Accounting, Auditing, and Alarming

To properly administer a VPN system, network administrators should be able to track who uses the system, how many connections are made, unusual activity, error conditions, and situations that might indicate equipment failure. This information can be used for billing, auditing, and alarm or error-notification purposes.

For example, an administrator might need to know who connected to the system and for how long in order to construct billing data. Unusual activity might indicate a misuse of the system or inadequate system resources. Real-time monitoring of equipment (for example, unusually high activity on one modem and inactivity on another) might generate alerts to notify the administrator of a modem failure. The tunnel server should provide all this information, and the system should provide event logs, reports, and a data storage facility to handle the data appropriately.

The RADIUS protocol defines a suite of call-accounting requests that are independent from the authentication requests we discussed previously. These messages from the NAS to the RADIUS server request the latter to generate accounting records at the start of a call, end of a call, and predetermined intervals during a call. The Routing And Remote Access service, which provides the VPN server functionality in Windows Server 2003, can be configured to generate these RADIUS accounting requests separately from connection requests (which could go to the domain controller or to a RADIUS server). This allows an administrator to configure an accounting RADIUS server, whether RADIUS is used for authentication or not. An accounting server can then collect records for every VPN connection for later analysis. A number of third parties have already written billing and audit packages that read these RADIUS accounting records and produce various useful reports.

IAS in Windows Server 2003 is a RADIUS accounting server and supports recording the connection accounting information to a log file or sending it directly to a structured query language (SQL) server database using the new SQL-Extended Markup Language (XML) features of Windows Server 2003 IAS.

Deploying Virtual Private Networks With Microsoft Windows Server 2003
Deploying Virtual Private Networks with Microsoft Windows Server 2003 (Technical Reference)
ISBN: 0735615764
EAN: 2147483647
Year: 2006
Pages: 128

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: