Planning the Remote Access Strategy

EXAM 70-293 OBJECTIVE 3

Even if your network is small, chances are you have a need for remote access, whether for traveling employees, telecommuters, or remote branches. You can choose from several methods of remote access, including dial-in access, VPN access through the Internet, and wireless networking. Which methods you support and how you configure them will depend on the needs of your organization and its individual users.

Analyzing Organizational Needs

Different organizations have different needs in a remote access strategy. The following are some of the organizational needs you might need to address:

• Security of dial-in and VPN connections

• Availability of modems and connections

• Determination of which resources or subnets need to be reachable remotely

• Determination of whether existing network servers can be adapted to provide remote access

Analyzing User Needs

You also need to consider the needs of individual users when planning a strategy for remote access. The following are some needs you might have to address:

• The bandwidth requirements of users, and what their modems or connections can support

• How frequently users need to connect to the network and how critical network availability is

• The types of operating systems and computers used by clients

• Whether clients have existing Internet connections that could be used for VPN access

Selecting Remote Access Types To Allow

When you plan which types of remote access to allow, you should consider how they meet your organization’s needs and the needs of the users, the expense and administrative effort involved in implementing each one, and their relative levels of security. In the next sections, we’ll look in more detail at those aspects of each of the remote access types mentioned earlier: dial-in, VPN, and wireless.

Dial-In

The traditional method of remote access uses a pool of modems and a server running the Routing and Remote Access (RRAS) service. Although there are alternatives, such as VPN access, modems still have some advantages:

• Dedicated modem lines don’t require encryption and communications are more difficult to intercept. This is because the connection is direct and does not go over a public data network. In addition, you can use security features available only in the phone system, such as caller ID verification and callback security.

• Although modem access is slow, its speed is consistent and unaffected by Internet usage and other issues. Thus, it might be more reliable when high bandwidth is not needed. You can also use the multilink feature to combine multiple modem links into a faster connection. (You can also use ISDN “modems” for faster dial-in access. ISDN lines are highly reliable and provide for speeds of 128 Kbps, almost three times faster than the typical analog modem connection.)

• You might be able to use existing phone lines and modems rather than purchasing or configuring new equipment for VPN access.

• Adding phone lines for clients is an expense, but additional clients do not increase the bandwidth load on an Internet connection.

Dial-in access typically uses PPP (point-to-point protocol) for communication. This is an Internet-standard protocol for dial-in connections. PPP supports a negotiation process that authenticates and authorizes the user and can also assign an IP address, DNS server addresses, and other critical configuration elements for remote access.

VPN

A VPN (virtual private network) uses encryption to create a virtual connection, or tunnel, between a remote node and your network, using a public network such as the Internet. VPN access has a number of advantages over dial-in remote access:

• More bandwidth is available, assuming the client can obtain a broadband Internet connection or has a high-speed dedicated leased line.

• The network can accept unlimited connections from clients through a single Internet connection, without the need to add equipment for additional clients.

• Clients and corporate networks often have existing Internet connections that can be adapted for VPN use with a minimum of effort and expense.

While VPN access is theoretically less secure than a dial-up connection, because data is transmitted over a public network, Windows Server 2003 supports strong levels of encryption to minimize this risk. You can also mandate a level of encryption so that clients that do not support your minimum encryption level cannot connect to the network.

Wireless Remote Access

Wireless network access is rapidly becoming more popular as a facet of remote access strategies. Wireless networks using the 802.11 standard enable a number of wireless users to connect to your network by connecting to a wireless access point, or WAP. While wireless networks typically span a room or building, they can also be scaled upward to cover several buildings, and systems of multiple WAPs have been configured to cover an area as large as a neighborhood or town.

The 802.11 standards do allow for security, but many wireless networks are not configured for maximum security, and allowing wireless access is always a security risk. You should plan for wireless access when your users will be within range of a WAP but without access to a wired connection, and when security is not the highest priority.