|
|
 |
|
|
|
ALS Designing a Microsoft® Windows® 2000 Network Infrastructure
|
|
|
Author
|
|
Microsoft Corporation
|
|
|
Pages
|
1168
|
|
Disk
|
N/A
|
|
Level
|
Beg/Int
|
|
Published
|
08/15/2001
|
|
ISBN
|
9780735612686
|
|
|
|
|
|
|
|
|
Index
A
AARP (AppleTalk Address Resolution Protocol), 109
Active Directory (AD)
converting domain namespaces, 442–43
DHCP and, 397
DNS and, 431–34
DNS zones and, 447–48
server design optimization and, 777
Active Directory Service Interfaces (ADSI), 764
active nodes
DNS, 467
WINS, 537
AD. See Active Directory
address mapping, NAT, 351, 353
address pools, NAT, 351
Address Resolution Protocol(ARP), 109
administration, networking services. See networking services, monitoring and managing
ADSI (Active Directory Service Interfaces), 764
AH (Authentication Header)protocol, 62
algorithms
encryption, 63
identity checking, 62
AppleTalk Address Resolution Protocol (AARP), 109
AppleTalk networks, 109–13
example scenario, 110–11
network number and node IDs in, 109–10
when and why required, 95–96
Windows 2000 and, 91–93
zone design for, 111–12
AppleTalk routing, 240–49
determining network numbers, 243–44
evaluating design for, 248–49
interface specifications, 241–43
multiprotocol routing in Windows 2000 and, 205–07
optimizing, 246–48
placement in network design, 240–41
selecting seed routers, 244–46
application servers, 3–4
applications, networking services, 771–75
complexity of, 748
example scenario, 773–75
identifying dependencies, 771
identifying required services, 771–72
monitoring with delayedresponse, 761
monitoring with immediate response, 760
optimal configuration, 772–73
optimal server placement, 771–73
ARP (Address ResolutionProtocol), 109
authentication
algorithms, 62
dial-up access, 584–85
IP routing, 137
IPSec, 59–62
machine authentication, 53
RADIUS, 708, 710
remote users, 584, 658
router identification, 168
user authentication, Internet resources and, 304
user authentication, Microsoft Proxy Server 2.0 and, 298
user authentication, security requirement and constraints and, 779–80
user authentication, VPN and, 64
VPN, 67–70, 658
Authentication Header (AH) protocol, 62
automatic failover, 787–88
autostatic route entries, 153–55
availability, DHCP, 400–03
applying techniques for, 402–03
dedicated computers and, 402
multiple servers, 401–02
Windows Clustering server clusters, 400–01
availability, dial-up access, 589–91
applying techniques for, 590–91
dedicated computers and, 590
multiple servers, 589–90
availability, DNS, 464–69
applying techniques for, 468–69
dedicated computers and, 468
Windows Clustering and, 466–67
availability, IP routing, 175–77
applying techniques for, 176–77
connections, 175
RIP and, 175
routers, 175–76
availability, networking services
designing for networking services, 17–18
reducing number of servers, 776
Windows Clustering and, 787
availability, RADIUS, 715–17
applying techniques for, 715
multiple servers, 716
availability, TCP/IP
applying techniques for, 75–76
connections, 75
routers, 75
availability, VPN access
applying techniques for, 662–63
dedicated computers and, 662
multiple Internet connections, 662
multiple servers, 661–62
availability, WINS
dedicated computers and, 540
multiple servers and replicated databases, 538–40
Windows Clustering and, 537–38
B
backbone segments, 376
Berkeley Internet Name Domain (BIND), 429, 450–51
BGP (Border Gateway Protocol), 157
BIND. See Berkeley Internet Name Domain
B-node
advantages/disadvantages, 508
NetBT name resolution, 509
BOOTP
DHCP/BOOTP forwarding, 382–84
vs. Relay Agent, 380–81
Border Gateway Protocol (BGP), 157
broadcast traffic
IP routing, 148
pros/cons of forwarding, 162
burst handling, WINS, 542
business requirements and constraints
design optimization, 798–99
DHCP, 409–10
dial-up access, 600–01
DNS, 477
IP routing, 181
Microsoft Proxy Server 2.0, 324–25
multiprotocol network design, 119–20
multiprotocol routing, 253
NAT, 363
RADIUS, 724
TCP/IP, 80–81
VPN, 671
WINS, 549–50
C
cable range, AppleTalk protocol, 109
caching-only DNS servers, 470
Challenge Handshake Authentication Protocol (CHAP), 68
CHAP. See Challenge Handshake Authentication Protocol
character sets, DNS, 434, 452–53
CIDR. See Classless Interdomain Routing
class-based IP addresses, 32, 46
Classless Interdomain Routing (CIDR), 46–48
implementing, 47–48
limitations of class-based addressing and, 46
private IP addressing and, 35
clients
DHCP clients, 369
dial-up remote access, 576–79, 592
Microsoft Proxy Server 2.0, 293–95
RADIUS, 701–05
VPN remote access, 647–50
WINS, 522–23
cluster, unaware/aware applications, 466, 786
cluster drives
DHCP, 400
DNS, 467
WINS, 537
cluster nodes
DHCP, 400
DNS, 467
WINS, 537
COM. See Component Object Model
Component Object Model (COM), 764
compression, DNS, 435
computers, dedicated
dial-up availability, 590
dial-up performance, 592
DNS availability, 468
DNS performance, 471
VPN availability, 662
VPN performance, 665
WINS availability, 540
WINS performance, 542
confidential data. See data protection
configuration protection, DHCP
preventing unauthorized servers, 394–98
preventing unauthorized users, 398–99
connection
connected devices and, 3
persistent vs. nonpersistent, 175, 290
routed vs. translated, 335
technologies, IP routing, 135
technologies, multiprotocol routing, 207
technologies, RADIUS, 705
connectivity
branch office designs, 340–41
Internet designs, 338–40
Microsoft Proxy Server 2.0, 281–83
console notification
using for delayed responses, 761
using for immediate responses, 760
convergence time, WINS, 526, 528–30
costs, networking services design, 20–21
D
databases
DNS zone database, 432
OSPF link state database, 157
WINS replicated database, 538–40
data encryption. See encryption
Data Encryption Standard (DES), 63. See also Triple Data Encryption Standard (3DES)
Data Link Control (DLC), 91. See also System Network Architecture (SNA)
coexistence with IP, 115–16
defined, 113
illustration of, 114
integrating into network, 113–14
when and why required, 97–98
data link layer, ISO model, 113
data protection, dial-up remote access
confidential data, encryption, 585
confidential data, remote access policies, 586–87
confidential data, techniques for, 587–88
confidential data, user authentication, 584–85
unauthorized access, restricting traffic, 582–84
unauthorized access, restricting user access, 582–84
unauthorized access, techniques for, 583–84
unauthorized access, using screened subnets, 583
data protection, IP routing
filtering unwanted IP traffic, 166–68
router identification, 168–72
router-to-router data protection, 172–74
data protection, Microsoft Proxy Server 2.0, 297–306
Internet resources, domain filters, 303–04
Internet resources, packet filters, 303
Internet resources, user authentication, 304
methods for, 297–300
private network resources, packet filters, 300–01
private network resources, Web publishing, 301
data protection, Network Address Translation (NAT), 350–56
corporate network resources, 354–56
Internet resources, 353–54
SOHO network resources, 350–53
data protection, networking services, 779–83
identifying security requirements and constraints, 779–81
selecting method, 781–83
data protection, RADIUS
confidential data, authenticating remote users, 710
confidential data, encrypting, 710–12
confidential data, remote access policies, 712–13
unauthorized access, identifying authorized clients and servers, 708
unauthorized access, solutions, 707–08
data protection, TCP/IP, 50–74
IPSec, applying, 51–53
IPSec, authentication, 59–62
IPSec, encryption, 63–64
IPSec, integrity checking, 62–63
IPSec, policies, 54–57
IPSec, sequence of events in, 53–54
IPSec, transport and tunnel modes, 57–59
IPSec, when to use, 50–51
TCP/IP filters, applying, 73–74
TCP/IP filters, overview, 72–73
VPN, applying, 65–66
VPN, authentication, 67–70
VPN, encryption, 70–72
VPN, overview, 64
VPN, PPTP tunnels, 66
data protection, VPN remote access
confidential data, authenticating remote users, 658
confidential data, encryption, 658
confidential data, remote access policies, 659
confidential data, techniques for, 659–60
unauthorized access, restricting server access, 652
unauthorized access, restricting traffic with packet filters, 653
unauthorized access, techniques for, 653–56
unauthorized access, using screened subnets, 653–56
default gateways
IP configuration, 40–42
Microsoft Proxy Server 2.0, 294
TCP/IP networks, 30
default route entries, 152–53
delayed (near-time) response, networking services
response types and, 761
status changes and, 758
demand-dial, 170–71
demilitarized zones (DMZs). See screened subnets
DES (Data Encryption Standard), 63. See also Triple Data Encryption Standard (3DES)
design, networking services, 14–21
aspects of, 14–15
availability, 17–18
costs, 20–21
design essentials, 15–16
determining design complexity, 748
performance, 18–20
security, 16–17
design phase
network deployment, 11
personnel needed for, 12–13
device drivers, signed, 791–92
DHCP. See Dynamic Host Configuration Protocol
dial-up remote access, 561–630
completing design of, 594–96
costs of, 569–70
design decisions, 568–69
designs for, 569–71
determining number of remote access servers required, 572–73
determining placement of remote access servers, 573–76
evaluating design for, 579–81
RADIUS and, 707–08
remote access client support, 576–79
as required networking service, 772
requirements and constraints for, 568
review questions for, 630
Routing and Remote Access and, 564–66
dial-up remote access, data protection, 582–88
confidential data, applying techniques for, 587–88
confidential data, authenticating remote users, 584–85
confidential data, using encryption, 585
confidential data, using remote access policies, 586–87
unauthorized access, applying techniques for, 583–84
unauthorized access, restricting traffic, 582–84
unauthorized access, restricting user access, 582–84
unauthorized access, using screened subnets, 583
dial-up remote access, lab
business requirements and constraints, 600–01
illustrations, 602–06, 612, 618, 624
scenario, 597–600
technical requirements and constraints, 601–02
worksheets, 607–11, 613–17, 619–23, 625–29
dial-up remote access, optimizing
availability, applying techniques for, 590–91
availability, dedicated computer, 590
availability, multiple servers, 589–90
performance, applying techniques for, 592–94
performance, dedicated computer, 592
performance, multiple servers, 592
performance, upgrading hardware, 592
digital signatures, 62–63
direct hosting, 102
DLC. See Data Link Control
DMZs (demilitarized zones). See screened subnets
DNS. See Domain Name System (DNS)
domain controllers
combining networking services and, 777
DHCP and, 397
domain filters
Internet resources, 303–04
Microsoft Proxy Server 2.0 and, 298
domain namespaces
Active Directory, 442–43
descriptions, 438
DNS, 437–45
DNS zones, 443–44
external and internal, 439–41
structure of, 439
subdomains, 441–42
Domain Name System (DNS), 425–503
advantages/disadvantages, 427–28, 508
combining networking services and, 777
completing design of, 472–74
design decisions, 431
design requirements and constraints, 429–30
designs, AD, 431–34
designs, traditional, 434–36
DHCP and, 373
DNS lookup, 523
DNS query resolution latency, 469–70
evaluating design for, 457–58
immediate response monitoring, 762
integrating different versions of, 450–54
integrating with WINS, 455–56, 506
monitoring with Performance Logs and Alerts, 766
name resolution with, 5
NAT and, 334, 347
overview of, 7–8, 425–26
as required networking service, 771
review questions for, 503
Domain Name System (DNS), clients
updating DNS zones and, 459–60
Windows 2000 and, 428
Domain Name System (DNS), domain namespace, 437–45
Active Directory and, 442–43
descriptions, 438
DNS zones and, 443–44
external and internal, 439–41
structure of, 439
subdomains and, 441–42
Domain Name System (DNS), lab, 475–502
business requirements and constraints, 477
illustrations, 485, 491, 497
scenario, 476–77
technical requirements and constraints, 477–79
worksheets, 480–84, 486–90, 492–96, 498–502
Domain Name System (DNS), name resolution protection, 459–63
unauthorized access, 461–63
unauthorized dynamic updates, 459–61
Domain Name System (DNS), optimizing, 464–72
availability, applying techniques, 468–69
availability, dedicated computer, 468
availability, multiple servers, 464–66
availability, Windows Clustering server clusters, 466–67
performance, applying techniques, 471–72
performance, dedicated computer, 471
performance, reducing DNS query resolution, 469–70
performance, reducing/rescheduling DNS zone replication traffic, 471
Domain Name System (DNS), servers
caching-only DNS servers, 470
determining number of, 449–50
enhancing availability by using multiple, 464–66
preventing unauthorized access, 461–63
security requirements, 780
Windows 2000 and, 429
Domain Name System (DNS), zones, 445–49
character set and, 452–53
domain namespaces and, 443–44
dynamically updated, 452
preventing unauthorized dynamic updates, 459–61
reasons for using, 445
replication of, 464–65
replication traffic and, 471
resource records and, 453
types, Active Directory–integrated, 447–48
types, traditional, 446–47
zone transfers, 434
dynamic DNS, zone updates, 435, 452
Dynamic Host Configuration Protocol (DHCP), 367–424
BOOTP forwarding, pros/cons, 162
BOOTP forwarding, using with DHCP Servers, 382–84
combining with WINS, 778
completing design of, 406–07
delayed response monitoring, 762
design decisions, 371–72
design requirements and constraints, 370–71
DHCPACK, 395
DHCP clients, 369
DHCPINFORM requests, 394
DHCP servers, 369–70, 378–79, 780
evaluating design for, 391–93
IP configuration, automatic method, 378–84
IP configuration, designs, 372–75
IP configuration, overview, 5, 367
IP configuration, segments requiring automatic configuration, 376–78
monitoring with Performance Logs and Alerts, 766
NAT and, 334
optimizing, availability, 400–03
optimizing, performance, 403–06
overview of, 7–8
Relay Agent, 161–63, 370, 379–82
as required networking service, 772
resource records and, 432
review questions for, 424
updating DNS zones with, 459
Windows 2000 and, 369–70
Dynamic Host Configuration Protocol (DHCP), configuration protection
unauthorized servers, 394–98
unauthorized users, 398–99
Dynamic Host Configuration Protocol (DHCP), lab, 408–23
business requirements and constraints, 409–10
scenario, 408–09
technical requirements and constraints, 410–11
worksheets, 413–15, 417–19, 421–23
Dynamic Host Configuration Protocol (DHCP), scopes
determining, 384–89
distributed, 401–02
IP address exclusion and, 387–89
options for, 389–91
reasons for using, 385–86
dynamic routing
protocols for, 153
vs. static routing, 149
dynamic zone updates
performing, 459
securing, 460
E
EAP (Extensible Authentication Protocol), 69
edge of network scenario
IP routing, 135–37, 141–42
multiprotocol routing, 208–10
e-mail
delayed response monitoring, 761
immediate response monitoring, 760
Encapsulating Security Payload (ESP)
data encryption with, 63
L2TP and, 67
encryption
3DES, 16–17, 764
dial-up remote access, 585
Encapsulating Security Payload (ESP), 63
end-to-end, 51
IPSec, 63–64, 71
point-to-point, 53
RADIUS, 710–12
VPN, 70–72, 658
end-to-end data encryption, 51
ESP. See Encapsulating Security Payload
Extensible Authentication Protocol (EAP), 69
F
failover
automatic, 787–88
WINS, 540
fast zone transfers, 471
fault tolerance, 785–86
File Transfer Protocol (FTP)
Microsoft Proxy Server 2.0, 279
TCP/IP filters, 74
filters
domain filters, Internet resources, 303–04
domain filters, Microsoft Proxy Server 2.0 and, 298
IP filters, 166–68, 339
IPX routing filters, 210
Microsoft Proxy Server 2.0, 281–82, 298
packet filters, dial-up remote access, 583
packet filters, private network resources, 300–01
packet filters, SOHO network resources, 350–51, 353
packet filters, VPN, 653
Routing and Remote Access and, 137
SAP filters, 234
TCP/IP filters, 74
firewalls
IP routing, 137
isolating, 782
Microsoft Proxy Server 2.0, 286
network security, 33
forward name resolution, 428
FQDNs. See fully qualified domain names
frame types, IPX networks, 102–04
FTP. See File Transfer Protocol (FTP)
fully qualified domain names (FQDNs)
DNS, 8
NAT, 347
full zone transfers, 434
G
gateways
IPX to IP gateway, 106
SNA gateways, 114
H
hardware
multiprotocol routing and, 206
networking services, 3–4
routers, 134
upgrading, 592, 664
H-node, NetBT name resolution, 509
host number, 37
host routing
defined, 134
multiprotocol routing and, 206
hosts
direct hosting, 102
per subnet, 39–40, 44
HOSTS file, 427, 507–08, 522–23
HTML (Hypertext Markup Language), 279
hub-and-spoke replication, WINS, 526–28
hunt groups, dial-up remote access, 589–90
Hypertext Markup Language (HTML), 279
I
IAS. See Internet Authentication Server
ICANN (Internet Corporation for Assigned Names and Numbers), 32
ICMP (Internet Control Message Protocol), 41
identity checking. See authentication
IETF (Internet Engineering Task Force), 50
IGMP (Internet Group Messaging Protocol), 42, 160–61
IKE (Internet Key Exchange), 53
immediate (real-time) response
function and examples of, 757–58
list of immediate response types, 760–61
implementation phase
network deployment, 11
personnel needed for, 13
inbound traffic, Microsoft Proxy Server 2.0, 297
incremental zone transfers, 434, 471
integrity checking, IPSec, 62–63
interface specifications
AppleTalk routers, 241–43
IPX routers, 216–20
Microsoft Proxy Server 2.0, 290–92
NAT servers, 343–45, 375
internal network numbers. See network numbers
internal routers, 136, 142, 209
International Standards Organization (ISO), 26, 91
Internet access
hierarchical proxy servers and proxy arrays, 314–15
proxy arrays, 313–14
Web content caching, 311–13
Internet Authentication Server (IAS)
dial-up remote access, 562
RADIUS, 684
security requirements, 780
Windows 2000 and, 689
Internet connectivity. See also Microsoft Proxy Server 2.0
designs, 281
Internet Connection Sharing vs. NAT, 336
using multiple connections to enhance availability, 662
Internet Control Message Protocol (ICMP), 41
Internet Corporation for Assigned Names and Numbers (ICANN), 32
Internet Engineering Task Force (IETF), 50
Internet Explorer 5.0, 294
Internet Group Messaging Protocol (IGMP), 42, 160–61
Internet Key Exchange (IKE), 53
Internet naming conventions, 437
Internet Protocol (IP)
resource access with, 425
WINS and, 505
Internet Protocol Security (IPSec)
applying, 51–53
authentication, 59–62
combining with L2TP, 173
dial-up remote access and, 562, 585
encryption, 63–64
encryption algorithms, 71
integrity checking, 62–63
networking services design and, 5
policies, 54–57
router identification and, 170
router-to-router data protection, 172–73
sequence of events, 53–54
traffic encryption, 764
transport and tunnel modes, 57–59
VPN authentication, 658
when to use, 50–51
Internet resources, protecting, 303–06
domain filters, 303–04
NAT data protection, 353–54
packet filters, 303
user authentication, 304
Internet service providers (ISPs), 639
Internetwork Packet Exchange (IPX). See IPX networks
IP (Internet Protocol). See Internet Protocol
IP addressing. See also name resolution
AppleTalk protocol and, 109
DHCP scopes and, 387–89
DNS and, 426
facilitating, 425
Microsoft Proxy Server 2.0 and, 282
monitoring, 766
NAT and, 345–47
private IP addressing, 34–37
public IP addressing, 32–34
resolving IP addresses to MAC addresses, 109
WINS and, 505
IP addressing, TCP/IP
class-based IP addresses, 32
networks and, 30
overview of, 31–37
private addressing schemes, 34–37
public addressing schemes, 32–34
IP configuration
automatic IP configuration method, 378–84
delayed response monitoring, 762
DHCP, 5, 367–68, 372–75
Microsoft Proxy Server 2.0 and, 290
NAT and, 338, 345–46
segments requiring automatic IP con
figuration, 376–78
TCP/IP requirements, 30–31
IP filters
applying, 167–68
criteria for use of, 166–67
NAT and, 339
IP networks, interoperability with IPX networks, 106
IP routing, 131–202
completing IP routing design, 177–78
design decisions, 135, 207–08
design requirements and constraints, 134–35
edge of network scenario, 135–37
evaluating design for, 164–65
immediate response monitoring, 762
improving availability and performance, 175–77
IPX networks and, 104
monitoring with Performance Logs and Alerts, 766
multiple location scenario, 137–38
as required networking service, 771
review questions for, 202
single location scenario, 138–39
Windows 2000 and, 133–34
IP routing, data protection
filtering unwanted IP traffic, 166–68
router identification, 168–72
router-to-router data protection, 172–74
IP routing, design concepts, 140–63
DHCP relay agent, 161–63
integrating routers into existing networks, 143–47
multicast routing, 160–61
OSPF routing, 157–59
RIP routing, 155–57
router placement, 140–43
unicast routing, 148–55
IP routing, lab, 179–201
business requirements and constraints, 181
scenario, 180–81
technical requirements and constraints, 181–82
worksheets, 183–86, 188–91, 193–96, 198–201
IPSec. See Internet Protocol Security
IP subnet masks, 37–40
IP traffic
filtering, 166–68
unicast routing and, 148
IPX networks, 99–105
connecting over IP routed networks, 104
determining frame types, 102–04
example scenario, 95, 100–02
IP network interoperability with, 106
network number and node IDs in, 99–100
protecting traffic with VPN tunnels, 104–05
when and why required, 94
Windows 2000 and, 91–93
IPX routers, 212–39
evaluating design for, 238–39
information management, NetBIOS, 230–32
information management, routing tables, 223–27
information management, service advertising, 227–30
integrating into existing networks, interface connection specification, 218–20
integrating into existing networks, interface specification, 216–18
integrating into existing networks, security options, 220–21
internal network numbers, 221–23
optimizing, 236–37
reasons for using, 213–14
selecting type, 215–16
traffic protection, applying, 234–36
traffic protection, options, 233–34
Windows 2000 and, 205–07
IPX to IP gateway, 284–86
IPX tunneling scenarios, 210–11
ISO (International Standards Organization), 26, 91
ISPs (Internet service providers), 639
K
Kerberos, 59–60
keys, preshared (password), 59, 61–62
L
L2TP. See Layer Two Tunneling Protocol
labs, dial-up remote access
business requirements and constraints, 600–01
illustrations, 602–06, 612, 618, 624
scenario, 597–600
technical requirements and constraints, 601–02
worksheets, 607–11, 613–17, 619–23, 625–29
labs, DNS, 475–502
business requirements and constraints, 477
illustrations, 485, 491, 497
scenario, 476–77
technical requirements and constraints, 477–79
worksheets, 480–84, 492–96, 498–502
work worksheets, 486–90
labs, IP routing, 179–201
business requirements and constraints, 181
scenario, 180–81
technical requirements and constraints, 181–82
worksheets, 183–86, 188–91, 193–96, 198–201
labs, Microsoft Proxy Server 2.0
business requirements and constraints, 324–25
scenario, 323–24
technical requirements and constraints, 325–26
worksheets, 327–28, 330–31
labs, multiprotocol network design, 118–29
business requirements and constraints, 119–20
scenario, 118–19
technical requirements and constraints, 120–22
worksheets, 123–24, 126, 128
labs, multiprotocol routing
business requirements and constraints, 253
scenario, 250–53
technical requirements and constraints, 253–54
worksheets, 256–59, 261–64, 266–69, 271–74
labs, Network Address Translation (NAT)
business requirements and constraints, 363
scenario, 361–62
technical requirements and constraints, 363–64
worksheets, 365
labs, networking services design optimization, 797–817
business requirements and constraints, 798–99
scenario, 798
technical requirements and constraints, 799–800
labs, TCP/IP network design, 77–86
business requirements and constraints, 80–81
scenario, 79–80
technical requirements and constraints, 81–82
worksheets for, 83–86
LAT information, 292–93
LATs (local address tables), 287, 292–93
Layer Two Tunneling Protocol (L2TP)
encapsulating IPX packets, 104
IPSec and, 57–58, 173
overview of, 66–67
RADIUS and, 565
router-to-router data protection, 172
VPN and, 634–35, 634–35
leases, DHCP, 385, 404
link state databases, OSPF, 157
LMHOSTS
name resolution and, 427, 507–08
WINS client options, 522
load balancing. See also Network Load Balancing
application-independent, 785
DNS query resolution latency and, 469
improving DHCP performance, 404
WINS name resolution and, 541–42
local address tables (LATs), 287, 292–93
logging status changes
delayed response, 761
immediate response, 761
M
MAC addresses, 109
machine authentication, 53
Macintosh
AppleTalk protocol and, 109
Microsoft Proxy Server 2.0 and, 294–95
MAC layer bridges, 113
management. See also networking services, monitoring and managing
networking services, 5
proactive vs. reactive, 748–49
management phase
network deployment, 11
personnel needed for, 13
manual processes
monitoring and, 764
testing Network Load Balancing cluster with, 766
maximum convergence time, WINS replication, 528–30
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), 68–69, 587
Microsoft Internet Explorer 5.0, 294
Microsoft Management Console (MMC), 764
Microsoft network designs, 512–14
applying NetBIOS name resolution, 513–14
including WINS in, 512–13
without WINS or NetBT, 514–16
Microsoft Point-to-Point Encryption (MPPE)
dial-up remote access and, 562, 585
overview of, 70–71
VPN authentication, 658
Microsoft Proxy Server 2.0, 277–332
client support, 293–95
design decisions, 281
design requirements and constraints, 280–81
evaluating design for, 295–96
function of, 5
interface specifications, 290–92
Internet connectivity, 281–83
IPX to IP gateway, 106, 284–86
LAT information, 292–93
overview of, 7
placing in network design, 287–90
review questions for, 332
Web content caching, 283–84
Windows 2000 and, 279–80
Microsoft Proxy Server 2.0, data protection, 297–306
Internet resources, domain filters, 303–04
Internet resources, packet filters, 303
Internet resources, user authentication, 304
methods for, 297–300
private network resources, packet filters, 300–01
private network resources, Web publishing, 301
Microsoft Proxy Server 2.0, lab, 323–31
business requirements and constraints, 324–25
scenario, 323–24
technical requirements and constraints, 325–26
worksheets, 327–28, 330–31
Microsoft Proxy Server 2.0, optimizing, 307–22
identifying techniques for, 307–10
Internet access, Web content caching, 311–13
Internet access, hierarchical proxy servers and proxy arrays, 314–15
private network resource access, Network Load Balancing, 318
private network resource access, round robin DNS, 318–19
Microsoft SNA Server, 114. See also SNA networks
Microsoft Windows 2000
Advanced Server, 3–9
clustering servers, 400–01
DHCP and, 369–70, 373
DNS and, 428–29
IP routing, 133–34
Microsoft Proxy Server 2.0 and, 279–80, 294–95
multiprotocol network design, 91–93
multiprotocol routing, 205–07
NAT and, 335–36
optimizing configuration, resource contention, 791–92
optimizing configuration, signed device drivers, 790–91
optimizing configuration, reliable services and applications, 791
optimizing configuration, required services and applications, 791
RADIUS and, 689
Routing and Remote Access and, 566–68
TCP/IP and, 25–26
VPN and, 636–37
WINS, 508–11
WINS, clients, 509
Microsoft Windows 2000
WINS, proxies, 509–10
WINS, servers, 510–11
Microsoft Windows Me, 294–95
Microsoft Windows NT, 279
MMC (Microsoft Management Console), 764
M-node, NetBT, 509
monitoring networking services. See networking services, monitoring and managing
MPPE. See Microsoft Point-to-Point Encryption
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol), 68–69, 587
multicast proxy interfaces, 161
multicast routing, 160–61
multihomed DHCP Relay Agent, 380
multinets, defined, 384
multiprotocol network design
AppleTalk, 95–96, 109–13
completing design of, 116–17
design decisions, 94
evaluating, 107–08
IPX, 94–95, 99–109
multiprotocol support, 4
overview of, 91–93
requirements and constraints, 93
review questions for, 129
router placement in, 212–16, 240–41
SNA, 96–98, 113–18
multiprotocol network design, lab, 118–29
business requirements and constraints, 119–20
scenario, 118–19
technical requirements and constraints, 120–22
worksheets, 123–24, 126, 128
multiprotocol routing, 203–75
design requirements and constraints, 207
edge of network scenario, 208–10
IP routing design decisions, 207–08
IPX tunneling scenarios, 210–11
networking services design and, 4
review questions for, 275
roles of multiprotocol devices in, 206
Windows 2000 and, 205–07
multiprotocol routing, AppleTalk, 240–49
determining network numbers, 243–44
evaluating design for, 248–49
interface specifications, 241–43
optimizing, 246–48
placement in network design, 240–41
selecting seed routers, 244–46
Windows 2000 and, 205–07
multiprotocol routing, IPX, 212–39
evaluating design for, 238–39
information management, NetBIOS, 230–32
information management, routing tables, 223–27
information management, service advertising, 227–30
integrating into existing networks, interface connection specification, 218–20
integrating into existing networks, interface specification, 216–18
integrating into existing networks, security options, 220–21
internal network numbers, 221–23
optimizing, 236–37
reasons for using, 213–14
selecting type, 215–16
traffic protection, applying, 234–36
traffic protection, options, 233–34
Windows 2000 and, 205–07
multiprotocol routing, lab
business requirements and constraints, 253
scenario, 250–53
technical requirements and constraints, 253–54
worksheets, 256–59, 261–64, 266–69, 271–74
N
name resolution. See also Domain Name System (DNS); IP addressing; Windows Internet Name Service (WINS)
comparing methods for, 507–08
DNS and, 5, 427–28
forward and reverse, 428
protection, 459–63
protection, preventing unauthorized access, 461–63
protection, preventing unauthorized dynamic updates, 459–61
WINS and, 5, 506, 535–36
namespace, DNS, 437–45
NASs (network access servers), 9
NBIPX (NetBIOS over IPX), 102, 230–32
NDIS (Network Driver Interface Specification), 26, 92
near-time response. See delayed (near-time) response, networking services
NetBIOS (Network Basic Input Output System)
determining which segments require, 517–19
eliminating from Windows 2000 networks, 514–16
name registration, resolution, and release, 508–09
reasons for using, 519
as required networking service, 772
WINS and, 505–06, 517–19
NetBIOS over IPX (NBIPX), 102, 230–32
NetBIOS over TCP/IP (NetBT)
eliminating from Windows 2000 networks, 514–16
using WINS for, 8, 507
NetWare, DHCP services in, 372
network access servers (NASs), 9
network addresses
assigning for dial-up remote access clients, 577–78
assigning for VPN remote access clients, 648
Network Address Translation (NAT), 333–66
automatic IP address assignment, 345–47
branch office connectivity designs, 340–41
design decisions, 337
design requirements and constraints, 337
DNS name resolution, 347
evaluating design for, 347–49
features of, 7
function of, 5
interface specifications, 343–45
Internet Connection Sharing and, 336
IP addressing and, 33
isolating NAT servers, 782
Microsoft Proxy Server 2.0 and, 282
optimizing, 357–60
placing in network design, 342–43
protocols not supported, 337
review questions for, 366
security aspect of, 36
SOHO Internet connectivity designs, 338–40
Windows 2000 and, 335–36
Network Address Translation (NAT), data protection, 350–56
corporate network resources, 354–56
Internet resources, 353–54
SOHO network resources, 350–53
Network Address Translation (NAT), lab
business requirements and constraints, 363
scenario, 361–62
technical requirements and constraints, 363–64
worksheets, 365
Network Basic Input Output System. See NetBIOS
network deployment, 10–13
personnel responsibilities, 12–13
phases in, 10–11
Network Driver Interface Specification (NDIS), 26, 92
networking services, 1–22
application servers and, 3–4
components, response mechanisms, 751–52
components, status analyzers, 751
components, status collectors, 751
deciding which functions to implement, 5
DHCP and, 8
DNS and, 8
functions provided by, 4–5
hardware and software components of, 3–4
Microsoft Proxy Server 2.0 and, 7
NAT protocol and, 7
overview of, 769–70
RADIUS and, 9
review questions for, 22, 818
Routing and Remote Access and, 6–7, 9
WINS and, 8
networking services, data protection, 779–83
security requirements and constraints, 779–81
selecting method, 781–83
networking services, designs, 14–21
aspects of, 14–15
availability, 17–18
costs, 20–21
design essentials, 15–16
determining design complexity, 748
performance, 18–20
security, 16–17
networking services, lab, 797–817
business requirements and constraints, 798–99
illustrations, 809
scenario, 798
technical requirements and constraints, 799–800
worksheets, 801–08, 810–17
networking services, optimizing, 771–78, 784–96
applications, 771–75
applications, example scenario, 773–75
applications, identifying required services, 771–72
applications, optimal configuration, 772–73
applications, optimal server placement, 771–73
network traffic, 794–96
servers, example scenario, 776–78
servers, reducing number of, 775–76
Windows Clustering, applying, 788–90
Windows Clustering, Network Load Balancing clusters, 784–86
Windows Clustering, server clusters, 786–88
Windows configuration, applying, 792–94
Windows configuration, reliable services, 791
Windows configuration, required services, 791
Windows configuration, resource contention, 791–92
Windows configuration, signed device drivers, 790–91
networking services, monitoring and managing, 745–67
components for, 750–53
critical services, 753–55
function and examples of, 758
goals or objectives of, 747–50
overview of, 745–46
response methods, 763–66
response methods, example scenario, 765–66
response methods, list of, 764
response types, 760–63
response types, delay, 761
response types, example scenario, 762–63
response types, immediate, 760–61
response types, scheduled, 761
review questions for, 767
status changes, 756–60
status changes, determining response time, 756–57
status changes, example scenario, 758–60
status changes, immediate (real-time) response, 757–58
network interface cards (NICs), 143
network layer, ISO model, 26, 91
Network Load Balancing, 308–11. See also load balancing
design optimization and, 784–86
private network resources, optimizing access, 318
RADIUS, availability, 716
RADIUS, performance, 719
vs. round robin DNS, 785
scheduled tests of, 762
testing with manual processes, 766
VPN remote access and, 664–65
network numbers
AppleTalk, 109–10, 243–44
defined, 37
IPX, 99–101, 221–23
network prefix, 37
network range, 109
network segments
applying network numbers to, 244
IP configuration and, 376, 378
IP routing and, 145
NAT and, 345
Proxy Server interface specifications and, 292
network traffic
broadcast traffic, 148, 162
design optimization for, 794–96
dial-up remote access traffic, 582–84
DNS zone replication traffic, 471
IPSec encryption and, 764
IP traffic, 148, 166–68
IPX traffic, 104–05, 233–36
Microsoft Proxy Server 2.0, inbound traffic, 297
Microsoft Proxy Server 2.0, outbound traffic, 297
VPN traffic, 653
WINS traffic, 524–25, 542–43
NICs (network interface cards), 143
node IDs
AppleTalk networks, 99–100
IPX networks, 99–100
node type, WINS clients, 522
nonreal time (scheduled) response, 758, 761
Novell NetWare, DHCP services in, 372
NTFS. See NT file system.
NT file system (NTFS), 279
Next
Last Updated: Friday, July 6, 2001 |
