any system that is capable of running the Adobe Reader or Adobe Acrobat ( http://www.adobe.com ).
The basic requirements of processor speed, memory
The CD-ROM drive should be 4X or faster. A faster drive is recommended if you intend to access the files from the CD rather than copy them to a hard disk. Copying the CD contents to a hard disk will require approximately 365 MB of hard disk space.
There are no audio or video files on the CD; therefore, there are no requirements for sound cards.
Congratulations on purchasing this book! You have just taken a major step in bringing the power of the Internet to your company’s arsenal of business tools. This book will show you how to design, implement, and use virtual private networks (VPNs) that are based on Microsoft Windows Server 2003 and Microsoft client operating systems. VPN can be a
complex topic—it is the convergence of several networking protocols and services, some of which you might already know and some of which you will be encountering for the first time. Don’t worry, though, because we’ll help you through that complexity, and in the end you’ll be able to use the power of the Internet to enable your business to reach new heights of communications, collaboration, and productivity. The beauty of VPN is that it is a network layer technology, which means that the applications your company runs do not need to know about it or support it. VPN will
For any technology this powerful and that adds this much functionality and value to your company, most IT administrators are willing to invest heavily in third-party VPN
To cover VPN properly, we need to set the stage by telling you what
In the following chapters, we’ll dive into all the technical details of VPN. You’ll get more technical VPN knowledge than you can imagine, but let’s start with a lay person’s view of virtual private networking and what it can do for you.
Because you are interested in this book—and therefore are interested in VPN and remote access solutions—it’s a safe bet that your company is running a network to access computer resources and services
the walls of your offices. Also, you more than likely have Internet access for your users to access resources and services
on the Internet. The two concepts sound similar, don’t they? Your users are accessing services on your network or out on the Internet, and that means the Internet is a network like the one in your office. More importantly, the Internet is a
There is a problem, though. The network within your walls is a private network that only your authorized users can access and work with, while the Internet is available for everyone’s use. Without proper
Until recently (about 10 years ago), the Internet was virtually untapped as a resource. Now it is arguably the most powerful communications medium on the planet. The world of computing has been completely transformed in recent
Four or five years ago, the computing world was a different place—the Internet was just starting to show its potential as a communications medium and drive innovation to new levels. Back then, the computing world had some constants you could count on if you were running a business:
All client PCs were the same.
Every PC was pretty much like every other PC. Your PC was a box that sat on your desk and had the same
Networks were wired.
If you wanted your computer to talk to another computer, that communication would take place over a modem or hard- wired connection. There simply were no other options.
These facts allowed IT administrators to make some base assumptions on how to run their network and what to do to service their users. Remote access options for users were limited and considered to be a luxury that came at a high cost. The only kind of remote access available consisted of expensive in-house modem banks that required dedicated telephone lines and that incurred thousands of dollars a month in communications charges. Most companies considered the Internet to be a toy—it was not yet fully developed into the business tool it is today. Most companies did not even bother to provide Internet access for their users. The concept of “constant” communication from office to office was virtually unheard of, as e-mail— another emerging technology considered to be a luxury—required only
Because of the overhead required to support remote access for a company, the concept of a “home office” and telecommuting were not a reality. Bandwidth constraints over modems made any kind of remote application work unworkable. The concept of remote access was extremely limited and was
Now we jump forward in time to today’s computing environment. As is always the story with technology, all the assumptions we made about communications and clients in the past are now invalid.
Figure 1.1: The many types of client computers today.
We do not know what a computer looks like anymore.
Figure 1-1 shows an entire suite of computer clients
Multiple connectivity options exist today. Almost every laptop available can be purchased with optional wireless network communications. Ethernet adapters are a commodity that every laptop and desktop computer has built in by default. (Remember when not too long ago this was an expensive add-on option?) Users now have ready options to communicate over wired, wireless, cellular, or even personal satellite communications. IT administrators have to plan and provide for all of these options.
The world of the IT administrator has changed drastically in recent years—the types of client computers and the ways they communicate have increased immensely. Yet administrators still have to provide the same level of service and connectivity for all options and users.
The Internet has revolutionized the way people do business. It hasn’t simply changed the way businesses advertise or the way people find information; it has fundamentally changed the way businesses
A business’s e-mail address is as much a part of its identity as its phone number, and is likely used as much as or more than its telephone. I receive over 100 e-mail messages a day, compared to one or two phone calls in the same period of time. E- mail and the Internet give every business an instant global presence and opportunity, and they expose a company to the dangers of the Internet as well.
VPN provides the way to take advantage of all the power the Internet can give you and keep your company’s resources secure. However, danger is out there—
VPN provides a low-cost, effective, and versatile solution for secure communications over the Internet. Specifically, it does the following:
Allows for a fully functional remote access work force. This alone is a compelling solution for any company with a sales force that is mobile, that needs to have access to company resources, and that needs to keep in touch with its customers. For a company providing on-site services to other companies, this capability allows for instant access to its remote work force.
Allows for transactions to occur without delay and thereby
Allows for a true international presence without the high cost of maintaining international operations. With the Internet, every company can be a global company. Your Internet presence gives you instant access to millions of businesses and potential customers around the world.
Worldwide connectivity allows for the
The capabilities of the Internet and the options for computing clients seem boundless, but there’s probably a few capabilities you haven’t thought of. Certainly you didn’t think Microsoft would just sit still, did you? A whole new world of functionality is coming.
Internet Protocol version 6 (IPv6) will change the way the world will communicate yet again. Internet and network communications are currently based on one main network layer communications protocol, IP version 4 (IPv4). In the computing world, nothing is constant except innovation, and the Internet is no exception. IPv6 is the next communications protocol that will be available on the Internet, making every computer, both server and client, uniquely identifiable on the Internet. The communications possibilities are staggering—as you’ll see in the
What makes a person’s telephone number so unique? The answer is simply that there is no other person in the world with that number. That telephone number is truly unique in the world. That is why when you dial a certain sequence of
Just a few years ago, the concept of video conferencing was pure Star Trek–type stuff. Now everyone can do it with a PC, a small camera, and an Internet connection. The problem, however, is that people are not always able to use video communications because of the limitations of TCP/IP v4, client hardware, and Internet routing. Instant access to people you want to communicate with is much more widely available with new solutions such as TCP/IP v6. Eventually, this technology will make video calls almost as commonplace as voice calls. Consider that in the past year, cellular phones with built-in
Instant messaging is
One constant fact throughout time, regardless of the advances in communications and computing, is that there will always be someone out there who is up to no good. The more communications technologies
VPN will enable your company to survive on the Internet and operate with the complete security it needs. It is not an option, but a mandatory solution for collaborating and competing with other businesses. A company without this communications capability will be the last to the table and will
As technology progresses, we can see that the more powerful the technology, the more powerful is the security required to maintain it. VPN will always have a role to play in enabling secure remote access to all of a company’s
VPN is the answer to secure communications on the Internet, and this book will show you how it works!
Now that we have made the case for using VPN in your company, it’s time to put the technology to work for you. Here is a synopsis of what you’re about to learn in this book:
We’ll cover the basic concepts of VPN for remote access and site-to-site solutions, including all dependent services and
Next, we’ll cover setting up remote access and site-to-site VPN individually, as each technology has its own concepts and considerations. We’ll give you a complete breakdown of each type of VPN service and a complete run- through of the decision points and options available to you for establishing the physical, logical, and software setups. We provide complete step-by-step instructions on how to set up each service, component, and connection. Follow our lead, and you can’t miss.
We will cover options that are available with Connection Manager and Phone Book Services that make the
We will cover advanced features such as client state checking with quarantine and IP firewalling so that you can be sure none of your users are
We will also provide detailed troubleshooting processes and procedures to ensure the complete success of your rollout.
By the time you reach the end of this book, you will be able to use the Internet as the ultimate remote access and office connectivity technology. You’ll be able to do this with full security and control using native Microsoft technologies on Windows Server 2003 and Windows XP.