In the following chapters, we’ll dive into all the technical details of VPN. You’ll get more technical VPN knowledge than you can imagine, but let’s start with a lay person’s view of virtual private networking and what it can do for you.
Because you are interested in this book—and therefore are interested in VPN and remote access solutions—it’s a safe bet that your company is running a network to access computer resources and services within the walls of your offices. Also, you more than likely have Internet access for your users to access resources and services out on the Internet. The two concepts sound similar, don’t they? Your users are accessing services on your network or out on the Internet, and that means the Internet is a network like the one in your office. More importantly, the Internet is a free network that spans the entire planet, interconnects everything and everyone, and can be considered an extension of your network. That means you can use it to communicate with all your users while they are out of the office or to interconnect various office sites. These Internet capabilities eliminate the need for modem pools, ISDN servers, and private leased WAN lines.
There is a problem, though. The network within your walls is a private network that only your authorized users can access and work with, while the Internet is available for everyone’s use. Without proper precautions, the Internet can be a dangerous place for a company to live—your assets, customer data, control systems can all be exposed to unauthorized users if you use the Internet as a communications system. That is where the power of VPN comes in. VPN transforms the communications systems of the Internet into a virtual private network for your company’s use.
Until recently (about 10 years ago), the Internet was virtually untapped as a resource. Now it is arguably the most powerful communications medium on the planet. The world of computing has been completely transformed in recent years by the emergence of the Internet, which makes technologies that were once only dreamed about a complete reality. Let’s take a look at history so that we can understand why VPN and the Internet are two of the most awesome tools for your business.
Four or five years ago, the computing world was a different place—the Internet was just starting to show its potential as a communications medium and drive innovation to new levels. Back then, the computing world had some constants you could count on if you were running a business:
All client PCs were the same. Every PC was pretty much like every other PC. Your PC was a box that sat on your desk and had the same parts and and followed the same processes as others of its kind. Even though there were different systems—UNIX, Apple, Windows, and so forth—for the most part the hardware had the same configurations. There were very few surprises, and IT administrators didn’t have to worry about different types of hardware clients and operating system clients on their network.
Networks were wired. If you wanted your computer to talk to another computer, that communication would take place over a modem or hard- wired connection. There simply were no other options. Telecommuting was virtually unknown because of lack of connectivity options and bandwidth resources.
These facts allowed IT administrators to make some base assumptions on how to run their network and what to do to service their users. Remote access options for users were limited and considered to be a luxury that came at a high cost. The only kind of remote access available consisted of expensive in-house modem banks that required dedicated telephone lines and that incurred thousands of dollars a month in communications charges. Most companies considered the Internet to be a toy—it was not yet fully developed into the business tool it is today. Most companies did not even bother to provide Internet access for their users. The concept of “constant” communication from office to office was virtually unheard of, as e-mail— another emerging technology considered to be a luxury—required only occasional or once-a-day delivery.
Because of the overhead required to support remote access for a company, the concept of a “home office” and telecommuting were not a reality. Bandwidth constraints over modems made any kind of remote application work unworkable. The concept of remote access was extremely limited and was certainly not an option for most users. It was an option only for executives (who didn’t find it very useful) and for IT administrators, who needed to have emergency access to the network to service it.
Now we jump forward in time to today’s computing environment. As is always the story with technology, all the assumptions we made about communications and clients in the past are now invalid.
Figure 1.1: The many types of client computers today.
We do not know what a computer looks like anymore. Figure 1-1 shows an entire suite of computer clients powered by Microsoft operating systems. They come in all shapes and sizes. There are hundreds of ways to access your data and services—you can have desktops, laptops, Tablet PCs, Pocket PCs, Smartphones, television-based clients, watches, or even computing devices specifically designed to handle particular business needs. For instance, some Pocket PCs can withstand arctic cold tempatures or other environmental extremes. It is very difficult to anticipate what type of computer users will use to access their data.
Multiple connectivity options exist today. Almost every laptop available can be purchased with optional wireless network communications. Ethernet adapters are a commodity that every laptop and desktop computer has built in by default. (Remember when not too long ago this was an expensive add-on option?) Users now have ready options to communicate over wired, wireless, cellular, or even personal satellite communications. IT administrators have to plan and provide for all of these options.
The world of the IT administrator has changed drastically in recent years—the types of client computers and the ways they communicate have increased immensely. Yet administrators still have to provide the same level of service and connectivity for all options and users.
The Internet has revolutionized the way people do business. It hasn’t simply changed the way businesses advertise or the way people find information; it has fundamentally changed the way businesses operate and communicate. E-mail, which not too long ago was considered a toy and a luxury, is now a primary communications medium for business. When was the last time you met a person, bought a product, or requested information and the company or person you were talking to did not ask for your e-mail address? Can you imagine trying to conduct business without an e-mail address?
A business’s e-mail address is as much a part of its identity as its phone number, and is likely used as much as or more than its telephone. I receive over 100 e-mail messages a day, compared to one or two phone calls in the same period of time. E- mail and the Internet give every business an instant global presence and opportunity, and they expose a company to the dangers of the Internet as well.
VPN provides the way to take advantage of all the power the Internet can give you and keep your company’s resources secure. However, danger is out there—thieves and hackers are looking for ways to grab and control your company’s resources! So, how do you make sure the data and operations you place on the Internet are safe, secure, and authenticated? Only by ensuring these things can you know who sent information, that information you are receiving or sending was not or will not be modified, and that information is safe from end-to-end while passing through the wilderness of the Internet.
VPN provides a low-cost, effective, and versatile solution for secure communications over the Internet. Specifically, it does the following:
Allows for a fully functional remote access work force.This alone is a compelling solution for any company with a sales force that is mobile, that needs to have access to company resources, and that needs to keep in touch with its customers. For a company providing on-site services to other companies, this capability allows for instant access to its remote work force.
Allows for transactions to occur without delay and thereby reduces the chance of losing an opportunity.It doesn’t take a top sales executive to know that having instant access to company inventory and purchasing systems while on a customer’s premises can vastly improve sales performance. For services companies, the ability to route emergency or last- minute information can lead to many recovered man-hours in the week, day, and year. For special verticals markets such as healthcare, the ability to communicate instantly with personnel can mean the difference between life and death.
Allows for a true international presence without the high cost of maintaining international operations. With the Internet, every company can be a global company. Your Internet presence gives you instant access to millions of businesses and potential customers around the world.
Worldwide connectivity allows for the best-of-breed large-scale corporate functionality. For corporations that have multiple remote offices, communications previously accounted for a huge part of the overhead in operations and budgets. Now offices can be connected over the Internet inexpensively and with ease. This drastically reduces expansion costs and makes global growth a reality for companies that previously had no such options available to them.
The capabilities of the Internet and the options for computing clients seem boundless, but there’s probably a few capabilities you haven’t thought of. Certainly you didn’t think Microsoft would just sit still, did you? A whole new world of functionality is coming.
Internet Protocol version 6 (IPv6) will change the way the world will communicate yet again. Internet and network communications are currently based on one main network layer communications protocol, IP version 4 (IPv4). In the computing world, nothing is constant except innovation, and the Internet is no exception. IPv6 is the next communications protocol that will be available on the Internet, making every computer, both server and client, uniquely identifiable on the Internet. The communications possibilities are staggering—as you’ll see in the next few sections—and Windows servers and clients fully support IPv6 today and will continue to do so in the versions to come. IPv6 is the undiscovered country of network computing.
What makes a person’s telephone number so unique? The answer is simply that there is no other person in the world with that number. That telephone number is truly unique in the world. That is why when you dial a certain sequence of numbers on your phone, you know for a fact you will always reach the right person. Similarly, TCP/IP v6 makes a person’s computing device unique in the world and accessible anywhere, anytime—and this makes global voice communications over the computer and the Internet a powerful business tool. We are seeing the beginning of this trend now with applications such as MSN Instant Messenger. These new advancements are powerful because they use the Internet as the primary communications channel. VPN is the base security operations mechanism that ensures secure communications for all of it.
Just a few years ago, the concept of video conferencing was pure Star Trek–type stuff. Now everyone can do it with a PC, a small camera, and an Internet connection. The problem, however, is that people are not always able to use video communications because of the limitations of TCP/IP v4, client hardware, and Internet routing. Instant access to people you want to communicate with is much more widely available with new solutions such as TCP/IP v6. Eventually, this technology will make video calls almost as commonplace as voice calls. Consider that in the past year, cellular phones with built-in cameras have hit the marketplace—the future is closer than you think.
Instant messaging is rapidly becoming a corporate standard for communications. Services such as location awareness, personalized Web services, and intelligent devices that adapt to their environment and connectivity are helping to make instant messaging a primary communication method. The potential is boundless, and Microsoft is working on many new ideas and technologies to make the science fiction of yesterday the reality of today and tomorrow. Again, VPN will be central to ensuring secure communications for all these technologies.
One constant fact throughout time, regardless of the advances in communications and computing, is that there will always be someone out there who is up to no good. The more communications technologies evolve, the more open and dangerous the Internet can become. Security is no longer an option, it is a base requirement for all business applications and this is the reason that VPN is so important to your company’s growth.
VPN will enable your company to survive on the Internet and operate with the complete security it needs. It is not an option, but a mandatory solution for collaborating and competing with other businesses. A company without this communications capability will be the last to the table and will miss many opportunities. Agility is a key factor to a successful business, and agility requires state-of-the-art communications.
As technology progresses, we can see that the more powerful the technology, the more powerful is the security required to maintain it. VPN will always have a role to play in enabling secure remote access to all of a company’s employees, in connecting offices to each other with the touch of a button at minimal cost, and in connecting businesses of all sizes and providing increasing levels of functionality.
VPN is the answer to secure communications on the Internet, and this book will show you how it works!
Now that we have made the case for using VPN in your company, it’s time to put the technology to work for you. Here is a synopsis of what you’re about to learn in this book:
We’ll cover the basic concepts of VPN for remote access and site-to-site solutions, including all dependent services and components you need to build a successful VPN infrastructure. There are a lot of choices to be made—from the type of tunneling protocols and authentication systems to be used to the entire physical setup of the VPN environment. We’ll cover it all and guide you through the entire process. By the time you’re done using this book, you’ll be a VPN professional on Microsoft Windows technologies!
Next, we’ll cover setting up remote access and site-to-site VPN individually, as each technology has its own concepts and considerations. We’ll give you a complete breakdown of each type of VPN service and a complete run- through of the decision points and options available to you for establishing the physical, logical, and software setups. We provide complete step-by-step instructions on how to set up each service, component, and connection. Follow our lead, and you can’t miss.
We will cover options that are available with Connection Manager and Phone Book Services that make the user’s experience the best it can possibly be. Your users will have a one-click experience for VPN, and the various offices will have site-to-site connectivity without a second thought. It will seem completely natural to the users to be communicating over the Internet with Microsoft VPN.
We will cover advanced features such as client state checking with quarantine and IP firewalling so that you can be sure none of your users are compromising your network when they are on the Internet and connected to the home office. You can enjoy peace of mind when using VPN because Microsoft provides a complete suite of client control options to protect your corporate assets.
We will also provide detailed troubleshooting processes and procedures to ensure the complete success of your rollout.
By the time you reach the end of this book, you will be able to use the Internet as the ultimate remote access and office connectivity technology. You’ll be able to do this with full security and control using native Microsoft technologies on Windows Server 2003 and Windows XP.