Remote Access for Telecommuters and Mobile Workers

	목 차 Routing and Remote Access Service Broad Media Support Efficient Management Tools and Services Conclusion 관련 링크 Communications and Networking Services Communications Deployment Resources Communications Technical Resources

Routing and Remote Access Service

Introduction

A key benchmark of a company's success is its ability to improve the productivity of its workforce. In a digital information economy, employees can be productive from almost any location as long as they can easily access the resources they need and communicate with other employees. With the Windows® 2000 operating system, any business can provide affordable remote dial-up network access (to the private LAN), using the integrated Routing and Remote Access Service. With this technology, Windows-, Novell-, Apple-, and UNIX-based client systems can reliably access the corporate network and the critical business files they need from any location, at any time.

The Windows 2000 Server family provides numerous technological enhancements over the remote access solution in Windows NT® 4.0 operating system. These enhancements can be organized into three categories:

• Better client integration
• More efficient management tools and services
• A better integrated client-server platform

Best Client-Server Remote Access

Windows 2000 Server Routing and Remote Access is a mature, full-featured, third-generation service of Windows-based server operating systems. It provides a rich complement of authentication services and protocols that simplify connectivity for clients running Windows CE, Windows 95, Windows 98, Windows NT Workstation, and Windows 2000 Professional, as well as Novell-, Apple-, and UNIX-based clients. However, only client computers running Windows 2000 Professional give remote workers the full spectrum of networking and communication services, technologies, and features.

Windows 2000 Server interoperates seamlessly with Windows 2000 Professional client hardware, security technologies, Quality of Service (QoS), remote dial-up connections, Virtual Private Networking (VPN), and network applications software services. And Windows 2000 supports single-sign-on authorization and authentication across these services. Windows 2000 Server and clients work together using standards-based services for smart card-based access, and VPN encryption technologies for lower costs and improved security. Network software services for clients running Windows 2000 Professional allow remote users to communicate with their colleagues through e-mail as well as through multimedia-based collaboration using NetMeeting® conferencing software and internet messenger applications.  In addition, Windows 2000 Server Remote Access Service can meet the security and interoperability needs that organizations demand from a remote access solution.

Broad Media Support

Windows 2000 Server supports numerous types of high-performance media as well as more broadly implemented network topologies (such as simple modem dial-up). This broad media support is complemented by various improved technologies, which include:

• A more efficient TCP/IP stack
• Integrated support for Digital Signal Processor (DSP) offload services
• Network-traffic data compression
• Multi-link aggregation of low bandwidth connections
• Clustering and load balancing services
• Quality of Service (QoS) queuing protocols, including 808.1p, ATM, RSVP, and DiffServ
• Integrated Services over Slow links (ISSLOW)

Enhanced hardware and software services ensure that Windows 2000-based remote clients can directly access the corporate network through a Windows 2000 server providing remote network access (RNA) or a clustered set of Windows 2000 VPN servers (clustering is available in Windows 2000 Advanced Server). The result is a reliable, scalable, and highly available solution that provides a high performance remote access network experience.

Efficient Management Tools and Services

The management tools and services included as a part of the Routing and Remote Access feature of Windows 2000 mark a clear improvement over those available in Windows NT 4.0. With Windows 2000, there are new tools, new technologies, and new directory-integrated services that allow scalable policy-based management of the remote access infrastructure. IT managers can improve the network experience of telecommuters and mobile users, improve network security, and collect information on usage patterns to better manage the infrastructure throughout their organizations. These enhancements result in a more efficient and responsive organization that can proactively address and capitalize on new market opportunities.

Server Wizards and a New Remote Access Tool Set

Windows 2000 Server simplifies the setup of a remote access server through the provision of a Configure Your Server wizard and detailed, integrated Help files. This wizard steps an IT manager through setting up a remote access server and provides access to Help files for detailed configuration information and tips. For remote access implementations targeted to small groups of telecommuters, this wizard helps the administrator configure the network adapters and authentication and authorization policies. After the service is configured, the administrator can create client accounts and specify dial-up access permissions using the Active Directory^TM service. For larger implementations, the administrator can apply a network-access policy to groups of users using the Internet Authentication Service, which is accessible through Routing and Remote Access administrative tools.

Rich Policy-based Management

Because of the business-critical nature of remote access, many organizations are finding that they need to supply this service to a majority of their employees. Managing remote access networks therefore requires managing many users and many systems; and so to manage their users and systems efficiently, organizations need to be able to apply management policies to them. 

In Windows 2000, policy-based management is accomplished with standards-based protocols and directories. Active Directory supports standards such as Lightweight Directory Access Protocol (LDAP) and the Remote Access Dial-Up User Service (RADIUS) to enhance access to remote systems. These services can significantly simplify and centralize management tasks for multi-vendor networks. Using documented open schemas, Application Programming Interfaces (APIs), LDAP, and RADIUS, Active Directory can manage authentication of remote-access users across network access devices such as routers and switches. Windows 2000 includes full-featured RADIUS services in its Internet Authentication Service (IAS).

Support for RADIUS authentication combined with an extensible editing tool for RADIUS attributes and Active Directory integration allows servers running Windows 2000 to better manage large, heterogeneous, remote-access environments. Windows 2000 integrates IAS with both the Routing and Remote Access feature and Active Directory. As a result, network administrators can centrally apply finely-tuned remote access policy-based management rules, and implement detailed accounting services across their entire remote-access network infrastructure.

Parameters that can be applied using IAS and Active directory include RADIUS-enforced policy regulation of privileges based on:

• IP address
• Manufacturer of the Network Access Server NAS
• Group of the user
• Service requested
• Protocol used
• Telephone number dialed by user
• Originating phone number
• Physical port used
• Day or time
• Originating client IP address

This detailed level of policy management helps enhance and preserve current investments, while improving the overall security and management efficiency of the remote-access infrastructure. The RADIUS-based accounting services provide better security-monitoring, capacity-planning, and charge-back services for more efficient network-cost-center management. In addition, RADIUS support provides for easier outsourcing and service level agreement enforcement. By using the Active Directory service, IT managers can centrally manage the configuration and policy for direct-dial and VPN services.

Enhanced Dial-up Management Services

Remote-access solutions need to address both client- and server-management issues. Many end-to-end solutions currently available fail to adequately address the networking client. The result is an incomplete solution that ultimately results in higher management and support costs. Windows 2000 provides a unique set of integrated management tools and services to address the wide range of issues involved with servicing a diverse group of remote access users.

Windows 2000 integrates phone book management with a client connection manager configuration tool called the Connection Manager Administration Kit to create a flexible and comprehensive remote access solution. The integrated solutions enable an IT administrator to create custom dial-up remote access phone books using Phone Book Administrator tools, and publish these phone books to a Windows 2000-based Web application service called the Connection Point Service. These phone books can contain direct-dial remote access telephone numbers as well as point-of-presence telephone numbers for one or more service providers. The point-of-presence telephone numbers can have a specific security configuration associated with them to ensure that any connection made over a public network is appropriately secured. Once the phone books are created and published, the IT administrator can use a Connection Manager Administration Kit (CMAK) wizard to create user or group profiles containing custom graphics, help files, phone books, remote access licenses, and automated connect actions.

The automated connect actions enable the integration of applications services with different phases of the connection process. The CMAK wizard creates an easily distributed, self-installing, custom executable file that, when opened on the client, automatically configures remote access using the newly established infrastructure and phone book services. The administrator can also control how these telephone numbers are presented to the user client in the dialer. The administrator can use the interface to guide the user to the least-expensive access numbers, while clearly identifying more-expensive back-up numbers that should be used only in emergencies.

This comprehensive set of integrated client tools and Server services enables network administrators to empower employees to efficiently use the direct-dial and VPN remote- access options. In addition, this solution enables administrators to remotely and systematically update remote clients when there is any change to the infrastructure. Using the enhanced set of remote access dial-up and management services in Windows 2000 reduces management and accounting costs, dial-up fees, legal risks, and laborious support issues.

Quality Remote Access

As demand increases for network access, remote-access networks are becoming increasingly congested. To address this increased demand, Windows 2000 supports high-bandwidth media, client configuration tools such as CMAK, and policy-based management services to regulate access. Windows 2000 also provides an application-server platform with an integrated set of standards-based, Quality-of-Service (QoS) technologies to better prioritize network traffic flows.

Both Windows 2000 Professional and Windows 2000 Server support network QoS technologies뾣rom media-specific ATM services to more generally applicable protocols such as:

• The Resource Reservation Protocol (RSVP), which is used to request QoS from the network and to indicate QoS capabilities and requirements.
• The Subnet Bandwidth Manager/Designated Subnet Bandwidth Manager (SBM/DSBM), which is an extension of RSVP and is used with shared networks.
• Differentiated Services, used to classify packets and apply scheduling and queuing behavior.
• 802.1 protocol, used to support QoS in LANS.
• Common Open Protocol Services (COPS), which is used to pass policy information down to network devices.

Windows 2000 integrated support for WAN and LAN protocols provides a true end-to-end QoS solution. Additional support for QoS technologies, such as Integrated Services over Slow Links (ISSLOW), provides improved applications behavior over slower remote-access modem connections.

Through broad standards support and the use of Active Directory as a central policy store for Quality of Service, Windows 2000 aids network administrators in efficiently managing network use. The access control features in Windows 2000 simplify applying policy-based flow control to user accounts stored in Active Directory. Using these policies, IT administrators can better control network traffic flow, application behavior, and bandwidth use. Better management of the ebb and flow of network traffic provides improved network reliability.

By supporting Internet standards, as well as Active Directory and Quality of Service standards, and by working with industry-leading network vendors, Windows 2000-based networking solutions can prioritize diverse network-application and user traffic across switches and routers at the core of a corporate network. By taking advantage of QoS technology and standards-based network management tools, network administrators can more effectively regulate bandwidth allocation. The result is higher quality and more reliable service for mission-critical applications and users.

Conclusion

Through broad cross-platform client support and integration with Windows 2000 Professional networking technologies, Windows 2000 provides an optimal remote-access solution for telecommuting and mobile users. Windows 2000 Server can both provide a stand-alone remote access solution, and serve as a termination point for completing an outsourced remote access service solution. With dual support for direct remote access and Internet-based connectivity, Windows 2000 offers the optimal technical and economical WAN infrastructure for any organization.

Windows 2000 lets an organization maintain sole centralized policy-based management and control over network authentication while minimizing costs by providing secure local access anywhere in the service-provider area. The result is an easy-to-use and affordable solution that eliminates not only the risks of a single point of failure, but also the risks associated with dependence on a single service provider's infrastructure.