Download 70-687 8.1 Lecture Slides Lesson 16

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
Document related concepts

Internet protocol suite wikipedia , lookup

Net bias wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Server Message Block wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Lag wikipedia , lookup

Hyper-V wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Transcript 
Lesson 16: Configuring
Remote Connections
MOAC 70-687: Configuring Windows 8.1
Overview
• Exam Objective 5.1: Configure remote
connections
o Configure remote authentication
o Configure Remote Desktop settings
o Configure virtual private network (VPN)
connections and authentication
o Enable VPN reconnect
o Configure broadband tethering
© 2013 John Wiley & Sons, Inc.
2
Using BranchCache
Lesson 16: Configuring Remote Connections
© 2013 John Wiley & Sons, Inc.
3
BranchCache
• BranchCache is a feature in Windows 8.1
and Windows Server 2012 R2 that enables
networks with computers at remote
locations to conserve bandwidth by storing
frequently-accessed files on local drives.
© 2013 John Wiley & Sons, Inc.
4
Understanding Network
Infrastructure Requirements
• To use BranchCache, you must have a
server running Windows Server 2008 R2,
Windows Server 2012, or Windows Server
2012 R2 at the main office and computers
running Windows Server 2008 R2, Windows
Server 2012, Windows Server 2012 R2,
Windows 7, Windows 8, or Windows 8.1 at
the branch office.
© 2013 John Wiley & Sons, Inc.
5
Configuring BranchCache
Settings
• To implement BranchCache on your
network, you must install the appropriate
modules on your server(s) and configure
Group Policy settings on both servers and
clients.
• BranchCache requires a minimum of one
content server and one or more branch
office workstations. You can install
additional content servers at any location
that serves files to branch offices.
© 2013 John Wiley & Sons, Inc.
6
Configuring a Content
Server
• Once you have installed the required
BranchCache modules, you must configure a
Group Policy setting called Hash Publication for
BranchCache. This setting is located in the
Computer
Configuration\Policies\Administrative
Templates\Network\Lanman Server node of a
Group Policy object (GPO) or in Local
Computer Policy.
• The Hash Publication for BranchCache setting
enables the server to respond to file requests
from BranchCache clients with metadata
instead of the files themselves.
© 2013 John Wiley & Sons, Inc.
7
Configuring a Content Server
The Hash Publication for BranchCache setting in Group
Policy
© 2013 John Wiley & Sons, Inc.
8
Configuring a Content Server
A share’s Properties sheet in Windows Server 2012 Server
Manager
© 2013 John Wiley & Sons, Inc.
9
Configuring BranchCache
Clients
• To configure BranchCache clients, you must
configure the appropriate Group Policy
settings, found in the Computer
Configuration\Policies\Administrative
Templates\Network\BranchCache node of
a GPO or in Local Computer Policy.
© 2013 John Wiley & Sons, Inc.
10
Configuring BranchCache Clients
The BranchCache settings in Group Policy
© 2013 John Wiley & Sons, Inc.
11
Configuring a Hosted
Cache Mode Server
• To use hosted cache mode on your branch
office network, you must have a server running
Windows Server 2012 R2, Windows Server 2012
or Windows Server 2008 R2 with the
BranchCache feature installed. You must also
configure the Turn on BranchCache and Set
BranchCache Hosted Cache mode Group
Policy settings.
• The hosted cache mode server must also have
a digital certificate issued by a certification
authority (CA) that the BranchCache clients
trust.
© 2013 John Wiley & Sons, Inc.
12
Using Remote Network
Connections
Lesson 16: Configuring Remote Connections
© 2013 John Wiley & Sons, Inc.
13
Understanding Virtual
Private Networking
• A dial-up connection is a dedicated link
between the two modems that remains in
place during the entire session.
• The client and the server establish a Point-toPoint Protocol (PPP) connection, during which
the server authenticates the client and the
computers negotiate a set of communication
parameters they have in common.
• In a virtual private network (VPN) connection,
the remote client and the remote access server
are both connected to the Internet, using local
service providers.
© 2013 John Wiley & Sons, Inc.
14
Understanding Virtual Private
Networking
A dial-up remote access connection
© 2013 John Wiley & Sons, Inc.
15
Understanding Virtual Private
Networking
A VPN remote access connection
© 2013 John Wiley & Sons, Inc.
16
Tunneling
• In the tunneling process, the two computers
establish a PPP connection, just as they would in a
dial-up connection, but instead of transmitting the
PPP packets over the Internet as they are, they
encapsulate the packets again using one of the
VPN protocols supported by the Windows operating
systems.
• The original PPP data packet generated by the
computer consists of an network layer IP datagram,
encapsulated within a data-link layer PPP frame.
• The system then encapsulates the entire frame in
another IP datagram, which the VPN protocol
encrypts and encapsulates one more time, for
transmission over the network.
© 2013 John Wiley & Sons, Inc.
17
Tunneling
VPN protocol encapsulation
© 2013 John Wiley & Sons, Inc.
18
VPN Protocols
• The VPN protocols that Windows 8.1 supports
are as follows:
o
o
o
o
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Secure Socket Tunneling Protocol (SSTP)
Internet Key Exchange, Version 2 (IKEv2)
© 2013 John Wiley & Sons, Inc.
19
Point-to-Point Tunneling
Protocol (PPTP)
• The oldest and least secure of the VPN protocols, PPTP
takes advantage of the authentication, compression,
and encryption mechanisms of PPP, tunneling the PPP
frame within a Generic Routing Encapsulation (GRE)
header and encrypting it with Microsoft Point-to-Point
Encryption (MPPE), using encryption keys generated
during the authentication process.
• For authentication, PPTP supports only the Microsoft
Challenge Handshake Authentication Protocol version 1
(MS-CHAP v1), Microsoft Challenge Handshake
Authentication Protocol version 2 (MS-CHAP v2),
Extensible Authentication Protocol (EAP), or Protected
Extensible Authentication Protocol (PEAP).
© 2013 John Wiley & Sons, Inc.
20
Layer 2 Tunneling
Protocol (L2TP)
• L2TP relies on the IP security extensions (IPsec) for
encryption, and as a result performs a double
encapsulation. The system adds an L2DP header to
the PPP frame and packages it with the User
Datagram Protocol (UDP). Then it encapsulates the
UDP datagram with the IPsec Encapsulating
Security Payload (ESP) protocol, encrypting the
contents using the Data Encryption Standard (DES)
or Triple DES (3DES) algorithm, with encryption keys
generated during IPsec’s Internet Key Exchange
(IKE) negotiation process.
• L2TP/IPsec can use certificates or preshared keys for
authentication, although administrators typically
use the latter only for testing.
© 2013 John Wiley & Sons, Inc.
21
Secure Socket Tunneling
Protocol (SSTP)
• Introduced in Windows Server 2008 and
supported only by clients running Windows
Vista SP1 or later, SSTP encapsulates PPP
traffic using the Secure Sockets Layer (SSL)
protocol supported by virtually all Web
servers.
• SSTP uses certificates for authentication, with
the EAP-TLS authentication protocol, and in
addition to data encryption, provides
integrity checking and enhanced key
negotiation services.
© 2013 John Wiley & Sons, Inc.
22
Internet Key Exchange,
Version 2 (IKEv2)
• First introduced in Windows 7 and Windows
Server 2008 R2, IKEv2 uses TCP port 500 and
provides support for IPv6 and the new VPN
Reconnect feature, as well as
authentication by EAP, using PEAP, EAPMSCHAPv2, or smart cards.
• IKEv2 does not support the older
authentication mechanisms, however, such
as PAP and CHAP.
© 2013 John Wiley & Sons, Inc.
23
Authenticating Remote
Users
• In Windows 8.1, you configure the
authentication method a VPN connection
uses on the Security tab of the connection’s
Properties sheet.
• The options are as follows:
o Use Extensible Authentication Protocol (EAP)
o Allow these protocols
© 2013 John Wiley & Sons, Inc.
24
Authenticating Remote Users
The Security tab of a connection’s Properties sheet
© 2013 John Wiley & Sons, Inc.
25
Creating a VPN
Connection
• To connect a computer running Windows
8.1 to a remote access server, you must
create a new VPN or dial-up connection.
• In Windows 8.1, the Network Connections
window contains a connection for every
network interface adapter installed in the
computer.
• The Windows installation program creates
these connections automatically, but to
connect to a dial-up or VPN server, you must
create additional connections manually.
© 2013 John Wiley & Sons, Inc.
26
Create a VPN Connection
The How do you want to connect? page
© 2013 John Wiley & Sons, Inc.
27
Create a VPN Connection
The Type the Internet address to connect to page
© 2013 John Wiley & Sons, Inc.
28
Create a VPN Connection
The Network Authentication pane
© 2013 John Wiley & Sons, Inc.
29
Using VPN Reconnect
• Windows 8.1 includes a feature called VPN
Reconnect, based on the IKEv2 Mobility and
Multihoming (MOBIKE) protocol, which enables
a computer to reconnect to a VPN server
automatically, after an interruption as long as
eight hours.
• To configure VPN Reconnect, you open the
Properties sheet for a VPN connection, click the
Security tab, and click Advanced settings.
• In the Advanced Properties dialog box that
appears, click the IKEv2 tab and select the
Mobility checkbox.
© 2013 John Wiley & Sons, Inc.
30
Using VPN Reconnect
Enabling VPN Reconnect
© 2013 John Wiley & Sons, Inc.
31
Creating a Broadband
Connection
• While many Internet Service Providers (ISPs)
offer broadband services that provide
“always on” connections to the Internet,
some still offer metered connections that
require users to log on and log off.
• Windows 8.1 provides wizard options that
enable you to create a broadband
connection that you can activate and
deactivate at will.
© 2013 John Wiley & Sons, Inc.
32
Create a Broadband Connection
The Type the information from your Internet Service
Provider (ISP) page
© 2013 John Wiley & Sons, Inc.
33
Using Broadband
Tethering
• Broadband tethering is a new Windows 8.1
feature that enables a portable computer
with a mobile broadband connection to
function as a wireless “hot spot,” sharing its
Internet connection with other devices.
© 2013 John Wiley & Sons, Inc.
34
Using Remote Desktop
• Windows Server 2012 R2 includes a role
called Remote Desktop Services, which
provides clients with access to server
resources in a variety of ways.
• The Remote Desktop Session Host role
service functions much like the Remote
Desktop Services service in Windows 8.1,
except that it can provide multiple
(licensed) users with access to the server
desktop.
© 2013 John Wiley & Sons, Inc.
35
DirectAccess
• DirectAccess is a feature in Windows 8.1 and
Windows Server 2012 R2 that enables
remote users to automatically connect to
the company network whenever they have
Internet access.
© 2013 John Wiley & Sons, Inc.
36
DirectAccess Benefits
• Designed as a replacement for VPNs,
DirectAccess eliminates the need for client users
to manually establish wide area connections to
their networks.
• DirectAccess provides many other benefits to
users and administrators, including the
following:
o
o
o
o
o
Bidirectional
Encrypted
Authenticated
Authorized
Verified
© 2013 John Wiley & Sons, Inc.
37
Lesson Summary
• BranchCache is a feature in Windows 8.1 and Windows Server
2012 R2 that enables networks with computers at remote
locations to conserve bandwidth by storing frequentlyaccessed files on local drives.
• Windows 8.1 includes remote access client capabilities that
enable users to connect to a network using dial-up or virtual
private network (VPN) connections.
• In a virtual private network (VPN) connection, the remote
client and the remote access server are both connected to
the Internet, using local service providers.
• Windows 8.1 and Windows Server 2012 R2 include a remote
access solution called DirectAccess, which enables clients to
remain connected to their host networks whenever they have
access to the Internet.
© 2013 John Wiley & Sons, Inc.
38
Copyright 2013 John Wiley & Sons, Inc..
All rights reserved. Reproduction or translation of this work beyond that
named in Section 117 of the 1976 United States Copyright Act without the
express written consent of the copyright owner is unlawful. Requests for
further information should be addressed to the Permissions Department, John
Wiley & Sons, Inc.. The purchaser may make back-up copies for his/her own
use only and not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the use of these
programs or from the use of the information contained herein.
Related documents
Factor pairs
Factor pairs
Ch. 1: An Overview of Retail Buying
Ch. 1: An Overview of Retail Buying
Ch. 4: Merchandise Assortments
Ch. 4: Merchandise Assortments
Key Question
Key Question
Pancreatic Hormones
Pancreatic Hormones
PH110
PH110
Chapter 11
Chapter 11
4.1 Business Networks
4.1 Business Networks
Chapter 4
Chapter 4
Statistics and probability: Chance
Statistics and probability: Chance
ch01 - earthjay science
ch01 - earthjay science
CURRICULUM PLAN 2015-16 (Department of Botany, Kalindi
CURRICULUM PLAN 2015-16 (Department of Botany, Kalindi
Introduction to Information Technology Introduction: Business and Information Technology (continue...) 2
Introduction to Information Technology Introduction: Business and Information Technology (continue...) 2