Integrating and migrating Novell networks and Windows networks might seem to be a challenging task; however, the Services for NetWare is a great resource for Windows to NetWare inter-connectivity. An organization can choose to simply migrate files, including file permissions, from a Novell server to a Windows server all the way through, completely replacing the Novell server with a Windows server system.
For an organization that wants to create a single sign-on type environment, the Microsoft Directory Synchronization Service, or MSDSS, does the synchronization between Novell and Windows networks. MSDSS also includes the File Migration Wizard that migrates files, file properties, and file permissions from a Novell server to a Windows server.
The combination of all the tools included in Services for NetWare
Part V: Remote and Mobile User Solutions
Chapter 18. VPN and Dial-up Solutions
In this Chapter
As more and more companies become more and more dependent on computers for all business processes, users have an increased need to access corporate resources from locations other than the office. Traveling users, telecommuters, and business
This remote access to resources traditionally takes one of two forms ”Virtual Private Networks (VPN) or direct dial-up access. VPNs often use the Internet for their connectivity and encrypt the flow of data to ensure that data is not intercepted and stolen or modified. Dial-up access refers to the classic modem access via the telephone network to corporate-owned modem pools.
Both methods are commonly used in the industry. Both
Choosing the Right VPN Solution
You have several choices when it comes to implementing VPNs. There are software-based VPNs such as those
Windows 2003 Routing and Remote Access Services
Windows Server 2003 offers several VPN choices through its Routing and Remote Access Services. These options include Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Point to Point Protocol over Ethernet (PPPoE). Like most Microsoft offerings, these VPN options are all tightly integrated with other Microsoft products. Microsoft has conveniently placed support for all of these VPN types into the client operating systems. This makes it very easy and economical for you to use Windows Server 2003 RRAS for VPN.
One of the drawbacks to using Windows Server 2003 RRAS for VPN is that although the Choose Your Role Wizard allows Windows Server 2003 to tailor itself for VPN use it is still an operating system that was built to fit many needs. Exposure to security vulnerabilities will be higher than with a device that is designed to do VPNs exclusively. It will be very important to administrators to ensure that a Windows Server 2003 RRAS system has been secured as much as possible. This chapter will cover such settings and recommendations.
Something of a hybrid solution is offered by companies such as Celestix. These hybrids are dedicated VPN systems that are based on a subset of Windows Server 2003. This gives them the advantages of the tight integration with Microsoft products without the exposure to security vulnerabilities that would be present in a full implementation of the operating system. Such devices leverage Active Directory for the storage of security account information and thus integrate well into Microsoft-oriented networks.
Examining Firewall-based VPNs
Most of the major firewalls on the market today offer VPN functionality. Many of these firewall manufacturers have gone out of their way to create proprietary VPN systems to differentiate
These proprietary VPN systems often tout improved security in the areas of authentication and data encryption. Higher bandwidth saturation as well as larger
Pay careful attention to performance numbers and don't be swayed by impressive numbers. If VPN box #1 can saturate 10MB and VPN box #2 can saturate 100MB, box #2 seems a lot more impressive. If the company only has a T-1 to the Internet, both boxes are more than sufficient and there would be no reason to
Examining Hardware-based VPNs
The last class of VPN device is the dedicated hardware VPN. Manufacturers like Cisco or Ravlin offer devices that are designed to do nothing other than act as a consolidation point for VPNs. As the saying goes, let routers route, let firewalls firewall, and let the VPN system handle the VPN. Although in many cases it is advantageous to consolidate multiple functions into a single device, security usually takes the exact
In the past, most dedicated VPN devices ran proprietary VPN protocols. Today most of these devices have moved toward standards-based VPNs with protocols like PPTP, IPSec, and IKE. This gives you greater flexibility in integrating multiple VPN devices. This is
Deciding When to Make the Move from Software to Hardware
Small networks that don't have specific security requirements and that want to take advantage of VPN technologies are prime candidates for software-based VPNs. Windows Server 2003 ”with PPTP or L2TP w/IPSec on the back-end and the client running native VPN stacks from a Windows operating system ”allows easy access to corporate resources.
Eventually companies outgrow this simple architecture. Because alternative operating systems need access to the resources, it is often helpful to abstract the VPN portion of the traffic. Site-to-site VPN technologies can be leveraged to allow normally unsupported operating systems to access a VPN as long as they are able to communicate via TCP/IP. An Apple computer or a Linux system can both ride a TCP/IP VPN tunnel into a network regardless of its ability to support PPTP if it is communicating through a PPTP capable site-to-site VPN device.
Site-to-site VPN devices are