Escolar Documentos
Profissional Documentos
Cultura Documentos
c
In this module we will study the concepts of Routing and Networking where
concepts of routers and network topologies, registering domain name,
internet connectivity and issues regarding segmentation of internet and
intranet are discussed. Also there is a considerable amount of discussion
on IP addressing schemes, DHCP, location of routers and perimeter
network.
In this chapter we are going to discuss the designing of a network topology,
including routing, router placement, Internet connectivity, addressing and
subnetting, and firewall considerations.
Every organization that is willing to conduct business over the Internet has
to have a domain name.
To acquire an appropriate domain name, you need to deal with companies
that specialize in registering these for you. The first thing you need to do is
choose a domain name.
This will not be easy, because most organizations want a ³.com´ and most
of these are taken.
You will also need to research the chosen domain name to avoid any
trademark conflicts. After choosing the domain name get it registered.
It is also useful to have a registered domain name for internal use with
Active Directory.
Maintaining a registered name internally helps to resolve any conflicts in the
future.
A good solution is to select an internal domain name with a suffix that is not
a Top Level Domain or any of the country-specific domains.
There are three basic physical topologies viz. bus, ring, and star and have
same components.
'
- In this topology all nodes are connected together by a
single bus and use an open-ended cable in which all network devices are
connected. Both ends of this cable must be terminated. Generally, this
topology is best suited for small networks because it does not require the
use of a switch or hub.
- In this topology every node has exactly two branches
connected to it. Ring topology uses a cable that is connected to all network
devices in a ring formation so there is no termination because there are no
open ends.
%
- In this topology peripheral nodes are connected to a central
node, which rebroadcasts all transmissions received from any peripheral
node to all peripheral nodes on the network, including the originating node.
Here each device is connected centrally to a switch or hub. The star
topology is physically and logically the same. Each device is independently
connected to the media and does not have to concern itself on how the other
devices are connected.
© 2006 IIHT Limited
c
In this chapter you are going to study about the concept of subnetting the
organization which requires to deal with the segmenting the organisation
into subnets, IP addressing, DHCP, location of routers and perimeter
network.
Design Requirements
Perimeter Requirements
Intranet and Extranet
Authentication Requirements of Intranet
Windows 2003 Server Authentication
RADIUS and RADIUS Policies
Perimeter is the point at which all remote access will flows into the network
environment. All the clients or partners access your network through the
perimeter.
Windows Server 2003 is a good solution for implementing on the perimeter
to support the remote access solution and provide security for this solution
which can support dial-in access and VPN access by using Routing and
Remote Access Server (RRAS).
Even it can provide TCP/IP filtering to help protect it from intruders that are
located at the perimeter of the network.
Extranet can be supported if you are using a secure remote access solution
and they who wish to connect to you are using methods for connecting to
your network that are compatible with your remote access solution.
The best solution is typically a site-to-site VPN. Windows Server 2003 can
provide this solution with the use of RRAS and dial-on-demand.
The site-to-site VPN works in the following manner when traffic that is
destined for your network from other network occurs, using the existing
Internet connection, a VPN connection is initiated from the other network
Windows Server 2003 RRAS and the VPN connection is established with
your Windows Server 2003 RRAS.
This takes place with the assistance of dial-on-demand and can occur in
either direction.
To incorporate more than one RRAS server Windows Server 2003 must be
configured to use RADIUS for authentication purposes. This access control
protocol i.e. RADIUS uses a challenge/response method for authentication.
Each Windows Server 2003 RRAS server acts as a RADIUS client and
each of these RADIUS clients authenticates via a top-level RADIUS server,
which itself can then authenticate to Active Directory.
In intranet RRAS policies allow you to control connection security,
connection times, user and group access, etc. These policies are beneficial
for creating a secure RRAS environment.
Policies basically allow you to control how you want clients to connect to
your organizations network.
$ *
(
*
In this chapter we will discuss the concepts pertaining to availability of
remote access infrastructure and will discuss the topics like determining the
Sizing of Remote Access Infrastructure, Availability of Remote Access
Server, Placing the Components of RRAS Server and Scalability,
Availability and Failover of RRAS.
! *
(
*
%
It¶s important to provide a remote access solution for the scalability of a
network for the future. In Windows Server 2003, each server providing up to
1000 concurrent VPN connections, and the solution should be scalable.
Provide the scalability in the hardware for ensuring the server more
connections than are required. The key here is to provide the monitoring of
the server¶s system resources for maintaining this availability.
Provide the means for failover for ensuring the availability. And the way is to
provide multiple remote access servers.
You can then either provide users with multiple remote access entries or
with a dial-in solution and a VPN solution.
Another consideration for remote access availability and failover is done by
providing dial-on demand for backing up routers.
$ %
(
3*
(
4
*%
Scalability is an important issue in respect of providing a remote access
solution. Scalability is having in mind the future needs.
For this it is better to use Windows Server 2003 as each server is capable
of providing up to 1000 concurrent VPN connections.
You need to provide the scalability in the hardware to ensure that the server
can maintain more connections than are required.
This availability is maintained by monitoring the server¶s system resources.
While installing RRAS on a server choice of creating a pool of IP address to
give to clients or to use DHCP for IP addressing is given and the better
option of the both is DHCP for IP addressing as it will allow you to manage
your organization¶s IP addressing in a better manner.
The RRAS server reserves 10 IP addresses from the DHCP server when
the service starts and when these services are used up then another 10 IP
addresses are reserved.
"
%
"
%
"
%