|
|
A remote access protocol manages the connection between a remote computer and a remote access server. These are the primary remote access protocols that are in use today:
Serial Line Internet Protocol (SLIP)
Point-to-Point Protocol (PPP)
Point-to-Point Tunneling Protocol (PPTP)
Remote Access Services (RAS)
Independent Computing Architecture (ICA)
In 1984, students at the University of California at Berkeley developed SLIP for Unix as a way to transmit TCP/IP over serial connections (such as modem connections over POTS). SLIP operates at both the Physical and Data Link layers of the OSI model. Today, SLIP is found in many network operating systems in addition to Unix. It is being used less frequently with each passing year, though, because it lacks features when compared with other protocols. Although a low overhead is associated with using SLIP and you can use it to transport TCP/IP over serial connections, it does no error checking or packet addressing and can be used only on serial connections. SLIP is used today primarily to connect a workstation to the Internet or to another network running TCP/IP.
Note | SLIP does not support encrypted passwords and therefore transmits passwords in clear text, which is not secure at all. |
Setting up SLIP for a remote connection requires a SLIP account on the host machine and usually a batch file or a script on the workstation. When using SLIP to log in to a remote machine, a terminal mode must be configured after login to the remote site so that the script can enter each parameter. If you don’t use a script, you will have to establish the connection and then open a terminal window to log in to the remote access server manually.
Warning | It is difficult to create a batch file that correctly configures SLIP. My advice is to avoid SLIP whenever possible. Also, many modern operating systems, such as Windows 2000 Server, don’t support inbound SLIP connections. Windows 2000, however, still supports outbound SLIP to allow connections to Unix machines. |
PPP is used to implement TCP/IP over point-to-point connections (for example, serial and parallel connections). It is most commonly used for remote connections to ISPs and LANs.
PPP uses the Link Control Protocol (LCP) to communicate between PPP client and host. LCP tests the link between client and PPP host and specifies PPP client configuration. PPP can support several network protocols, and because it features error checking and can run over many types of physical media, PPP has almost completely replaced SLIP. In addition, PPP can automatically configure TCP/IP and other protocol parameters. On the downside, high overhead is associated with using PPP, and it is not compatible with some older configurations.
From the technician’s standpoint, PPP is easy to configure. Once you connect to a router using PPP, the router assigns all other TCP/IP parameters. This is typically done with the Dynamic Host Configuration Protocol (DHCP). DHCP is the protocol within the TCP/IP protocol stack that is used to assign TCP/IP addressing information, including host IP address, subnet mask, and DNS configuration. This information can be assigned over a LAN connection or a dial-up connection. When you connect to an ISP, you are most likely getting your IP address from a DHCP server.
To configure a client with Windows 95/98 to dial up a remote access server and connect using PPP and Windows 9x Dial-Up Networking (DUN), follow these steps:
Choose Start Ø Programs Ø Accessories Ø Communications Ø Dial-Up Networking to open the Dial-Up Networking dialog box.
Double-click Make New Connection.
Type the name of the system you will be dialing into in the Type a Name for the Computer You Are Dialing field. This field defaults to My Connection. Select the modem installed in your computer that you want to use for this connection from the Select a Device dropdown list.
Click Next. Enter the area code and phone numbers, and click Next.
The last screen informs you that you have successfully created the connection. Click Finish to return to the Dial-Up Networking dialog box.
Right-click the connection you just made, and choose Properties from the shortcut menu.
Click the Server Types tab, and from the Type of Dial-Up Server dropdown list, choose PPP: Windows 95, Windows NT 3.5, Internet.
Clear the options you won’t be using to connect to the server. For PPP connections, you can usually clear Log On to Network, NetBEUI, and IPX/SPX Compatible.
Click OK to save the settings.
You can now double-click the connection you made, enter your username and password, and click Connect to establish the connection.
PPTP is the Microsoft-created sibling to PPP. It is used to create virtual connections across the Internet using TCP/IP and PPP so that two networks can use the Internet as their WAN link, yet retain private network security. PPTP is both simple and secure.
To use PPTP, you set up a PPP session between the client and server, typically over the Internet. Once the session is established, you create a second dial-up session that dials through the existing PPP session, using PPTP. The PPTP session tunnels through the existing PPP connection, creating a secure session. In this way, you can use the Internet to create a secure session between the client and the server. Also called a virtual private network (VPN), this type of connection is very inexpensive when compared with a direct connection.
PPTP is a good idea for network administrators who want to connect several LANs, but don’t want to pay for dedicated leased lines. But, as with any network technology, there can be disadvantages, including:
PPTP is not available on all types of servers.
PPTP is not a fully accepted standard.
PPTP is more difficult to set up than PPP.
Tunneling can reduce throughput.
You can implement PPTP in two ways. First, you can set up a server to act as the gateway to the Internet and the one that does all the tunneling. The workstations will run normally without any additional configuration. You would normally use this method to connect entire networks. Figure 7.3 shows two networks connected using PPTP. Notice how the TCP/IP packets are tunneled through an intermediate TCP/IP network (in this case, the Internet).
Figure 7.3: A PPTP implementation connecting two LANs over the Internet
The second way to use PPTP is to configure a single, remote workstation to connect to a corporate network over the Internet. The workstation is configured to connect to the Internet via an ISP, and the VPN client is configured with the address of the VPN remote access server, as shown in Figure 7.4. PPTP is often used to connect remote workstations to corporate LANs when a workstation must communicate with a corporate network over a dial-up PPP link through an ISP and the link must be secure.
Figure 7.4: A workstation is connected to a corporate LAN over the Internet using PPTP
Tip | Windows 98 and Windows NT 4 include PPTP. You must add it to Windows 95. |
Both Windows NT and Windows 2000 include technology to allow users to dial up a server and connect to not only that server, but also to that server’s host network. This technology is known as RAS. RAS is used in smaller networks where a dedicated dial-up router is not practical or possible. In a RAS setup, you can basically connect a modem to a Windows NT or Windows 2000 server and, by way of the RAS, configure that modem as dial-out only, dial-up only, or a combination.
It is important to note that RAS, without help, provides access to only the LAN to remote users; it does not allow LAN users to use the modem to, say, dial their AOL account. For that, they would need Microsoft’s Shared Modem Services, which comes with the Small Business Server edition of Windows NT. Windows 2000, however, comes with the ability to share outbound connections. This is set up with 2000’s RRAS utility.
A relatively new technology for remote access is the Citrix WinFrame (or MetaFrame) products (including Windows Terminal Server), which use the ICA protocol. Put simply, Citrix WinFrame allows multiple computers to take control of a virtual computer and use it as if it were their desktop. The advantage is that a company can put all of its time and money into a single computer (the Terminal Server or Citrix Server computer) and use its existing desktops as “dumb terminals,” because the speed and power is now on the server. As speed needs increase, the company can simply replace the server with a more powerful server, instantly upgrading the speed and capability of all users.
The major downside is the cost of the server. Essentially, you must buy a server that is the equivalent of multiple desktops, which will cost accordingly. For example, for a server that would support 100 desktops at Pentiumclass speeds, you would have to buy a server that could run at approximately 100 times the Pentium speed with 100 times the memory.
The ICA protocol is the protocol that the Citrix or Terminal Server client uses to communicate with the server. This protocol sends screen shots, mouse movements, and so forth between the client and server. It works on several different platforms, because there are ICA clients for all major client OSes, including Windows, MacOS, Linux, and even the Internet. The ICA protocol was developed specifically to be efficient over both LAN and remote access links. So, when wanting to do actual work over a remote access link, the ICA protocol (together with Citrix WinFrame products) makes the most sense when you have large numbers of remote users to support.
In order to use ICA, you must have a Citrix WinFrame, MetaFrame, or Terminal Server installed and functioning. You can then download the ICA client and use it on that platform over any type of remote link (including dialup) because, as mentioned previously, ICA was developed for optimal use over remote links.
|
|