The Windows Networking team delivers several networking technologies that are essential for internet/ intranet connectivity. The team develops mobile broadband, remote access, network addressing and naming solutions and network authentication solutions. The products developed by MSIDC form the core of networking infrastructure and impact millions of people every day. MSIDC has complete ownership of several key Windows Server features such as Dynamic Host Configuration Protocol server, Routing and Remote Access (RRAS) Server and WINS Server.

Windows Server 2008 R2 & Windows 7 are the next versions of the Windows Server and client operating systems from Microsoft. Its features include:

• DirectAccess (DA) – Simplified remote connectivity for corporate computers by using the DirectAccess feature
• Routing and Remote Access is a Windows Server role that provides dial-up remote access server, Virtual Private Network (VPN) remote access server, Internet Protocol (IP) router for connecting subnets of a private network, Network Address Translator (NAT) for connecting a private network to the internet, dial-up and VPN site-to-site demand-dial router. VPN Reconnect provides persistent connectivity to a remote network when a mobile user is moving from one internet connectivity to another.
• Dynamic Host Configuration Protocol (DHCP) Server is the most widely used IP address management solution.
• Extensible Authentication Protocol (EAP) and the Authentication Methods - A security framework which helps different authentication modules to plug into it. Windows RAS, 802.1x clients are the major consumers of this infrastructure component.
• Mobile Broadband (MBN) platform that provides consistent and uniform connectivity experience to end users as part of the Windows OS. The spectrum of technologies supported includes GSM & its variants such as GPRS / HSPA / HSPA-e / LTE as well as CDMA & its variants such as 1xRTT / 1xEVDo-Rev0 / RevA / RevB.

Dynamic Host Configuration Protocol (DHCP)

Desktops/ laptops and other devices require IP addresses and configuration parameters to communicate with each other over the Internet or over a TCP/ IP network. Microsoft’s DHCP Server is the most widely used IP address management solution. The DHCP solution developed at MSIDC includes the following:

• DHCP Client
  • Requests IP address and configuration information from the server and is bundled as part of the Windows client and server operating systems.
  • Supports SSID caching so that laptop devices could get IP address in a lesser time in a wireless LAN network during revisits to the same.
• DHCP Server
  • Available as an add-on role in the various server operating systems and allows for central management of IP addressing throughout the enterprise.
  • Support for IPv6 (stateful and stateless addressing), integration with Network Access Protection (NAP), etc.
  • Supports MAC address based network access control mechanism with Link Layer based Filtering feature. With this feature, DHCP administrator can control issuance/ denial of DHCP leases/ IP addresses.
  • Prevents name squatting issues in enterprise environments. Name protection feature can be used to prevent registration of new hosts using hostname that have already been registered by another machine in DNS Server.
  • Prevents exhaustion of IP addresses at scope level when deployed in redundant configurations.
  • Supports DHCP activity logging, allows DHCP administrators to monitor the configuration changes of the DHCP servers. DHCP administrators use this feature for network security/ IT compliance auditing purposes.
• DHCP elay- Used to proxy DHCP information between clients and server that reside on subnets.

Direct Access

DirectAccess is a comprehensive anywhere access solution that provides corporations with the ability to have seamless end-user connectivity for remote information workers. The vision is to provide remote access that is 'just like on the corporate network' so that users can seamlessly access the resources they need while also enabling the IT admin to have an increased level of remote device management. In a sense the remote machines are always connected to the corporate network. With DirectAccess, end users enjoy the same experience whether they are on the corporate network or working remotely, and administrators have the same level of control over compliant machines inside and outside the network.

The MSIDC team is responsible for developing the DirectAccess Management snap-in which provides administrators a simple and easy way to configure and monitor DirectAccess components. It contains a step-by-step documented process for setting up DirectAccess on the server. The snap-in also has an in-built monitoring UI that keeps track of the state of the server and all its components. The monitoring UI is very helpful in troubleshooting any problems on the server as it gives warning and error events whenever any component is in a bad state.

Following are the key services provided by RRAS:

• Dial-up remote access server.
• Virtual Private Network (VPN).
• IP based router, for connecting various subnets/ LANs
• Network Address Translation (NAT) to conserve IP address space and in some cases provide network isolation
• Dial-up and VPN site-to-site and demand-dial router

Agile VPN

One of the most common scenarios facing organizations today is connectivity between sites and locations. Many organizations connect their sites and locations by using VPN tunnels over public networks, such as the Internet. One problem with existing VPN solutions is that they are not resilient to connection failures or device outages. When any outage occurs, the VPN tunnel is terminated and must be re-established, resulting in momentary connectivity outages. The Agile VPN feature in Windows Server 2008 R2 allows a VPN to have multiple network paths between points in the VPN tunnel. In the event of a failure, Agile VPN automatically uses another network path to maintain the existing VPN tunnel, with no interruption of connectivity.

This new feature allows for seamless switchover and uninterrupted connectivity. Wherever you go, you are always connected to your VPN across different networks. With the all new Agile VPN tunnel and the new Mobility Manager, users can enjoy the seamless VPN connection switchover automatically to a new network when the underlying network changes. With seamless switchover users can now enjoy uninterrupted connectivity to corporate network for all the applications running on top of the VPN connection. Users can now also experience the new VAN UI for managing network connections. The new Agile VPN tunnel is standards based and uses MOBIKE extension of IKEv2.

The MSIDC team is responsible for designing, developing and implementing the complete new IKEv2 based Agile VPN tunnel that lets you stay connected to corporate network while on the move, even when the underlying internet connection changes. It is standards based and uses the IKEv2 IPSec protocol. It also supports additional VPN strategy which allows fallback to SSL in case IKEv2 is blocked by the firewall. It also provides support for Machine Certificate based authentication making it more secure to use.

Secure Socket Tunneling Protocol (SSTP)

Information workers often require access to corporate data from outside the corporate perimeter. The VPN protocols that were prevalent in Windows Server 2003 were Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol with Internet Protocol Security (L2TP/IPSec). PPTP/L2TP based VPN traffic can have problems with firewalls, NATs and Web proxies as the relevant packets (TCP Port 1723 and Generic Routing Encapsulation, IKE) may be blocked at the firewall. To prevent problems, firewalls must be configured to allow both the TCP connection and the GRE-encapsulated data. Although GRE is a standard method of encapsulating IP packets, many internet service providers (ISPs) drop these packets, resulting in lost data.

Secure Socket Tunneling Protocol (SSTP) is a new VPN solution that solves the above mentioned connectivity problems by using HTTP over Secure Sockets Layer (SSL). SSTP is essentially HTTP over SSL on TCP port 443, and uses time tested protocols for security and transport.

Mobile Broadband (MB)

The charter of the Mobile Broadband team at MSIDC is to develop a Mobile Broadband (MBN) platform that provides consistent and uniform connectivity experience to the end users as part of the next version of the Windows OS. The spectrum of technologies that it supports includes GSM & its variants such as GPRS / HSPA / HSPA-e / LTE as well as CDMA & its variants such as 1xRTT / 1xEVDo-Rev0 / RevA / RevB. Key challenges in this area lie in defining and implementing a flexible framework (MB Driver Model) that is technology agnostic at the driver level and ensure a user experience that is uniform and consistent with other media stacks in Windows. The team defines a standard set of API-s (MB API) that can be leveraged by the third party Connection Manager developers to provide basic connectivity as they move up the value chain. Given that the size of the MB ecosystem is extremely large and involves hundreds of telcos, a dozen of IHVs / silicon vendors / ISVs and OEMs spread worldwide, driving and partnering with numerous partners to deliver MB drivers compliant with Microsoft’s driver model as well as Connection Managers based on Microsoft’s MB API-s is a huge task. Being part of one of the key pillars (Ubiquitous Connectivity) of the next version of Windows, this program has provided a strategic solution to unify diverse Mobile Broadband Network (MB) solutions in the next version of the operating system.

The MSIDC team is responsible for:

• Driving the program end to end from MSIDC, right from partnering with the large MB eco-system (operators, IHVs, OEMs, ISVs & silicon vendors), building solution awareness, to planning, executing, and deployment
• Delivering MB solution in the next version of the operating system

Network Access Protection (NAP)

MSIDC owns NAP enforcement via DHCP and VPN and the Quarantine Enforcement Clients (QECs). Network administrators are routinely tasked with ensuring that their users are compliant with ever changing corporate policies. However, earlier they were unable to define granular levels of network access due to the lack of adequate tools and reporting mechanisms. NAP, a technology introduced in Windows 2008, allows an administrator to define multiple and fine-tuned levels of network access based on various parameters, such as type of client, client’s group memberships, degree of clients’ compliance with corporate governance policy, etc.

Extensible Authentication Protocol (EAP)

An authentication framework that is crucial for security and authentication over networking infrastructure. Both the EAP peer and EAP authenticator components are owned by MSIDC. EAP has gained widespread acceptance due to the proliferation of Wireless LANs.

Windows Internet Name Service (WINS)

Another naming and mapping technology for computers and is Microsoft’s implementation of the NetBIOS Name Server. Despite the ubiquity of DNS in the enterprise, WINS continues to play a vital role in the name resolution infrastructure in both small and large environments.