To place the connectivity needs of the remote office in perspective, Table 23-1 includes both commonly used connection types as well as some of those less often used in the remote office environment.
Table 23-1: Connection Types
Connection Type
Communication Method
Example
Remote access
Dial-up modem
ISDN
X.25
Point-to-Point Protocol over Ethernet (PPPoE)
Microsoft Ethernet PVC
Connection to an organization s network or the Internet by using dial-up access.
VPN
Point-to-Point Tunneling Protocol (PPTP)
Layer Two Tunneling Protocol (L2TP)
Secure connection to a corporate network over an existing connection to the Internet.
Local
Ethernet
Token Ring
FDDI
LAN Emulation
HPNA
802.11x
IP over ATM
IrDA
Connection within a corporate network. (Ethernet is most suitable for Small Office/Home Office LAN.)
WAN
T-Carrier leased lines
Cable modem
DSL
Dial-up
Frame Relay
Persistent connections between geographically dispersed areas.
Direct cable
USB
Serial cabling
Direct parallel cabling
Infrared link
IEEE 1394 (Firewire)
Direct data transfer between two devices (for example, information synchronization between a handheld Microsoft Windows CE based computer and a desktop computer).
Incoming
Dial-up
VPN
Direct connections
Connections from other computers to dial in to this computer.
Remote Access Connection Types
Remote access allows remote clients running Windows to access a network. You can use the following remote access connection types.
Dial-up Modem
Dial-up modem is the most commonly used form of remote access connection. Also called a slow link, an analog dial-up connection makes use of the PSTN rather than a dedicated circuit or some other type of private network.
ISDN
Integrated Services Digital Network (ISDN) technology makes it possible to offer telephone customers digital data and voice services using a single wire by dividing the capacity of the wire into separate channels. A basic rate ISDN line can offer speeds of up to 128 kilobits per second (Kbps) using two 64 Kbps channels. An ISDN line must be installed by the phone company at both the server site and the remote site. In most instances, ISDN is used for intermittent, dial-up connectivity rather than for a persistent or permanent connection.
X.25
X.25 is a standard that defines the connection between a terminal and a packet-switching data network. When X.25 originated in the early 1970s, the noisy, copper-based telephone infrastructure dictated devoting a great deal of overhead to ensure packet reliability. Media reliability improvements since then, including optical fiber lines, has made the costly focus on data-link reliability unnecessary. ISDN and Frame Relay have largely replaced X.25 as preferred remote connectivity solutions. X.25, however, remains the most widely accepted worldwide data communications standard. Consequently, X.25 continues to be used, often in tandem with newer technologies. X.25 is supported in Windows XP Professional.
PPPoE
Point-to-Point Protocol (PPP) is a set of framing and authentication protocols included with Windows remote access to ensure interoperability with third-party remote access software.
PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator. With this model, each host uses its own PPP connection and the user is presented with a familiar user interface. Access control, billing, and type of service can be accomplished on a per-user, rather than a per-site, basis.
To provide a point-to-point connection over Ethernet, each PPP session must learn the Ethernet address of the remote peer, as well as establish a unique session identifier. PPPoE includes a discovery protocol that allows this to take place.
Microsoft Ethernet PVC
Microsoft Ethernet PVC provides support for Ethernet and IP data encapsulation over ATM. This enables the encapsulation and transport of IP or Ethernet packets over ATM between a client connected by means of an ATM permanent virtual connection to a supporting infrastructure. To accomplish this, Microsoft Ethernet PVC acts as a bridging Ethernet adapter for the TCP/IP protocol or a routing adapter for the TCP/IP protocol alone and uses the PVC on the ATM or internal ADSL adapter to transfer encapsulated data.
Windows XP Professional supports the two encapsulation methods defined in RFC 2684: LLC Encapsulation and VC Multiplexing. Both Ethernet and IP protocols are supported using either encapsulation method on both bridged and routed PDUs (protocol data units). For example, protocols supported by Microsoft Ethernet PVC in Windows XP Professional include PPPoE (PPP over Ethernet), L2TP (Layer 2 Tunneling Protocol), Ethernet, or Ethernet encapsulated in IP.
A typical situation in which Microsoft Ethernet PVC might provide remote connectivity for a home or small office involves using an internal ADSL modem. In Windows XP Professional you configure the ADSL modem as Microsoft Ethernet PVC. As shown in Figure 23-1, the ADSL modem connects by means of the Public Switched Telephone Network (PSTN) to a Digital Subscriber Line Access Multiplexer (DSLAM) located at the service provider, most likely the central office of the local telephony carrier. The DSLAM either bridges the encapsulated data directly to a network or connects to an external bridge, router, or ATM switch located at the service provider. A connection can then be made to the targeted network, such as a corporate office or the Internet.
Figure 23-1: Connectivity with Ethernet PVC
For information about configuring Ethernet PVC, see Windows XP Professional Help and Support Center.
VPN Connection Types
A virtual private network (VPN) connection simulates a secure private link over a shared public infrastructure such as the Internet by encapsulating and encrypting all traffic from the remote access client to the VPN server. VPN offers affordable, secure access for home and small offices over any networking technology that transports IP packets. A Windows XP Professional remote access VPN connection makes use of one of two tunneling protocols to encapsulate all traffic.
PPTP
Point-to-Point Tunneling Protocol (PPTP), while developed by Microsoft and others, is an open industry standard that supports the tunneling of PPP frames. PPP frames can include IP and other networking protocols. Although L2TP used in conjunction with the IP security (IPSec) protocol provides greater security, PPTP is considerably easier to set up. PPTP uses Point-to-Point Protocol (PPP) authentication, compression, and encryption and can provide good security when used with Microsoft Challenge-Handshake Authentication Protocol version 2 (MS-CHAPv2) and a strong password. Companies can use PPTP to outsource their remote dial-up needs to an Internet service provider (ISP) or other carrier to reduce cost and complexity.
L2TP
Layer 2 Tunneling Protocol (L2TP) is an industry-standard Internet tunneling protocol with roughly the same functionality as PPTP. In Windows XP Professional, L2TP is designed to run natively over IP networks. Like PPTP, L2TP encapsulates PPP frames, which in turn encapsulate the frames of other protocols, thereby allowing users to run applications remotely that are dependent upon specific network protocols. Figure 23-2 demonstrates how an L2TP tunnel can connect a remote computer to a private network. That tunnel can be configured to run over the Internet or an intermediary private network.
Figure 23-2: L2TP tunneling
The use of L2TP, in tandem with IPSec, provides data authentication, data integrity, and data encryption that greatly improves security when sending data over non-secure networks. For more information about IPSec, see IPSec later in this chapter.
Note
UDP Ports 500 and 1701 need to be open when using L2TP with IPSec for encryption.
For more information about VPNs, see Windows 2000 Server Help or Windows XP Professional Help and Support Center.
Local Connection Types
Local connection types, in this context, refer to the following LAN technologies.
Ethernet
Ethernet, the 10 megabits per second (Mbps) standard for LANs, is the connection type used for most LANs. In this context, the term Ethernet can also include the 100 Mbps standard and the 1 gigabit per second (Gbps) standard. For 10 Mbps and 100 Mbps Ethernet, hosts connected to a shared media contend for network access using a collision detection scheme.
Token Ring
Token Ring is a shared access LAN technology that operates very differently from Ethernet. The term generally refers to the IEEE 802.5 standard, largely based on the token passing technology developed by IBM in the 1970s.
A token ring network consists of nodes wired into a physical ring. Each node (or device) passes a control message (token) to the next node. Whichever node has the token is entitled to send a message. Although Token Ring is fully supported by Windows XP Professional, it tends to be more complex and expensive than Ethernet. For this reason, it is rarely used in a home or small office.
FDDI
Fiber Distributed Data Interface (FDDI) is a 100 Mbps token-passing topology that operates in a similar fashion to Token Ring, but unlike Token Ring, FDDI is designed to be used with fiber-optic cabling. For redundancy, FDDI employs a dual-counter rotating ring. Data is generally transmitted on a primary ring. The secondary ring is used if the primary ring fails. Like Token Ring, FDDI is supported by Windows XP Professional, although it is unlikely to be used to connect nodes within a small office or home office LAN.
LAN Emulation
LAN Emulation (LANE) is a group of software components that allows Asynchronous Transfer Mode (ATM) to work with Ethernet or Token Ring networks and applications. Using LANE, you can run your traditional LAN-aware applications and protocols on an ATM network without modification.
LANE provides an intermediate step between fully using ATM and not using ATM at all. For example, LANE allows your current system and software to run on ATM, and it facilitates communication with nodes attached to legacy networks. You can increase the speed of data transmission for current applications and protocols when ATM is used over high speed media. However, LANE does not take advantage of ATM features such as Quality of Service (QoS).
IP over ATM
IP over ATM is a group of components that do not necessarily reside in one place, providing services not usually available on an ATM switch. (For the purposes of this discussion, it is assumed the IP over ATM server services reside on a Windows 2000 based server.)
IP over ATM provides several advantages over LANE. For example, it can support Quality of Service (QoS) connections, which are required by multimedia and other time-sensitive network applications. IP over ATM also provides lower overhead (because it requires no media access control (MAC) header) and a large IP packet size (9,180 bytes).
The core components required for IP over ATM are roughly the same as those required for LANE, as both approaches require the mapping of a connectionless medium to a connection-oriented medium, and vice versa. In IP over ATM, an IP ATMARP (ATM Address Resolution Protocol) server on each IP subnet maintains a database of IP and ATM addresses and provides configuration and broadcast emulation services.
Although Windows XP Professional supports both LANE and IP over ATM, it is unlikely that a small branch office or home office LAN would employ either technology.
Home Phoneline Network Adapter (HPNA)
Windows XP Professional supports HomePNA, a networking technology that uses existing telephone wiring in your home to connect devices without interrupting standard telephone service.
802.11x for wireless LANs
Windows XP Professional improves and builds upon the wireless support provided in Windows 2000. Windows XP Professional includes support for automatic switching between different access points (APs) when roaming, auto detection of wireless networks, and automatic wireless configuration allowing for zero client configuration. Additional security is also provided by the inclusion of an 802.1x client implementation in Windows XP Professional and the inclusion of wireless device authentication support in the Windows Remote Authentication Dial-In User Service (RADIUS) server, Internet Authentication Service (IAS).
For more information about wireless LANs, see Supporting Mobile Users in this book.
IrDA
The Infrared Data Association (IrDA) has defined a group of short-range, high speed, bidirectional wireless infrared protocols, generically referred to as IrDA. IrDA allows a variety of wireless devices to communicate with each other. Cameras, printers, portable computers, desktop computers, and personal digital assistants (PDAs) can communicate with compatible devices using this technology.
Current IrDA standards are:
Serial Infrared (SIR) physical layer specification, which provides for serial infrared connections running at speeds up to 115.2 Kbps. High-speed physical layer specifications have been approved by IrDA that support data speeds of 1.152 Mbps and 4 Mbps.
IR Link Access Protocol, which provides a reliable point-to-point link, which effectively replaces a three-wire serial cable connection.
IR Link Management Protocol, which provides for multiple sessions over a single point-to-point connection.
IrDA also specifies an Information Access Service that a device can use to determine the services offered by another device.
Infrared link, along with both serial cabling and direct parallel cabling, can be used to synchronize information between a handheld Windows CE based computer and a desktop computer.
Direct Cable Connections
Direct Cable Connection (DCC) represents several technologies, which can each allow two devices to communicate with one another. They include the Universal Serial Bus (USB), serial (or null modem) cable, and the high-speed port-to-port transmission standard, IEEE 1394, also known as Firewire.
Infrared connections are sometimes also included in this category, but they are listed separately here because they also share some of the characteristics of more conventional network topologies.
When you install and configure DCC networking functionality on your Windows XP Professional based computer, serial ports with external devices attached are listed as available for DCC connection. If you select a serial port that has an attached device, you disable the port and cannot use it for DCC networking, even though the device functions normally. If a modem is installed on the serial port, that port is removed from the list of available DCC ports. Examples of external devices include:
Infrared devices
Smart-card readers
USB
The Universal Serial Bus (USB) provides device-to-device connectivity without the need to restart your computer. It is a serial bus with a bandwidth of 1.5 Mbps designed to connect peripherals to a personal computer. USB can connect up to 127 peripherals, such as external CD ROM drives, printers, modems, mice, and keyboards, to the system through a single, general-purpose port. This is accomplished by chaining peripherals together. USB supports hot plugging and multiple data streams. A USB port is usually located on the back of your computer near the serial port or parallel port.
Serial Cabling
A serial (or null-modem) cable, as the name implies, emulates modem communication. It eliminates the modem s need for asynchronous communications between two computers over short distances. When the host computer is at the same location as the target computer, or when you need to put a local host computer with remote access server capabilities between the target and a remote host, a serial cable is used to connect the serial ports of the target system to that of the local host.
Direct Parallel Cabling
A parallel cable can also be used to enable file transfers between two computers. Parallel cable connections are faster than serial cable connections because parallel cables transfer data one byte at a time. Windows XP Professional supports the following parallel cables for use with Direct Cable Connection:
Standard or basic 4-bit cables
Enhanced Capabilities Port (ECP) cables
Universal Cable Module cables
IEEE 1394 (Firewire)
IEEE 1394 (or Firewire) is a standard for ports developed by the Institute of Electrical and Electronics Engineers (IEEE) that lets you connect high-speed digital devices, such as digital video cameras and audio/video editing equipment. Firewire provides transmission speeds of 98 Mbps to 393 Mbps. In contrast, USB provides transmission speeds of 1.5 Mbps to 12 Mbps.
Wide Area Network Connection Types
Wide area network (WAN) refers to a communications network that uses links provided by telecommunications service providers and connects geographically separated areas. In most instances, WAN refers to persistent connections as opposed to short term ones (such as Analog Dial-up and ISDN). WAN connection types include:
T-Carrier line
Cable modem
DSL
Frame Relay
T-Carrier Line
The leased line has traditionally been a fast, permanent alternative to dial-up remote access. In most instances, this has been in the form of a T-Carrier line, such as a T1 or fractional T1 line that transmits digital data at a maximum of 1.544 Mbps by using the telephone-switching network. E1, transmitting digital data at a maximum of 2.048 Mbps is the European counterpart of T1. Today, this legacy technology is being challenged by several other solutions that appear to be more cost effective and easier to install. T-Carrier leased lines are, nonetheless, still a corporate standard in widespread use and are supported by Windows XP Professional with the appropriate T-Carrier adapter and driver.
Cable Modem
Cable modems, with a maximum throughput of 2.8 Mbps, provide two-way, high-speed connectivity to the Internet and, by means of a VPN connection, to private networks as well. Cable modem technology employs the same coaxial lines that transmit cable television, accomplishing data transmission at speeds that makes it ideal for transferring large amounts of digital information rapidly, including complex files such as video clips, audio files, and large amounts of data.
Note
Because cable modem is based upon a shared network contention topology, bandwidth is not always available on demand, and download speeds can differ.
Cable connectivity operates at higher speeds than leased lines and is more affordable and easier to install. When the cable infrastructure is in place in an area, a firm can easily connect by using the installation of a cable modem or router. Cable modems do not use the telephone system infrastructure and, consequently, there are no local-loop charges.
Perhaps the biggest obstacle preventing widespread cable adoption by businesses is availability. Eighty-five percent of all households in the United States are outfitted for cable reception and a growing number of those now support cable transmission. In contrast, few office buildings support either.
DSL
Digital subscriber line (DSL) technology provides dedicated, high-speed Internet access by using copper telephone lines. DSL partitions the telephone line and dedicates the partition so it is always available for data transmission. Thus, DSL provides high-speed Internet access without interfering with regular phone service.
A DSL circuit is much faster than an analog modem (up to 64 Kbps) or ISDN (BRI; up to 128 Kbps) connection, even though the wires coming into the subscriber s premises are the same (copper) as used for regular phone service. One form of digital subscriber line, Asymmetric Digital Subscriber Line (ADSL), for example, provides a one-way data channel to the subscriber at up to 6.4 Mbps and an upstream flow of 640 Kbps.
Like a leased line such as a T1, DSL is a dedicated connection providing continuous Internet and e-mail access, but, unlike a leased line, DSL does not require the installation of a special cable, nor does it require the costly local-loop charges of a T1. Use of a private phone line makes DSL more secure than cable, whose lines are shared by many users. In addition, unlike cable, DSL allows companies to increase their bandwidth on request.
Frame Relay
Frame Relay is a virtual circuit based packet switching technology that permits WAN implementations of up to DS3 speeds (44.7 Mbps). It uses virtual circuits (VCs) that are either statically configured by a service provider or created dynamically when needed. Most implementations of Frame Relay use permanent virtual circuits (PVCs). Although technically not a leased line, from the point of view of the end user, a permanent virtual connection performs just like a leased line. It is always available for data transmission and there is no connection maintenance. The circuit is permanently mapped by using the service provider s network and does not change unless there is a failure in the service provider s switching network. A switched virtual circuit (SVC), less common in the world of Frame Relay, behaves more like a dial-up modem or ISDN connection although it is faster. It processes call setup, call maintenance, and call breakdown any time it is used.
Incoming Connection Types
By creating an incoming connection, a computer running Windows XP Professional can act as a remote access server. You can configure an incoming connection to accept the following connection types: dial-up (modem, ISDN, X.25), VPN (PPTP, L2TP), or direct cable connection as shown in Table 23-1. On a Windows XP Professional based computer, an incoming connection can accept up to three incoming calls, up to one of each of these types. This can be an effective, low-cost option in a telecommuter s home office or a remote office to which the corporate network occasionally needs to send data.
For more information about setting up and configuring incoming connections, see Managing Incoming Connections later in this chapter.
Connection-defined Connections
All of the connections that appear in the Network Connections folder contain a set of features that you can use to create a link between your computer and another computer or network. These features establish end-to-end connectivity, define authentication negotiation, and set data encryption rules for those connections configured for remote access. For example, you might configure a dial-up connection with the following settings:
A standard modem, capable of 56 Kbps, for dialing.
A phone number to dial.
Any encrypted authentication protocol. Your computer will negotiate with the remote access server to decide whether to use Challenge Handshake Authentication Protocol (CHAP), Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), or Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2).
Data encryption required (when dialing the corporate network, for example).
TCP/IP protocol enabled, with the address obtained automatically.
When you double-click this connection, it dials the number by using the specified modem. The connection only allows the session to continue if the remote access server uses one of the specified encrypted authentication protocols, and if the remote access server encrypts data. When connected, the remote access server assigns the connection a unique IP address. This ensures a unique and non-conflicting address for the connection so you can access remote network resources, such as file shares. Properties of a dial-up connection provide all of the parameters required to dial the connection, negotiate password and data handling rules, and provide remote network connectivity.
Unlike a remote connection, you can modify a local area connection at any time, but you cannot manually create a new one. A local area connection is created for each network adapter detected by the Plug and Play service.
Setup automatically creates a local area connection for each network adapter. This connection is preconfigured with the services needed for file and print sharing and the TCP/IP protocol. All other types of connections can be created by using Create a new connection in the Network Connections folder.
