1 / 56

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646). Chapter 10 Configuring Remote Access. Learning Objectives. Understand Windows Server 2008 remote access services Implement and manage a virtual private network Configure a VPN server

zan
Télécharger la présentation

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access

  2. Learning Objectives • Understand Windows Server 2008 remote access services • Implement and manage a virtual private network • Configure a VPN server • Configure a dial-up remote access server • Troubleshoot virtual private network and dial-up remote access installations MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  3. Learning Objectives (cont’d.) • Install and configure Terminal Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  4. Introduction to Remote Access • Routing and Remote Access Services (RRAS) • Enable routing and remote access through virtual private networking and dialup networking • Virtual private network (VPN) • Tunnel through a larger network that is restricted to designated member clients only • Dial-up networking • Using a telecommunications line and a modem to dial into a network or specific computers on a network MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  5. Introduction to Remote Access (cont’d.) • Modem • Modulator/demodulator • Converts a transmitted digital signal to an analog signal for a telephone line • Converts a received analog signal to a digital signal for use by a computer • RRAS • Turns server into a dial-up Remote Access Services (RAS) server capable of handling hundreds of simultaneous connections MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  6. Figure 10-1 A VPN network Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  7. Implementing a Virtual Private Network • VPN • Uses LAN and tunneling protocols • Encapsulates data as it is sent across a public network • Benefits of using a VPN • Users can connect through a local ISP to the local network • Ensures that any data sent across a public network is secure • Encrypted tunnel MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  8. Using Remote Access Protocols • Function of the remote access protocol • Encapsulate a packet • TCP/IP is the most commonly used transport protocol • Encapsulated in a remote access protocol for transport over a WAN • Other legacy transport protocols • IPX for legacy NetWare networks • NetBEUI for legacy Microsoft networks • Not supported by Windows Server 2008 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  9. Using Remote Access Protocols (cont’d.) • Serial Line Internet Protocol (SLIP) • Originally designed for UNIX environments • Provides point-to-point communications using TCP/IP • Compressed Serial Line Internet Protocol (CSLIP) • Newer version of SLIP • Compresses header information in each packet • SLIP and CSLIP do not support • Network connection authentication MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  10. Using Remote Access Protocols (cont’d.) • SLIP and CSLIP do not support (cont’d.) • Automatic negotiation of the network connection through multiple network connection layers at the same time • Point-to-Point Protocol (PPP) • Has more capability than SLIP • Remote access protocols • Point-to-Point Tunneling Protocol • Layer Two Tunneling Protocol • Secure Socket Tunneling Protocol MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  11. Using Remote Access Protocols (cont’d.) • Point-to-Point Tunneling Protocol (PPTP) • Offers PPP-based authentication techniques • Encrypts data carried by PPTP through using Microsoft Point-to-Point Encryption • Microsoft Point-to-Point Encryption (MPPE) • Starting-to-ending-point encryption technique that uses special encryption keys varying in length from 40 to 128 bits MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  12. Using Remote Access Protocols (cont’d.) • Layer Two Tunneling Protocol (L2TP) • Works similarly to PPTP • IP Security (IPsec) • IP-based secure communications and encryption standards created through the Internet Engineering Task Force (IETF) • Secure Socket Tunneling Protocol (SSTP) • Employs PPP authentication techniques • Encapsulates data packet in the Hypertext Transfer Protocol (HTTP) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  13. Using Remote Access Protocols (cont’d.) • Secure Sockets Layer (SSL) • Data encryption technique employed between a server and a client • PPP, PPTP, and L2TP are available in: • Windows 2000, Windows XP, Windows Vista, Windows 7 • Windows 2000 Server, Windows Server 2003, Windows Server 2008 • SSTP is available in: • Windows Server 2008, Windows Vista, Windows 7 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  14. Using Remote Access Protocols (cont’d.) Table 10-1 Communications technologies MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  15. Configuring a VPN Server • Install Network Policy and Access Services role • Configure a Microsoft Windows Server 2008 server as a network’s VPN server • Configure protocols to provide VPN access to clients • Configure a VPN server as a DHCP Relay Agent for TCP/IP communications • Configure the VPN server properties • Configure a remote access policy for security MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  16. Configuring a VPN Server (cont’d.) • Windows Server 2008 requires at least two network interfaces in the computer: • One for the connection to the LAN • One for a connection to the physical VPN network • Activity 10-1: Installing Network Policy and Access Services • Objective: Learn how to install Routing and Remote Access Services • Activity 10-2: Setting Up a VPN Server • Objective: Set up a VPN server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  17. Configuring a VPN Server (cont’d.) Table 10-2 Routing and remote access options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  18. Configuring a VPN Server (cont’d.) Table 10-3 Ports to open in the Windows Firewall for a VPN MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  19. Configuring a DHCP Relay Agent • DHCP Relay Agent • Broadcasts IP configuration information • Use Routing and Remote Access tool to configure VPN server as a DHCP Relay Agent • Activity 10-3: Configuring a DHCP Relay Agent • Objective: Set up a DHCP Relay Agent • Activity 10-4: Additional DHCP Relay Agent Configuration • Objective: Configure the DHCP Relay Agent hop count MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  20. Configuring VPN Properties • Routing and Remote Access tool • Right-click the VPN server in the tree • Click Properties Figure 10-9 Configuring the interface properties Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  21. Configuring VPN Properties (cont’d.) Figure 10-10 VPN server properties Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  22. Configuring VPN Properties (cont’d.) Table 10-4 VPN server properties tabs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  23. Configuring Multilink and Bandwidth Allocation Protocol • Multilink • Combine or aggregate two or more communications channels so they appear as one large channel • Aggregated links • Multilink must be implemented in the client as well as in the server • Older connection technology compared with DSL or wireless metropolitan area networks • Bandwidth Allocation Protocol (BAP) • Ensure that a client’s connection has enough speed or bandwidth for a particular application MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  24. Configuring Multilink and Bandwidth Allocation Protocol (cont’d.) • Windows Server 2008 version of Multilink PPP • Supports Bandwidth Allocation Control Protocol (BACP) • Selects a preferred client when two or more clients vie for the same bandwidth • Activity 10-5: Using Multilink • Objective: Configure a VPN (or RAS) server to use Multilink MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  25. Configuring VPN Security • When a user accesses a VPN server: • Access is protected by the account access security that already applies • Through a group policy or the default domain security policy • Elements of a Remote Access Policy • Access permission • Conditions • Constraints • Settings MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  26. Configuring VPN Security (cont’d.) • Establishing a Remote Access Policy • Use Routing and Remote Access tool • Accessed via Administrative Tools or as an MMC snap-in • Activity 10-6: Configuring a Remote Access Policy • Objective: Configure a remote access policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  27. Configuring VPN Security (cont’d.) Table 10-5 Authentication types MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  28. Figure 10-15 Encryption options Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  29. Configuring VPN Security (cont’d.) Table 10-6 RAS encryption options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  30. Configuring a Dial-Up Remote Access Server • Dial-up remote access server compatible with: • Asynchronous modems • Synchronous modems • Null modem communications • Regular dial-up telephone lines • Leased telecommunication lines • ISDN lines (and digital ‘‘modems’’) • X.25 lines • DSL lines • Cable modem lines • Frame relay lines MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  31. Configuring a Dial-Up Remote Access Server (cont’d.) • Install RAS using Routing and Remote Access tool • Steps very similar to installing a VPN server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  32. Configuring Dial-Up Security • Callback security • Server calls back the remote computer • Verify telephone number in order to discourage a hacker • Options available in Windows Server 2008: • No Callback • Set by Caller (Routing and Remote Access Service only) • Always Callback to MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  33. Configuring Dial-Up Security (cont’d.) • Control network access permission • Allow access • Deny access • Control access through NPS Network Policy • Default selection MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  34. Configuring a Dial-Up Connection for a RAS Server • Create other connections through the Network and Sharing Center • Activity 10-7: Configuring a Dial-Up Network Connection • Objective: Configure a dial-up connection for a dial-up RAS server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  35. Configuring Clients to Connect to RAS Through Dial-Up Access • Common dial-up RAS clients • Windows 98, 2000, XP, Vista, and 7 • Access a dial-up RAS server from other operating systems • Configure a dial-up connection on those clients MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  36. Configuring Clients to Connect to RAS Through Dial-Up Access (cont’d.) Figure 10-17 Configuring a dial-up connection Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  37. Troubleshooting VPN and Dial-Up RAS Installations • Troubleshooting VPN or dial-up RAS server communications problem • Hardware and software troubleshooting tips MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  38. Hardware Solutions • Use Device Manager to check network adapters, WAN adapters, and modems • Make sure telephone line plugged in • For external modems: • Make sure the modem cable is properly attached, that you are using proper cable type • For internal modems or adapter cards: • Check connection inside computer MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  39. Hardware Solutions (cont’d.) • For a modem connection: • Test the telephone wall connection and cable • For an external DSL adapter or a combined DSL adapter and router: • Ensure device is properly configured and connected • Call your ISP to determine if problems are present on the ISP’s WAN MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  40. Software Solutions • Use the Computer Management tool or Server Manager to verify status of: • Routing and Remote Access • Remote Access Auto Connection Manager • Remote Access Connection Manager services • Ensure Windows Firewall is set up to allow remote access • Make sure VPN or dial-up RAS server is enabled • Check the remote access policy to be sure that access permission is granted MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  41. Software Solutions (cont’d.) • Verify VPN or dial-up RAS server is started • Check the network interface • Ensure IP parameters are correctly configured to provide an address pool for either a VPN or dial-up RAS server • If using a RADIUS server: • Ensure it is connected and working properly and that Internet Authentication Service (IAS) is installed • Ensure the remote access policy is consistent with the users’ access needs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  42. Connecting Through Terminal Services • Terminal server • Enables clients to run services and software applications on Windows Server 2008 instead of at the client • Enables thin clients to perform most CPU-intensive operations on the server • Centralize control of how programs are used • Install different role services for specific purposes: • TS Web Access • TS Gateway MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  43. Connecting Through Terminal Services (cont’d.) Table 10-7 Terminal Services components MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  44. Connecting Through Terminal Services (cont’d.) Table 10-8 Role services available through Terminal Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  45. Connecting Through Terminal Services (cont’d.) • RemoteApp • New feature • Enables a client to run an application without loading a remote desktop on the client computer • TS Gateway • Provides a secure way to use Terminal Services over the Internet MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  46. Installing Terminal Services • Install TS Licensing role service • Manage terminal server user licenses obtained from Microsoft • Licenses can be purchased either per user account or by client device • Network Level Authentication (NLA) • Enables authentication to take place before the Terminal Services connection is established • Thwarts would-be attackers • Create groups of user accounts in advance • Add these groups during installation MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  47. Installing Terminal Services (cont’d.) • Activity 10-8: Installing Terminal Services • Objective: Learn how to install the Terminal Services role MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  48. Configuring Terminal Services • Activity 10-9: Configuring Terminal Services • Objective: Configure a terminal server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  49. Configuring Terminal Services (cont’d.) Table 10-11 Terminal Services permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  50. Managing Terminal Services • Terminal Services Manager • Monitor the number of users connected to the terminal server • Add additional terminal servers to monitor • Determine if a user session is active • Determine which programs are running in a user’s session • Disconnect a user’s session or log off a user • Reset a connection that is having trouble • Send a message to a user MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

More Related