 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Connecting Remote Offices You can use your Microsoft® Windows® XP Professional–based computer to configure a remote office network connecting computers and other devices in your home, in your small business, or in the branch office of a larger corporation. You can also establish and maintain a connection between your remote office and private networks, such as your organization’s main office, and the Internet. Related Information
Remote Office Overview For the purposes of this chapter, a remote office is defined as any home office, branch office, or sole office of a small business connected to either a private network or to the Internet. In this chapter, attention is paid to the local connections within a remote office as well as to the connections from that office to either a private network or to the Internet. Local Connections in a Remote Office You can link several computers and other devices in a remote office together to form a local area network (LAN) that functions as a workgroup (also known as a peer-to-peer network). The LAN can be based on any of the several technologies that are covered in this chapter, and allows the sharing of resources, such as printers or disks. In such an environment, a Windows XP Professional–based computer can allow several home devices to connect to school or the workplace, or it can link multiple systems at the same remote location to a central site or main office. Windows XP Professional, with its Internet Connection Sharing (ICS) functionality, allows the sharing of an Internet connection. By using a single telephone line, digital subscriber line (DSL) line, or cable modem, all the devices within the home or small office can connect to the Internet, thereby reducing the cost of access for the entire home or office. There are now numerous technologies that you can use to connect Windows XP Professional–based computers and other devices within your home and small office, including traditional LAN technologies:
Windows XP Professional also supports newer technologies such as:
Remote Connections to a Private Network You can use a Windows XP Professional–based computer to connect to a private network so you can work at home, at a field office, or at another remote location. You can dial directly to a private network using either an analog phone line with a modem or an Integrated Services Digital Network (ISDN) phone line. You can maintain a persistent connection to the private network using either Frame Relay or a leased line such as T1. A third approach that has been gaining in popularity allows you to access a private network by means of an encrypted virtual private network (VPN) connection over the Internet. Connecting to the Internet Typically, you can connect to the Internet using an analog phone line with a modem or an ISDN phone line. Another option that is growing in popularity is a high-speed broadband connection using either cable modem or DSL. Whatever your choice, each system can directly connect to the Internet using its own public IP address (statically or dynamically assigned) or, as was mentioned earlier, one Windows XP Professional–based computer can function as a gateway, providing shared Internet access to all the systems on your small LAN. What’s New Windows XP Professional builds on the Microsoft® Windows® 2000 local networking, dial-up, and other remote connection functionality and adds the following features:
Connection Types To place the connectivity needs of the remote office in perspective, Table 23-1 includes both commonly used connection types as well as some of those less often used in the remote office environment.
Remote Access Connection Types Remote access allows remote clients running Windows to access a network. You can use the following remote access connection types. Dial-up Modem Dial-up modem is the most commonly used form of remote access connection. Also called a slow link, an analog dial-up connection makes use of the PSTN rather than a dedicated circuit or some other type of private network. ISDN Integrated Services Digital Network (ISDN) technology makes it possible to offer telephone customers digital data and voice services using a single wire by dividing the capacity of the wire into separate channels. A basic rate ISDN line can offer speeds of up to 128 kilobits per second (Kbps) using two 64 Kbps channels. An ISDN line must be installed by the phone company at both the server site and the remote site. In most instances, ISDN is used for intermittent, dial-up connectivity rather than for a persistent or permanent connection. X.25 X.25 is a standard that defines the connection between a terminal and a packet-switching data network. When X.25 originated in the early 1970s, the noisy, copper-based telephone infrastructure dictated devoting a great deal of overhead to ensure packet reliability. Media reliability improvements since then, including optical fiber lines, has made the costly focus on data-link reliability unnecessary. ISDN and Frame Relay have largely replaced X.25 as preferred remote connectivity solutions. X.25, however, remains the most widely accepted worldwide data communications standard. Consequently, X.25 continues to be used, often in tandem with newer technologies. X.25 is supported in Windows XP Professional. PPPoE Point-to-Point Protocol (PPP) is a set of framing and authentication protocols included with Windows remote access to ensure interoperability with third-party remote access software. PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator. With this model, each host uses its own PPP connection and the user is presented with a familiar user interface. Access control, billing, and type of service can be accomplished on a per-user, rather than a per-site, basis. To provide a point-to-point connection over Ethernet, each PPP session must learn the Ethernet address of the remote peer, as well as establish a unique session identifier. PPPoE includes a discovery protocol that allows this to take place. Microsoft Ethernet PVC Microsoft Ethernet PVC provides support for Ethernet and IP data encapsulation over ATM. This enables the encapsulation and transport of IP or Ethernet packets over ATM between a client connected by means of an ATM permanent virtual connection to a supporting infrastructure. To accomplish this, Microsoft Ethernet PVC acts as a bridging Ethernet adapter for the TCP/IP protocol or a routing adapter for the TCP/IP protocol alone and uses the PVC on the ATM or internal ADSL adapter to transfer encapsulated data. Windows XP Professional supports the two encapsulation methods defined in RFC 2684: LLC Encapsulation and VC Multiplexing. Both Ethernet and IP protocols are supported using either encapsulation method on both bridged and routed PDUs (protocol data units). For example, protocols supported by Microsoft Ethernet PVC in Windows XP Professional include PPPoE (PPP over Ethernet), L2TP (Layer 2 Tunneling Protocol), Ethernet, or Ethernet encapsulated in IP. A typical situation in which Microsoft Ethernet PVC might provide remote connectivity for a home or small office involves using an internal ADSL modem. In Windows XP Professional you configure the ADSL modem as Microsoft Ethernet PVC. As shown in Figure 23-1, the ADSL modem connects by means of the Public Switched Telephone Network (PSTN) to a Digital Subscriber Line Access Multiplexer (DSLAM) located at the service provider, most likely the central office of the local telephony carrier. The DSLAM either bridges the encapsulated data directly to a network or connects to an external bridge, router, or ATM switch located at the service provider. A connection can then be made to the targeted network, such as a corporate office or the Internet.
Figure 23-1. Connectivity with Ethernet PVC For information about configuring Ethernet PVC, see Windows XP Professional Help and Support Center. VPN Connection Types A virtual private network (VPN) connection simulates a secure private link over a shared public infrastructure such as the Internet by encapsulating and encrypting all traffic from the remote access client to the VPN server. VPN offers affordable, secure access for home and small offices over any networking technology that transports IP packets. A Windows XP Professional remote access VPN connection makes use of one of two tunneling protocols to encapsulate all traffic. PPTP Point-to-Point Tunneling Protocol (PPTP), while developed by Microsoft and others, is an open industry standard that supports the tunneling of PPP frames. PPP frames can include IP and other networking protocols. Although L2TP used in conjunction with the IP security (IPSec) protocol provides greater security, PPTP is considerably easier to set up. PPTP uses Point-to-Point Protocol (PPP) authentication, compression, and encryption and can provide good security when used with Microsoft Challenge-Handshake Authentication Protocol version 2 (MS-CHAPv2) and a strong password. Companies can use PPTP to outsource their remote dial-up needs to an Internet service provider (ISP) or other carrier to reduce cost and complexity. L2TP Layer 2 Tunneling Protocol (L2TP) is an industry-standard Internet tunneling protocol with roughly the same functionality as PPTP. In Windows XP Professional, L2TP is designed to run natively over IP networks. Like PPTP, L2TP encapsulates PPP frames, which in turn encapsulate the frames of other protocols, thereby allowing users to run applications remotely that are dependent upon specific network protocols. Figure 23-2 demonstrates how an L2TP tunnel can connect a remote computer to a private network. That tunnel can be configured to run over the Internet or an intermediary private network.
Figure 23-2. L2TP tunneling The use of L2TP, in tandem with IPSec, provides data authentication, data integrity, and data encryption that greatly improves security when sending data over non-secure networks. For more information about IPSec, see “IPSec” later in this chapter.
NOTE For more information about VPNs, see Windows 2000 Server Help or Windows XP Professional Help and Support Center. Local Connection Types Local connection types, in this context, refer to the following LAN technologies. Ethernet Ethernet, the 10 megabits per second (Mbps) standard for LANs, is the connection type used for most LANs. In this context, the term Ethernet can also include the 100 Mbps standard and the 1 gigabit per second (Gbps) standard. For 10 Mbps and 100 Mbps Ethernet, hosts connected to a shared media contend for network access using a collision detection scheme. Token Ring Token Ring is a shared access LAN technology that operates very differently from Ethernet. The term generally refers to the IEEE 802.5 standard, largely based on the token passing technology developed by IBM in the 1970s. A token ring network consists of nodes wired into a physical ring. Each node (or device) passes a control message (token) to the next node. Whichever node has the token is entitled to send a message. Although Token Ring is fully supported by Windows XP Professional, it tends to be more complex and expensive than Ethernet. For this reason, it is rarely used in a home or small office. FDDI Fiber Distributed Data Interface (FDDI) is a 100 Mbps token-passing topology that operates in a similar fashion to Token Ring, but unlike Token Ring, FDDI is designed to be used with fiber-optic cabling. For redundancy, FDDI employs a dual-counter rotating ring. Data is generally transmitted on a primary ring. The secondary ring is used if the primary ring fails. Like Token Ring, FDDI is supported by Windows XP Professional, although it is unlikely to be used to connect nodes within a small office or home office LAN. LAN Emulation LAN Emulation (LANE) is a group of software components that allows Asynchronous Transfer Mode (ATM) to work with Ethernet or Token Ring networks and applications. Using LANE, you can run your traditional LAN-aware applications and protocols on an ATM network without modification. LANE provides an intermediate step between fully using ATM and not using ATM at all. For example, LANE allows your current system and software to run on ATM, and it facilitates communication with nodes attached to legacy networks. You can increase the speed of data transmission for current applications and protocols when ATM is used over high speed media. However, LANE does not take advantage of ATM features such as Quality of Service (QoS). IP over ATM IP over ATM is a group of components that do not necessarily reside in one place, providing services not usually available on an ATM switch. (For the purposes of this discussion, it is assumed the IP over ATM server services reside on a Windows 2000–based server.) IP over ATM provides several advantages over LANE. For example, it can support Quality of Service (QoS) connections, which are required by multimedia and other time-sensitive network applications. IP over ATM also provides lower overhead (because it requires no media access control (MAC) header) and a large IP packet size (9,180 bytes). The core components required for IP over ATM are roughly the same as those required for LANE, as both approaches require the mapping of a connectionless medium to a connection-oriented medium, and vice versa. In IP over ATM, an IP ATMARP (ATM Address Resolution Protocol) server on each IP subnet maintains a database of IP and ATM addresses and provides configuration and broadcast emulation services. Although Windows XP Professional supports both LANE and IP over ATM, it is unlikely that a small branch office or home office LAN would employ either technology. Home Phoneline Network Adapter (HPNA) Windows XP Professional supports HomePNA, a networking technology that uses existing telephone wiring in your home to connect devices without interrupting standard telephone service. 802.11x for wireless LANs Windows XP Professional improves and builds upon the wireless support provided in Windows 2000. Windows XP Professional includes support for automatic switching between different access points (APs) when roaming, auto detection of wireless networks, and automatic wireless configuration — allowing for zero client configuration. Additional security is also provided by the inclusion of an 802.1x client implementation in Windows XP Professional and the inclusion of wireless device authentication support in the Windows Remote Authentication Dial-In User Service (RADIUS) server, Internet Authentication Service (IAS). For more information about wireless LANs, see “Supporting Mobile Users” in this book. IrDA The Infrared Data Association (IrDA) has defined a group of short-range, high speed, bidirectional wireless infrared protocols, generically referred to as IrDA. IrDA allows a variety of wireless devices to communicate with each other. Cameras, printers, portable computers, desktop computers, and personal digital assistants (PDAs) can communicate with compatible devices using this technology. Current IrDA standards are:
IrDA also specifies an Information Access Service that a device can use to determine the services offered by another device. Infrared link, along with both serial cabling and direct parallel cabling, can be used to synchronize information between a handheld Windows CE–based computer and a desktop computer. Direct Cable Connections Direct Cable Connection (DCC) represents several technologies, which can each allow two devices to communicate with one another. They include the Universal Serial Bus (USB), serial (or null modem) cable, and the high-speed port-to-port transmission standard, IEEE 1394, also known as Firewire. Infrared connections are sometimes also included in this category, but they are listed separately here because they also share some of the characteristics of more conventional network topologies. When you install and configure DCC networking functionality on your Windows XP Professional–based computer, serial ports with external devices attached are listed as available for DCC connection. If you select a serial port that has an attached device, you disable the port and cannot use it for DCC networking, even though the device functions normally. If a modem is installed on the serial port, that port is removed from the list of available DCC ports. Examples of external devices include:
USB The Universal Serial Bus (USB) provides device-to-device connectivity without the need to restart your computer. It is a serial bus with a bandwidth of 1.5 Mbps designed to connect peripherals to a personal computer. USB can connect up to 127 peripherals, such as external CD-ROM drives, printers, modems, mice, and keyboards, to the system through a single, general-purpose port. This is accomplished by chaining peripherals together. USB supports hot plugging and multiple data streams. A USB port is usually located on the back of your computer near the serial port or parallel port. Serial Cabling A serial (or null-modem) cable, as the name implies, emulates modem communication. It eliminates the modem’s need for asynchronous communications between two computers over short distances. When the host computer is at the same location as the target computer, or when you need to put a local host computer with remote access server capabilities between the target and a remote host, a serial cable is used to connect the serial ports of the target system to that of the local host. Direct Parallel Cabling A parallel cable can also be used to enable file transfers between two computers. Parallel cable connections are faster than serial cable connections because parallel cables transfer data one byte at a time. Windows XP Professional supports the following parallel cables for use with Direct Cable Connection:
IEEE 1394 (Firewire) IEEE 1394 (or Firewire) is a standard for ports developed by the Institute of Electrical and Electronics Engineers (IEEE) that lets you connect high-speed digital devices, such as digital video cameras and audio/video editing equipment. Firewire provides transmission speeds of 98 Mbps to 393 Mbps. In contrast, USB provides transmission speeds of 1.5 Mbps to 12 Mbps. Wide Area Network Connection Types Wide area network (WAN) refers to a communications network that uses links provided by telecommunications service providers and connects geographically separated areas. In most instances, WAN refers to persistent connections as opposed to short term ones (such as Analog Dial-up and ISDN). WAN connection types include:
T-Carrier Line The leased line has traditionally been a fast, permanent alternative to dial-up remote access. In most instances, this has been in the form of a T-Carrier line, such as a T1 or fractional T1 line that transmits digital data at a maximum of 1.544 Mbps by using the telephone-switching network. E1, transmitting digital data at a maximum of 2.048 Mbps is the European counterpart of T1. Today, this legacy technology is being challenged by several other solutions that appear to be more cost effective and easier to install. T-Carrier leased lines are, nonetheless, still a corporate standard in widespread use and are supported by Windows XP Professional with the appropriate T-Carrier adapter and driver. Cable Modem Cable modems, with a maximum throughput of 2.8 Mbps, provide two-way, high-speed connectivity to the Internet and, by means of a VPN connection, to private networks as well. Cable modem technology employs the same coaxial lines that transmit cable television, accomplishing data transmission at speeds that makes it ideal for transferring large amounts of digital information rapidly, including complex files such as video clips, audio files, and large amounts of data.
NOTE Cable connectivity operates at higher speeds than leased lines and is more affordable and easier to install. When the cable infrastructure is in place in an area, a firm can easily connect by using the installation of a cable modem or router. Cable modems do not use the telephone system infrastructure and, consequently, there are no local-loop charges. Perhaps the biggest obstacle preventing widespread cable adoption by businesses is availability. Eighty-five percent of all households in the United States are outfitted for cable reception and a growing number of those now support cable transmission. In contrast, few office buildings support either. DSL Digital subscriber line (DSL) technology provides dedicated, high-speed Internet access by using copper telephone lines. DSL partitions the telephone line and dedicates the partition so it is always available for data transmission. Thus, DSL provides high-speed Internet access without interfering with regular phone service. A DSL circuit is much faster than an analog modem (up to 64 Kbps) or ISDN (BRI; up to 128 Kbps) connection, even though the wires coming into the subscriber’s premises are the same (copper) as used for regular phone service. One form of digital subscriber line, Asymmetric Digital Subscriber Line (ADSL), for example, provides a one-way data channel to the subscriber at up to 6.4 Mbps and an upstream flow of 640 Kbps. Like a leased line such as a T1, DSL is a dedicated connection providing continuous Internet and e-mail access, but, unlike a leased line, DSL does not require the installation of a special cable, nor does it require the costly local-loop charges of a T1. Use of a private phone line makes DSL more secure than cable, whose lines are shared by many users. In addition, unlike cable, DSL allows companies to increase their bandwidth on request. Frame Relay Frame Relay is a virtual circuit–based packet switching technology that permits WAN implementations of up to DS3 speeds (44.7 Mbps). It uses virtual circuits (VCs) that are either statically configured by a service provider or created dynamically when needed. Most implementations of Frame Relay use permanent virtual circuits (PVCs). Although technically not a leased line, from the point of view of the end user, a permanent virtual connection performs just like a leased line. It is always available for data transmission and there is no connection maintenance. The circuit is permanently mapped by using the service provider’s network and does not change unless there is a failure in the service provider’s switching network. A switched virtual circuit (SVC), less common in the world of Frame Relay, behaves more like a dial-up modem or ISDN connection although it is faster. It processes call setup, call maintenance, and call breakdown any time it is used. Incoming Connection Types By creating an incoming connection, a computer running Windows XP Professional can act as a remote access server. You can configure an incoming connection to accept the following connection types: dial-up (modem, ISDN, X.25), VPN (PPTP, L2TP), or direct cable connection as shown in Table 23-1. On a Windows XP Professional–based computer, an incoming connection can accept up to three incoming calls, up to one of each of these types. This can be an effective, low-cost option in a telecommuter’s home office or a remote office to which the corporate network occasionally needs to send data. For more information about setting up and configuring incoming connections, see “Managing Incoming Connections” later in this chapter. Connection-defined Connections All of the connections that appear in the Network Connections folder contain a set of features that you can use to create a link between your computer and another computer or network. These features establish end-to-end connectivity, define authentication negotiation, and set data encryption rules for those connections configured for remote access. For example, you might configure a dial-up connection with the following settings:
When you double-click this connection, it dials the number by using the specified modem. The connection only allows the session to continue if the remote access server uses one of the specified encrypted authentication protocols, and if the remote access server encrypts data. When connected, the remote access server assigns the connection a unique IP address. This ensures a unique and non-conflicting address for the connection so you can access remote network resources, such as file shares. Properties of a dial-up connection provide all of the parameters required to dial the connection, negotiate password and data handling rules, and provide remote network connectivity. Unlike a remote connection, you can modify a local area connection at any time, but you cannot manually create a new one. A local area connection is created for each network adapter detected by the Plug and Play service. Setup automatically creates a local area connection for each network adapter. This connection is preconfigured with the services needed for file and print sharing and the TCP/IP protocol. All other types of connections can be created by using Create a new connection in the Network Connections folder. Managing Outgoing Connections You can configure your Windows XP Professional–based computer to initiate a remote connection. Such a connection can be any one of a number of different types, including:
It is also possible to use your Windows XP Professional–based computer to establish a connection locally with another device in your office. Local area connections can be configured at any time. The network adapter is detected; the connection is created and placed in the Network Connections folder. Along with a display of existing connections, the Network Connections folder contains a list of network tasks including Create a new connection, which you can double-click to start the New Connection Wizard. Use the New Connection Wizard to create dynamic connections, including Internet connections, VPN connections to the workplace, direct connections to another computer, and incoming connections. Outgoing connections contact a remote access or VPN server by using a configured access method, such as a LAN, dial-up modem, or ISDN line, to establish a connection with the network. Whether you are connected locally (by a LAN), remotely (by dial-up, ISDN, and so on), or both, you can configure a connection so that it performs any network function that you want. For example, you can print to network printers, access network drives and files, browse other networks, and access the Internet. If you are upgrading to Windows XP Professional from Microsoft® Windows® Millennium Edition (Me), Microsoft® Windows® 98 or Microsoft® Windows NT® Workstation version 4.0, Network Connections dynamically detects Dial-up Networking phone books and create a connection for each phone book entry.
NOTE Using the New Connection Wizard to Choose Connection Types The New Connection icon always appears in the Network Connections folder. It starts the New Connection Wizard, which guides you through the process of creating all connection types, except for local area connections. The steps in the wizard guide you through the configuration options for each type of connection. The wizard enables you to select among three common connection types. Each connection type is then automatically configured with the most appropriate defaults for most cases. Figure 23-3 shows the three connection types: Connect to the Internet, Connect to the network at my workplace, and Set up an advanced connection.
Figure 23-3. New Connection Wizard Internet Connection Select this connection type to start the Internet Connection Wizard and connect to the Internet. File and Printer Sharing for Microsoft Networks is disabled, protecting your computer’s file and print shares from computers on the Internet. The Internet Connection Wizard allows you to select a dial-up or broadband connection. Dial-up Connection By selecting the dial-up connection you can configure your Windows XP Professional–based computer to access the Internet for a finite period of time using a dial-up technology such as a dial-up analog modem, ISDN, or X.25. A modem or comparable piece of data circuit-terminating equipment (DCE) should be installed within or attached to your computer before such a logical configuration is attempted. The Internet Connection Wizard automatically connects you to the Microsoft Referral Service to help you select an ISP if you select Dial-up to the Internet and either of the following:
The Microsoft Referral Service automates the process and provides the phone numbers to you. Before you create an Internet connection, check with your Internet service provider (ISP) to verify the required connection settings. A connection to your ISP might require one or more of the following settings:
Broadband Connection Select Broadband Connection to configure your Windows XP Professional–based computer for a persistent connection to the Internet using a faster broadband technology such as PPPoE, cable modem, DSL, or a leased line such as a T1. Unless you supply specific information about your broadband connection, Windows XP Professional dynamically detects and configures your broadband connection, assuming that the device necessary to establish such a connection is already in place. Connecting to the Network at My Workplace Select this connection type to connect to a private network from home, a field office, or another location. Direct Connection This option allows you to connect directly by dial-up or broadband into a corporate (or other private) network. Internet Connection This option allows you to access the corporate network by means of the Internet by creating a secure VPN connection. Depending upon how the VPN server has been configured, the VPN connection uses either PPTP or L2TP as its tunneling protocol. Advanced Connection Select the Advanced Connection type for two other selections. Set Up This Computer to Accept Incoming Connections Select this option to configure a Windows XP Professional–based computer to act as a remote access server accepting incoming connections. For more information about configuring a Windows XP Professional–based computer to act as a remote access server, see “Managing Incoming Connection” later in this chapter. Connecting Directly to Another Computer Select this option to connect your Windows XP Professional–based computer directly to another computer by means of a parallel, serial, or infrared port-to-port connection. You can designate your computer to act either as the Host or the Guest computer. The Host makes data available to another computer. The Guest is the computer that accesses data on the Host computer. To connect directly to another computer
Note that a disabled account affects the user’s ability to connect. (If you wish to add a user name to the account list, click Add, and then type the User name, Full name, Password and Password confirmation of the user.)
What Can I Configure? Group Policy enforces specified requirements for user environments. For example, by using Group Policy, you can enforce local and domain security options, specify logon and logoff scripts, and redirect user folder storage to a network location. Local Group Policy can be applied at the local computer or workgroup level. In the domain environment, Group Policy can be applied using Active Directory™, the directory service included with Windows 2000. For more information about Group Policy in Windows XP Professional, see “Authorization and Access Control” in this book. Your ability to configure connections depends on several factors, including your administrative rights, whether a connection was created by using Only for myself or For all users in the New Connection Wizard, and which Group Policy settings are applied to you. Configuration Privileges If you are logged on as an administrator or as a member of the Network Configuration Operators local group, the New Connection Wizard prompts you to select whether a connection that you are creating is For all users or Only for myself. If you select For all users, this connection is available to any user who logs on to that computer, and only an administrator who is logged on to that computer can modify the connection. If you select Only for myself, then only you can modify or use it. Group Policy settings, which are designed to help manage large numbers of users in enterprise environments, can be used to control access to the Network Connections folder, and the connections in it. Settings can be used that enable or disable the option to create connections, delete connections, or modify connection properties. For more information about these Group Policy settings, see “Connecting Clients to Windows Networks” in this book.
NOTE Configuring Remote Connections Because all services and communication methods are configured within the connection, you do not need to use external management tools to configure dial-up, VPN, or direct connections. For example, the settings for a dial-up connection include the features to be used before, during, and after connecting. These include the modem you use for dialing, the type of password authentication and data encryption you use upon connecting, and the remote network protocols you use after connecting. Because settings are established per connection, you can create different connections that apply to different connection scenarios and their specific needs. For example, you can configure a connection with a static TCP/IP address when you dial into your corporate office. You might also have a connection configured for an ISP. If your ISP allocates IP addresses using PPP, set the TCP/IP settings for the connection to Obtain an IP address automatically. Connection status, which includes the duration and speed of a connection, is viewed from the connection itself; you do not need to use an external status tool. All connections are configured by right-clicking the connection, and then clicking Properties. For more information about configuring connections, see Windows XP Professional Help and Support Center. Configuring Advanced Settings The settings in the Advanced menu of the Network Connections folder allow you to choose from a range of advanced settings including operator-assisted dialing, dial-up preferences, bridge creation (Layer 2 connectivity), and network identification options. Another option allows you to install optional networking components such as the Simple Network Management Protocol (SNMP) service or the printing service. You can also modify the order in which connections are used by network services, or the order in which your computer uses network protocols and providers. Operator-Assisted Dialing If you choose this setting, automatic dial-up settings can be overridden where intervention is required. Typically, you can use this setting where you have to call by using a manually operated switchboard to establish your dial-up connection. Dial-up Preferences The settings in Dial-up Preferences affect connection creation privileges, Autodial options, and callback options. You can enable or disable Dial-up Preferences on your users’ desktops by using the Enable the Dial-up Preferences item on the Advanced menu Group Policy setting. Autodial The Autodial tab on the Dial-up Preferences page lists the available locations where you can enable Autodial. Autodial maps and maintains network addresses to connection destinations, which allows the destinations to be automatically dialed when referenced, whether from an application or from a command prompt. To enable Autodial for a location, select the check box next to the location. To disable Autodial for a connection, clear the check box next to the location. The following is an example of how Autodial works:
The Autodial feature works only when the Remote Access Auto Connection Manager service is on. Remote Access Auto Connection Manager is on by default in Windows XP Professional–based computers that are not members of a domain and in Microsoft® Windows® XP Home Edition. To start the Remote Access Auto Connection Manager service
Callback The Callback tab on the Dial-up Preferences page provides you with cost advantages. Callback instructs your dial-up server to disconnect your initiating call after authenticating your credentials and then call you back, thereby reducing your phone charges. Callback behavior is determined by a combination of the settings that you specify in Network Connections, and by the user account settings you designate. Table 23-2 illustrates callback behavior based on these settings.
After your call reaches the remote access server, the server determines that your user name and password are correct and then acts, based upon pre-configured Network Connections and remote access server callback settings. Callback can also provide security advantages to your network. Requiring callback to a particular number enhances network security by ensuring that only users from specific locations can gain access to the server. Dropping the call and then immediately calling back to the pre-assigned callback number makes impersonation more difficult. You cannot use this aspect of callback if you are dialing in from multiple locations. The settings in Callback indicate the conditions under which you want to use the feature. For example, you can configure callback to prompt you for a phone number during the dialing process, or you can specify that callback always call you back at a specific number. Callback options can also be configured on a per-user basis on the dial-up properties of a user account. The Always Callback to server setting overrides Network Connections settings. Therefore, if you have specified Ask me during dialing when the server offers in Network Connections, but your user account designates Always Callback to (with a corresponding phone number), callback does not prompt you for a number when you dial in; it always calls you back at the number specified on the server. For more information about how to configure your callback options, see Windows XP Professional Help and Support Center. If you have specified No callback, but the user account is set to Always Callback to, you cannot connect. With this combination of settings, the remote access server requests callback, your computer refuses, and then the remote access server disconnects your connection. If your computer is configured to accept incoming connections, you can enforce callback options on that computer. For more information about configuring incoming connections, see “Managing Incoming Connections” later in this chapter. Dynamic Multiple Device Dialing The PPP Multilink Protocol (MP), defined in RFC 1990, combines multiple physical links into a logical bundle, called multilink lines, and the resulting aggregate link increases your connection bandwidth. Network Connections can dynamically control the use of these multilink lines through a combination of support for MP and Bandwidth Allocation Protocol (BAP). BAP is a PPP control protocol that is used on an MP connection to dynamically manage links. This procedure can be accomplished by dialing over multiple ISDN, X.25, or analog modem lines. To dial multiple devices, both your connection and your remote access server must have MP enabled. BAP enables the dynamic use of multiple-device dialing by allocating lines only as they are required, thereby limiting communications costs to the bandwidth requirements. You can realize a significant efficiency advantage by doing this. The conditions under which extra lines are dialed, and underused lines are disconnected, are configured by using the Options property page of a dial-up connection. For more information, see Windows XP Professional Help and Support Center. Network Identification Network Identification displays your computer name, and the workgroup or domain to which the computer belongs. You can change the name of your computer, or join a domain by changing the settings on the System Properties sheet. To change the name of your computer
Advanced Settings Windows XP Professional uses network providers and bindings in the order specified in the Advanced Settings dialog box. To open the Advanced Settings dialog box
By changing your provider order, and by changing the order of protocols bound to those providers, you can improve performance. For example, suppose your LAN connection is enabled to access Novell NetWare and Microsoft Windows networks, which use IPX and TCP/IP respectively, but your primary connection is to a Microsoft Windows network that uses TCP/IP. You can move Microsoft Windows Network to the top of the Network Providers list on the Provider Order tab, and move Internet Protocol (TCP/IP) to the top of the File and Printer Sharing for Microsoft Networks binding on the Adapters and Bindings tab.
NOTE An administrator can enable or disable the Advanced Settings option by using the Enable the Advanced Settings item on the Advanced menu setting in the Microsoft Management Console (MMC) Group Policy snap-in. For more information about Advanced Settings, see “Connecting Clients to Windows Networks” in this book. Optional Networking Components Optional networking components support network operations that are not automatically installed with Windows XP Professional. The components consist of the following:
To configure optional networking components
Deploying Connection Manager Connection Manager 1.3 is a client dialer, included in Windows XP Professional, whose several advanced features make it a superset of basic dial-up networking. Microsoft® Windows® 2000 Server includes a set of tools that enables a network manager to deliver pre-configured connections to network users. These tools are the Connection Manager Administration Kit (CMAK) and Connection Point Services (CPS). Connection Manager provides support for local and remote connections to your service provider using a network of access points, such as those available worldwide by means of ISPs. If your service provider requires secure connections over the Internet, you can also use Connection Manager to establish VPN connections. Connection Manager’s features are covered in greater detail in Table 23-3. Two features new to Windows XP Professional — Access Points and Improved Help — are included in Table 23-3.
Additional Connection Manager client features introduced in Windows XP Professional include connection logging, VPN server selection, terminal window support, automatic route addition, and improved ISDN support. CMAK A network administrator can use CMAK to tailor the appearance and behavior of a connection made with Connection Manager. Using CMAK, an administrator can develop client dialer and connection software that allows users to connect to the network by using only the connection features that the administrator defines for them. Connection Manager supports a variety of features that both simplify and enhance implementation of connection support for you and your users, most of which can be incorporated using the CMAK wizard. CMAK allows you to build profiles customizing the Connection Manager installation package that you deliver to your customers, so that Connection Manager reflects the identity of your organization. It allows you to determine which functions and features you want to include and how Connection Manager appears to your customers. For more information about CMAK and the configuration of connection manager service profiles, see “Customizing Connection Management and Settings” in the Microsoft Internet Explorer 5 Resource Kit of the Microsoft® Windows® 2000 Server Resource Kit. CPS Connection Point Services (CPS) work in conjunction with Connection Manager to automate the process of updating users’ computers with new Points of Presence (POP) entries. Each POP entry supplies a telephone number that provides dial-up access to an Internet access point. CPS consists of Phone Book Service, a tool for distributing phone books, and Phone Book Administrator, a tool for creating and maintaining your phone book files. The phone books provide users with complete POP information, so they can connect to different Internet access points rather than being restricted to a single POP during travel. CPS eliminates a user’s need to contact technical support to obtain changes in POP information and reconfigure their client dialer software. Accessing Network Resources Network Connections provides access to your network, based on the user name and, in the case of PPP connections, password credentials that you supply. This access does not imply privilege to use resources on the network. The network access control process confirms your access rights each time that you attempt to access any network resource. For more information about authentication and access control methods, see “Authentication” later in this chapter. After you have connected to your network, access to network resources, such as files and printers, might be affected by one or more of the following administrative controls on both your own computer and on the resources you are trying to access. File and Printer Sharing File and Printer Sharing is established by each resource, and permissions depend on user name or group membership. Group Policy Group Policy enforces specified requirements for your users’ environments. For example, by using Group Policy, you can enforce local and domain security options, specify logon and logoff scripts, and redirect user folder storage to a network location. Local Group Policy Local Group Policy can be applied at the local computer or workgroup level. In the domain environment, Local Group Policy is overridden by domain-based Group Policy.
NOTE For more information about Group Policy and Local Group Policy, see “Connecting Clients to Windows Networks” in this book. Managing Incoming Connections By configuring a Windows XP Professional–based computer to accept incoming connections, you permit other computers to dial in to your computer. Plug and Play automatically detects and enumerates devices, such as modems and COM ports.
NOTE To configure your computer to accept incoming connections
The first time you start the New Connections Wizard, the Location Information dialog box appears, requesting country or region, area code and, if necessary, a carrier code and an outside access number. You also need to indicate whether your phone system uses tone or pulse dialing. After typing this information in the dialog box, click OK.
This allows other computers to connect to your Windows XP Professional–based computer by means of the Internet, a phone line, or a direct cable connection.
This enables a virtual private connection so that another computer can use the Internet or another public network to access your computer. For this to occur, your computer must have a known name or an IP address on the Internet.
This specifies the name of each user you permit to access your computer.
This allows your computer to accept connections from other kinds of computers. The components listed by default include TCP/IP, File and Print Sharing for Microsoft Networks, QoS Packet Scheduler, and Client for Microsoft Networks. Configuring Home Networks Using Windows XP Professional, you can easily set up a home office network between desktops without using a server. Its Microsoft® Windows NT®–style user account management and permissions offer an environment ready-made for secure home and small office networking. You can also integrate other hardware devices such as printers, scanners, or cameras into your home network. The Network Setup Wizard guides you through the process of setting up your home network including Internet Connection Sharing (ICS), naming your workgroup, and naming your computer. You can use Home Networking to:
In addition, Windows XP Professional is compatible with previous versions of Windows. You can introduce Windows XP Professional into a peer-to-peer network configured between clients running Microsoft® Windows® 95, Microsoft® Windows® 98, or Microsoft® Windows® Millennium Edition (Me), or introduce clients running Windows 95, Windows 98, or Windows Me into a Windows XP Professional network. You can set up one computer to communicate to the Internet using Internet Connection Sharing. ICS provides access to the public network (the Internet) for all computers in your home network to communicate with the Internet at the same time. The computers that do not have a direct Internet connection, called clients, rely on the host computer to provide access to the Internet. The ICS host computer manages network addressing. Besides providing Internet access, the ICS host computer in your network assigns itself a permanent private address and acts as a Dynamic Host Configuration Protocol (DHCP) server for ICS clients, assigning a unique address to each ICS client and, therefore, providing a way for computers to communicate with other computers on the network. For more information about ICS, see “Internet Connection Sharing” later in this chapter. Successfully setting up your home network is a two-part process:
Before you run the Network Setup Wizard, be sure you have addressed these concerns:
Home Network Hardware Requirements Make sure your network hardware, such as devices and cables, is installed and set up correctly before you run the Network Setup Wizard. When planning your home or small office network, pick the type of hardware to use for connecting your computers. In the business world, the standard network connection technology is Ethernet, which requires a network adapter and dedicated physical cabling. Depending on its complexity, an Ethernet network might also require other interconnecting devices to perform the negotiation the configuration requires. There are several components that you need to create a home network:
In addition, you’ll want to make sure that the computers on your network meet the following minimum requirements:
After you install all of the required hardware in each of your computers, you can run the Home Networking Wizard. Home Network Configuration Instructions In Windows XP Professional, setup of the ICS host and client computers is greatly simplified by using the Network Setup Wizard. Run the Network Setup Wizard on the ICS host computer first. Then, run the wizard on the client computers. After you answer some basic questions, the wizard configures the computers to operate correctly on the network. When running the Network Setup Wizard, be aware of the following:
NOTE To configure other computers on your home network
Home and Small Office Local Connections A local area connection is automatically created for each network adapter in your computer that is detected by Plug and Play. After a network adapter is installed, it is detected by the Plug and Play service. Network Connections enumerates the adapter and populates the Network Connections folder with a local area connection. Because local area connections are dependent upon a network card being recognized in the computer, they cannot be created by using Create a new connection. For the adapter to be detected and the connection created, Plug and Play, Network Connections, and Remote Procedure Call (RPC) services must be started. All of these services start automatically; no user interaction is required. A local area connection might not appear in the Network Connections for any of the following reasons:
If your computer has one network adapter, but you need to connect to multiple LANs (for example, you use Dynamic Host Configuration Protocol (DHCP) at work but a static IP address configuration at home), you can configure TCP/IP with an alternate configuration. With an alternate configuration, your computer first tries to locate a DHCP server, and then if one is not found, it configures TCP/IP with the static configuration. For further information on alternate address configuration, see “Configuring IP Addressing and Name Resolution” in this book.
NOTE Use the network adapters that are supported by Windows XP Professional and listed in the Hardware Compatibility List link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Clients, Services, and Protocols By default, the following clients, services, and protocols are installed with a local area connection:
Any other clients, services, and protocols, including Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX), must be installed separately. For information about configuring TCP/IP for a local area connection, see “Configuring TCP/IP” in this book. Local Area Connection Status Like other connections, the appearance of the local area connection icon changes according to the status of the connection. The icon appears in the Network Connections folder, or if the network cable is disconnected, an additional icon appears on the taskbar. If a network adapter is not detected by your computer, a local area connection icon does not appear in the Network Connections folder. Table 23-4 describes the different local area connection icons.
To view the status of a local area connection
The General tab in the Local Area Connection Status dialog box, which is visible by default, provides information about the connection including its status, its duration, its speed, and the number of packets sent and received.
WAN Adapters Permanent connection WAN adapters such as T1, Frame Relay, and ATM, also appear in the Network Connections folder as local area connections. For these adapters, some settings are autodetected, and some need to be configured. For example, for a Frame Relay adapter, the appropriate management protocol, Committed Information Rates (CIR), Data Link Connection Identifiers (DLCIs), and line signaling must be configured. For these settings, contact your Frame Relay service provider. Default settings might vary according to the adapter. The Network Bridge The Network Bridge provides an IEEE 802.1D transparent bridge for grouping network interfaces at the media access control (MAC) sublayer of the OSI data-link layer. The bridge implements the spanning tree algorithm for prevention of bridged loops in the LAN segment topology. A bridge in Windows XP Professional simplifies the setup and administration of a subnetted home network. The classic model of a subnetted IP network involves:
Bridging the LAN segments that comprise a home network simplifies the situation by creating a single subnet. The entire home network can then operate with a single subnet. DHCP client computers on any LAN segment in the home network automatically obtain an IP address, subnet mask, and default gateway from the host computer on which ICS is enabled.
NOTE Troubleshooting Remote Office Network Connections The following sections describe common troubleshooting issues with the Network Connections feature in remote office environments as well as the relevant troubleshooting tools provided with Windows XP Professional. Troubleshooting Tools There are many tools within Windows XP Professional that allow you to monitor modem or Point-to-Point Protocol (PPP) activity and diagnose network and dial-up connections, including:
PPP Logging PPP logging records the series of programming functions and PPP control messages during a PPP connection. The PPP logs are a valuable source of information when you are troubleshooting the failure of a PPP connection.
NOTE To enable PPP logging on the client that is initiating the connection, use the Netsh command line tool. The syntax for the command is: netsh set ras tracing * enabled Conversely, if you want to stop PPP logging, the command syntax is: netsh set ras tracing * disabled Modem Logging By using Phone and Modem Options in Control Panel, you can record a log of commands as they are sent to your modem by communication programs or the operating system. On Windows XP Professional, logging is always turned on and the log is overwritten at the beginning of every session unless you select the Append to Log check box.
NOTE Modem Diagnostics When you query a modem, Windows XP Professional runs the commands and displays the results, as shown in Table 23-6.You can verify whether your modem is working properly by using the diagnostic queries that are available by means of Phone and Modem Options in Control Panel.
Device Manager Device Manager provides information about how the hardware on your computer is installed and configured. It can help you determine the source of resource conflicts and the status of COM ports. You can also use Device Manager to check the status of your hardware and update device drivers, such as modem drivers, on your computer. To open Device Manager
Troubleshooting Common Local Area Configuration Problems The following sections describe common local area–related problems that you might encounter, and possible causes and solutions for them. No response when using a local area network connection There are two possible causes for the lack of response when using a LAN connection:
Troubleshooting Common Remote Access Configuration Problems The following sections describe common remote access–related problems that you might encounter, and possible causes and solutions for them. Modem not working
When trying to connect, an error message indicates that the remote access server is not responding
Connections to a remote access server keep getting dropped
Connections are disconnecting abnormally
When trying to connect, a hardware error message is received
Connections do not appear in the Network and Dial-up Connections folder
Conflicts between serial ports are causing connection problems
When trying to connect by using ISDN, a “No Answer” message is received
Connections made by using X.25 fail
PPTP connections fail
Connections made by using PPP or TCP/IP tools fail
To disable LCP extensions
To disable IP header compression
Troubleshooting Common Internet Access Configuration Problems The following sections describe common Internet access–related problems that you might encounter, and possible causes and solutions for them. ICS connections fail
For computers running Windows 95, Windows 98, or Windows NT 4.0, you can find the TCP/IP settings in Network Control Panel.
If your remote office accesses the Internet through an ISP, there are two ways that your ISP can configure name resolution:
You must manually configure the TCP/IP protocol with the IP address (or addresses) of the name servers provided by the ISP. If you have statically assigned name servers, you can run the ipconfig command at any time to get the IP addresses of your configured name servers.
Manual configuration is not required. The IP addresses of the name servers provided by the ISP are dynamically assigned whenever you dial the ISP. If you have dynamically assigned name servers, you must run the ipconfig command after a connection to the ISP has been made.
For more information about Internet Connection Sharing, see Windows XP Professional Help and Support Center. Applications do not run properly on a laptop connecting to an ISP The Winsock Proxy client might be preventing your applications from running properly. If you are a mobile user and use your portable computer in your corporate environment, your applications might not be able to locate the resources or servers they need. Disable the Microsoft Winsock Proxy client (WSP Client in Control Panel) when you use the same computer to dial to an ISP or other network. Connections to my ISP succeed, but not to the Internet DNS options might need to be configured. Check with your ISP to see if you need to configure DNS settings for that connection. For example, you might need to specify a preferred or alternate DNS server IP address, rather than letting the DNS server IP address be assigned dynamically.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
