What's New in Windows Server 2003 Networking
|
On This Page
 | Introduction |
| Benefits |
| New Features and Improvements |
| Summary |
Introduction
Networking and communications has never been more critical for organizations faced with the challenge of competing in the global marketplace. Employees need to connect to the network wherever they are and from any device. Partners, vendors, and others outside the network need to interact efficiently with key resources. And security is more important than ever.
Networking improvements and new features in the Windows Server 2003 family extend the versatility, manageability, and dependability of network infrastructures, expanding on the foundation established with the Windows 2000 Server family. This article provides an overview of benefits, new features, and improvements for networking and communications services in Windows Server 2003.
Benefits
In response to continually changing business needs, Windows Server 2003 provides organizations with the latest networking technologies, delivering the simplified management environment and versatility that businesses demand.
| Benefit | Description |
Extended Versatility | One of the major challenges facing organizations is responding to varying business requirements—efficiently and effectively. Whether looking to the future of networking or incorporating legacy technologies, Windows Server 2003 is the most versatile network operating system available today. Leading edge technologies such as Internet Protocol version 6 (IPv6) lay the groundwork for the future of networking while support for Point-to-Point Protocol over Ethernet (PPPoE) and Internet Protocol Security (IPSec) over network address translation (NAT) respond to the current needs of customers for easy and secure Internet communication. |
Increased Dependability | Windows Server 2003 delivers dependability by significantly improving both reliability and security. With the introduction of a basic firewall (Internet Connection Firewall) and new network-access security capabilities using IEEE 802.1X (Extensible Authentication Protocol over LAN) for clients, Windows Server 2003 delivers revolutionary methods for securing access and protecting both wired and wireless networks. Reliability additions include a load balancing capability for both IPSec-based virtual private network (VPN) services as well as Internet Authentication Service (IAS) servers. |
Simplified Management | Microsoft continually solicits feedback from customers. Many of the manageability improvements in Windows Server 2003 are attributable to the outstanding suggestions provided by customers. As such, Windows Server 2003 provides a wider range of features to simplify management duties. These include easier management through Group Policy and updates to the Connection Manager Administration Kit (CMAK) for centralized remote access client deployments. The improved Manage Your Server Wizard makes it easier than ever to build a dial-up or VPN gateway. And IAS includes a rich set of new features to simplify network authentication and access control for VPN, dial-up, and IEEE 802.1X-based wired or wireless deployments. |
New Features and Improvements
Windows Server 2003 provides the following:
| • | Improved Versatility |
| • | Flexible Manageability |
| • | Robust Dependability |
Improved Versatility
Windows Server 2003 provides the following features for extended versatility.
| Feature | Description |
Internet Protocol version 6 (IPv6) | IPv6 is the next generation of the Internet layer protocols of the TCP/IP protocol suite. IPv6 solves the current problems of Internet Protocol version 4 (IPv4) with respect to address depletion, security, autoconfiguration, extensibility, and more. The IPv6 protocol driver provided with Windows Server 2003 is production quality and includes utilities, extensive API support (Windows Sockets, remote procedure call [RPC], and IPHelper), and IPv6-enabled system components such as Microsoft Internet Explorer, Telnet client, FTP client, Microsoft Internet Information Services (IIS) 6.0, file and print sharing, and others. IPv6 for Windows Server 2003 also provides support for IPv6/IPv4 coexistence technologies such as 6to4 and Intra-site Automatic Tunnel Addressing Protocol (ISATAP). |
Point-to-Point Protocol over Ethernet (PPPoE) | Windows Server 2003 delivers a native PPPoE driver for making broadband connections to certain Internet service providers (ISPs) without the need for additional software. Small businesses or corporate branch offices may also utilize PPPoE's demand dial capabilities to integrate with the Routing and Remote Access service and NAT. |
Network Bridging | Network bridging allows administrators to interconnect network segments using computers running Windows Server 2003. In a multi-segment network, one or more computers may have multiple network adapters such as a wireless adapter, a dial-up adapter, or an Ethernet adapter. Bridging these adapters allows the computers and devices on each of the network segments to communicate with each other through the bridge or communicate with the Internet when Internet Connection Sharing (ICS) is enabled. |
Internet Protocol Security (IPSec) over NAT | The difficulty of using IPSec-based VPNs or IPSec-protected applications across a NAT is eliminated. Windows Server 2003 allows a Layer Two Tunneling Protocol (L2TP) over IPSec (L2TP/IPSec) or an IPSec connection to pass through a NAT. This capability is based on the latest IETF standards work. An administrator may also use this feature to secure perimeter network Microsoft Exchange Server traffic to an internal network running Exchange Server or a perimeter network application server to a partner's application server on the Internet without requiring a VPN server. |
Flexible Manageability
Windows Server 2003 provides the following features for simplified management.
| Feature | Description |
Additions to Group Policy | New Group Policy improvements in Windows Server 2003 give administrators granular control over most network configuration settings. For example, administrators may now configure some DNS client settings on computers running Windows Server 2003 using Group Policy. Furthermore, the Group Policy feature may be used to allow or restrict user configuration access to individual components of the network user interface. |
Enhanced Connection Manager Administration Kit (CMAK) | CMAK gives administrators the ability to predefine connection profiles for remote access users running Windows XP, Windows 2000, Microsoft Windows NTŪ 4.0, Windows Millennium Edition (Windows Me), and Windows 98. Windows Server 2003 delivers new features and improvements for CMAK, allowing administrators to provide more than one VPN server for connections, turn on end-user logging, automatically configure browser proxy settings on client computers, enable or disable client-side split tunneling, and configure pre-shared keys for L2TP/IPSec connections. The split tunneling feature permits client-side VPN connections to route corporate-based traffic over the VPN connection while isolating Internet-based traffic to the user's local Internet connection, thereby avoiding the use of corporate bandwidth for access to Internet sites. Security-sensitive companies can choose to use the default non-split model to ensure all client communications for VPN clients are protected by the corporate firewall. |
IAS Enhancements | Wireless network deployments dramatically increase demand for multiple Remote Authentication Dial-In User Service (RADIUS) servers and better tools to diagnose authentication issues and manage network access control. Windows Server 2003 addresses this with new features that allow IAS to send RADIUS logging information to a server running Microsoft SQL Server™ to allow advanced SQL queries against network access events across the enterprise, new 802.1X authentication features, cross-forest authentication, and other features. Using IAS, Windows Server 2003 makes it easier to deploy high-scale solutions for authenticated network access control in wired, wireless, and remote access scenarios. |
Management and Integration Extensions | The Windows Server 2003 family delivers exciting new networking features for simplifying the management of your enterprise network. A new Network Load Balancing Manager provides a single point of configuration and management for load balancing. Support for RFC 2734 allows TCP/IP traffic on an IEEE 1394 serial bus. Furthering our commitment to security, Windows Server 2003 provides support for the 2048-bit Diffie-Hellman group. This group provides a stronger Diffie-Hellman key exchange, allowing for the derivation of stronger secret keys. |
Robust Dependability
Windows Server 2003 provides the following features for increased dependability.
| Feature | Description |
Internet Connection Firewall (ICF) | ICF, designed for use in a small business, provides basic protection on computers directly connected to the Internet or on local area network (LAN) segments. ICF is available for LAN, dial-up, VPN, or PPPoE connections. ICF integrates with ICS or with the Routing and Remote Access service. |
IPSec Network Load Balancing | Network Load Balancing provided with Windows Server 2003 now supports IPSec traffic. Administrators can use Network Load Balancing for a group of servers to provide scale-out reliability and capacity for IPSec-protected applications and Windows VPN gateway deployments. For VPN gateways, the NLB improvements support both L2TP VPNs that are protected by IPSec encryption and Point-to-Point Tunneling Protocol (PPTP)-based VPN connections. |
Network Access Security with 802.1X | Companies can move to a security model that ensures all physical access is authenticated and encrypted, based on the 802.1X support in Windows Server 2003. Using 802.1X-based wireless access points or switches, companies can be sure that only trusted systems are allowed to connect and exchange packets with secured networks. Because 802.1X provides dynamic key determination, 802.1X wireless network encryption is dramatically improved by addressing many of the known issues associated with wired equivalent privacy (WEP) used by IEEE 802.11 networks. Using the Protected Extensible Authentication Protocol (PEAP), as authored by Microsoft in an IETF Internet draft, organizations have the option of using Windows domain passwords for authenticated and encrypted wireless communication without having to deploy a certificate infrastructure while preserving interoperability with any IEEE 802.11 and 802.1X wireless access point. By using IAS, companies can also grant Internet access to "guest" users through 802.1X authentication or bootstrap a system configuration in an authenticated network. Administrators may now quarantine connectivity requests that do not submit valid credentials for authentication, isolating the network communications to specific address ranges or a virtual local area network (VLAN), such as the Internet or a bootstrap configuration network segment. |
IAS RADIUS Proxy and Load Balancing | IAS supports RADIUS proxy capabilities, allowing for flexible rule-based forwarding, selective forwarding for authentication and accounting requests to other RADIUS servers, and the ability to force the client to use a compulsory tunnel with or without user authentication. The forwarding capability can be used when connecting users from two-way untrusted forests or domains. IAS proxy support also allows you to load balance RADIUS authentication traffic between multiple IAS servers, providing scalability and geographic failover. |
Summary
Building on the foundation established in the Windows 2000 Server family, the Windows Server 2003 family delivers new networking features and improvements ensuring that it is one of the most flexible operating systems in the marketplace today.