MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure

Configuration

Chapter 9

Network Policy and Access Services in Windows Server 2008

Objectives

• Configure routing in Windows Server 2008• Configure Routing and Remote Access Services in

Windows Server 2008• Describe Network Policy Server• Discuss wireless networking with Windows Server

2008

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

2

Configuring Routing in Windows Server 2008

• Routing and Remote Access Services (RRAS)– Role service used to configure and manage network

routing in Windows Server 2008– Recommended for use in small networks that require

simple routing directions– Not recommended for large and complex

environments

3MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

Configuring Routing in Windows Server 2008 (continued)

• Activity 9-1: Installing a Windows Server 2008 Member Server

• Time Required: 75 minutes• Objective: Install a Windows Server 2008 member

server


Configuring RRAS as a Router

• Routers – Responsible for forwarding packets between

subnets, or networks with differing IP addressing schemes


Configuring RRAS as a Router (continued)

• Activity 9-2: Installing RRAS on MSN-SRV-0XX and MSN-SRV-1XX

• Time Required: 15 minutes• Objective: Install RRAS


Working with Routing Tables

• Routing tables are composed of routes• Routes

– Direct data traffic to its destination based on the information it contains

• Routing tables – Can be managed in the RRAS console or from the

command line using the route command


Working with Routing Tables (continued)

• Activity 9-3: Viewing the Routing Table in RRAS• Time Required: 5 minutes• Objective: View the routing table in RRAS


Configuring Routes

• Static routing is limited for the following reasons– Requires manual creation and management– Should not be used on networks with more than 10

subnets– All affected routers require reconfiguration if the

network changes


Configuring Routes (continued)

• Activity 9-4: Creating a Static Route• Time Required: 15 minutes• Objective: Create a static route from the command

line


Configuring Routes (continued)

• Dynamic protocols– Route traffic based on information they discover

about remote networks from other routers• Routing Information Protocol version 2 (RIPv2)

– Uses partner routers, or RIP neighbors, in determining the dynamic routes it can use for forwarding packets of data


Configuring a DHCP Relay Agent

• DHCP relay agent – Manages the communication between a network’s

DHCP server and clients on subnets without a DHCP server

• With RRAS– Network adapters are added and configured to listen

for DHCP broadcast messages


Configuring a DHCP Relay Agent (continued)

• Activity 9-5: Configuring MSN-SRV-0XX as a DHCP Relay Agent

• Time Required: 15 minutes• Objective: Install a DHCP relay agent


Configuring Dial-on-Demand Routing

• Demand-dial routing– Allows a server to initiate a connection only when it

receives data traffic bound for a remote network– Can use dial-up networks instead of more expensive

leased lines


Configuring Remote Access Services in Windows Server 2008

• Dial-up networking– Connects remote users to their networks using a

standard phone line• Virtual Private Networks

– Allow client connections to your network from remote locations

– Works by creating a secure tunnel for transmitting data packets between two points

– VPN tunneling protocols: Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol, Secure Socket Tunneling Protocol


Configuring Remote Access Services in Windows Server 2008 (continued)

• Activity 9-6: Installing Remote Access Support for VPNs in RRAS

• Time Required: 15 minutes• Objective: Install Remote Access Support with VPN

in RRAS


Configuring Remote Access Services in Windows Server 2008 (continued)

• Activity 9-7: Configuring VPN Ports• Time Required: 15 minutes• Objective: Configure VPN ports


Network Address Translation

• Allows you to shield internal IP address ranges from public networks by allowing internal clients to access the Internet through a shared IP address


Introduction to Network Policy Server

• Network Policy Server (NPS) – Role service that provides a framework for creating

and enforcing network access policies for client health

– Can be used to perform:• Configure a RADIUS server• Configure a RADIUS proxy• Configure and implement Network Access Protection

(NAP)


Windows Server 2008 Editions and the NPS Console

• NPS Console– Central utility for managing

• RADIUS clients and remote RADIUS servers• Network health and access policies• NAP settings for NAP scenarios• Logging settings


Windows Server 2008 Editions and the NPS Console (continued)

• Activity 9-8: Installing NPS• Time Required: 15 minutes• Objective: Install the NPS role service


Windows Server 2008 Editions and the NPS Console (continued)

• Activity 9-9: Creating a Network Access Policy for VPN Connections

• Time Required: 15 minutes• Objective: Create a network access policy


Introduction to RADIUS

• RADIUS– Industry-standard protocol that provides centralized

authentication, authorization, and accounting for network access devices

• Components of RADIUS– RADIUS clients– Network access servers– RADIUS proxy– RADIUS server– User account database


RADIUS Server

• Used on networks to perform authentication, authorization, and accounting for RADIUS clients

• RADIUS client– Can be an NPS, which replaces the IAS from

previous versions of Windows Server


RADIUS Server (continued)

• RADIUS – Standardized network protocol that centralizes the

following process for user connections• Authentication• Authorization• Accounting


RADIUS Proxy

• NPS – Can be configured as a RADIUS proxy

• RADIUS proxies – Route RADIUS messages between RADIUS clients

and RADIUS servers


NAP

• Network Access Protection (NAP)– Provides a tool for you to block external and internal

network threats– Can be broken into three parts

• Health policy validation• Health policy compliance• Limited access


Authentication Protocol

• Supported authentication protocols in Windows Server 2008– Extensible Authentication Protocol–Transport Layer

Security (EAP-TLS)– Protected Extensible Authentication Protocol–

Transport Layer Security PEAP-TLS– Protected PEAP–Microsoft Challenge Handshake

Authentication Protocol version 2 (PEAP-MSCHAPv2)


Wireless Access Configuration in Windows Server 2008

• 802.1x standard– Developed by the Institute of Electrical and

Electronics Engineers (IEEE)• On 802.1x networks

– Network access control provides an authentication mechanism to allow or deny network access based on port connection


Wireless Access Configuration in Windows Server 2008 (continued)

• Categories of EAP implementations– EAP over local area network (LAN)– EAP over wireless

• 802.1x uses a three-component model for authenticating access to networks– Supplicant– Authenticator– Authentication server


Summary

• RRAS– Role service used to configure and manage network

routing in Windows Server 2008• Routers

– Responsible for forwarding packets between subnets, or networks with differing IP addressing schemes

• To process traffic– Router uses routing tables to determine where to

send traffic

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

41

Summary (continued)

• Routers – Use dynamic routing protocols and preconfigured

static routes to deliver packets using the best route possible between two subnets

• Most modern networks – Support the passing of DHCP broadcast messages

between subnets without a DHCP server to subnets that contain a DHCP server

• Demand-dial routing – Allows a server to initiate a connection only when it

receives data traffic bound for a remote networkMCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

42

Summary (continued)

• VPNs– Provide secure network access for remote clients

over the Internet through the use of tunneling protocols

• NAT – Allows you to shield internal IP address ranges from

public networks• NAP

– Provides a framework for you to block external and internal network threats


MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration

Documents

Transcript of MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration