* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 70-687 8.1 Lecture Slides Lesson 16
Survey
Document related concepts
Internet protocol suite wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Server Message Block wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Lesson 16: Configuring Remote Connections MOAC 70-687: Configuring Windows 8.1 Overview • Exam Objective 5.1: Configure remote connections o Configure remote authentication o Configure Remote Desktop settings o Configure virtual private network (VPN) connections and authentication o Enable VPN reconnect o Configure broadband tethering © 2013 John Wiley & Sons, Inc. 2 Using BranchCache Lesson 16: Configuring Remote Connections © 2013 John Wiley & Sons, Inc. 3 BranchCache • BranchCache is a feature in Windows 8.1 and Windows Server 2012 R2 that enables networks with computers at remote locations to conserve bandwidth by storing frequently-accessed files on local drives. © 2013 John Wiley & Sons, Inc. 4 Understanding Network Infrastructure Requirements • To use BranchCache, you must have a server running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 at the main office and computers running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows 7, Windows 8, or Windows 8.1 at the branch office. © 2013 John Wiley & Sons, Inc. 5 Configuring BranchCache Settings • To implement BranchCache on your network, you must install the appropriate modules on your server(s) and configure Group Policy settings on both servers and clients. • BranchCache requires a minimum of one content server and one or more branch office workstations. You can install additional content servers at any location that serves files to branch offices. © 2013 John Wiley & Sons, Inc. 6 Configuring a Content Server • Once you have installed the required BranchCache modules, you must configure a Group Policy setting called Hash Publication for BranchCache. This setting is located in the Computer Configuration\Policies\Administrative Templates\Network\Lanman Server node of a Group Policy object (GPO) or in Local Computer Policy. • The Hash Publication for BranchCache setting enables the server to respond to file requests from BranchCache clients with metadata instead of the files themselves. © 2013 John Wiley & Sons, Inc. 7 Configuring a Content Server The Hash Publication for BranchCache setting in Group Policy © 2013 John Wiley & Sons, Inc. 8 Configuring a Content Server A share’s Properties sheet in Windows Server 2012 Server Manager © 2013 John Wiley & Sons, Inc. 9 Configuring BranchCache Clients • To configure BranchCache clients, you must configure the appropriate Group Policy settings, found in the Computer Configuration\Policies\Administrative Templates\Network\BranchCache node of a GPO or in Local Computer Policy. © 2013 John Wiley & Sons, Inc. 10 Configuring BranchCache Clients The BranchCache settings in Group Policy © 2013 John Wiley & Sons, Inc. 11 Configuring a Hosted Cache Mode Server • To use hosted cache mode on your branch office network, you must have a server running Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2 with the BranchCache feature installed. You must also configure the Turn on BranchCache and Set BranchCache Hosted Cache mode Group Policy settings. • The hosted cache mode server must also have a digital certificate issued by a certification authority (CA) that the BranchCache clients trust. © 2013 John Wiley & Sons, Inc. 12 Using Remote Network Connections Lesson 16: Configuring Remote Connections © 2013 John Wiley & Sons, Inc. 13 Understanding Virtual Private Networking • A dial-up connection is a dedicated link between the two modems that remains in place during the entire session. • The client and the server establish a Point-toPoint Protocol (PPP) connection, during which the server authenticates the client and the computers negotiate a set of communication parameters they have in common. • In a virtual private network (VPN) connection, the remote client and the remote access server are both connected to the Internet, using local service providers. © 2013 John Wiley & Sons, Inc. 14 Understanding Virtual Private Networking A dial-up remote access connection © 2013 John Wiley & Sons, Inc. 15 Understanding Virtual Private Networking A VPN remote access connection © 2013 John Wiley & Sons, Inc. 16 Tunneling • In the tunneling process, the two computers establish a PPP connection, just as they would in a dial-up connection, but instead of transmitting the PPP packets over the Internet as they are, they encapsulate the packets again using one of the VPN protocols supported by the Windows operating systems. • The original PPP data packet generated by the computer consists of an network layer IP datagram, encapsulated within a data-link layer PPP frame. • The system then encapsulates the entire frame in another IP datagram, which the VPN protocol encrypts and encapsulates one more time, for transmission over the network. © 2013 John Wiley & Sons, Inc. 17 Tunneling VPN protocol encapsulation © 2013 John Wiley & Sons, Inc. 18 VPN Protocols • The VPN protocols that Windows 8.1 supports are as follows: o o o o Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Secure Socket Tunneling Protocol (SSTP) Internet Key Exchange, Version 2 (IKEv2) © 2013 John Wiley & Sons, Inc. 19 Point-to-Point Tunneling Protocol (PPTP) • The oldest and least secure of the VPN protocols, PPTP takes advantage of the authentication, compression, and encryption mechanisms of PPP, tunneling the PPP frame within a Generic Routing Encapsulation (GRE) header and encrypting it with Microsoft Point-to-Point Encryption (MPPE), using encryption keys generated during the authentication process. • For authentication, PPTP supports only the Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1), Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), Extensible Authentication Protocol (EAP), or Protected Extensible Authentication Protocol (PEAP). © 2013 John Wiley & Sons, Inc. 20 Layer 2 Tunneling Protocol (L2TP) • L2TP relies on the IP security extensions (IPsec) for encryption, and as a result performs a double encapsulation. The system adds an L2DP header to the PPP frame and packages it with the User Datagram Protocol (UDP). Then it encapsulates the UDP datagram with the IPsec Encapsulating Security Payload (ESP) protocol, encrypting the contents using the Data Encryption Standard (DES) or Triple DES (3DES) algorithm, with encryption keys generated during IPsec’s Internet Key Exchange (IKE) negotiation process. • L2TP/IPsec can use certificates or preshared keys for authentication, although administrators typically use the latter only for testing. © 2013 John Wiley & Sons, Inc. 21 Secure Socket Tunneling Protocol (SSTP) • Introduced in Windows Server 2008 and supported only by clients running Windows Vista SP1 or later, SSTP encapsulates PPP traffic using the Secure Sockets Layer (SSL) protocol supported by virtually all Web servers. • SSTP uses certificates for authentication, with the EAP-TLS authentication protocol, and in addition to data encryption, provides integrity checking and enhanced key negotiation services. © 2013 John Wiley & Sons, Inc. 22 Internet Key Exchange, Version 2 (IKEv2) • First introduced in Windows 7 and Windows Server 2008 R2, IKEv2 uses TCP port 500 and provides support for IPv6 and the new VPN Reconnect feature, as well as authentication by EAP, using PEAP, EAPMSCHAPv2, or smart cards. • IKEv2 does not support the older authentication mechanisms, however, such as PAP and CHAP. © 2013 John Wiley & Sons, Inc. 23 Authenticating Remote Users • In Windows 8.1, you configure the authentication method a VPN connection uses on the Security tab of the connection’s Properties sheet. • The options are as follows: o Use Extensible Authentication Protocol (EAP) o Allow these protocols © 2013 John Wiley & Sons, Inc. 24 Authenticating Remote Users The Security tab of a connection’s Properties sheet © 2013 John Wiley & Sons, Inc. 25 Creating a VPN Connection • To connect a computer running Windows 8.1 to a remote access server, you must create a new VPN or dial-up connection. • In Windows 8.1, the Network Connections window contains a connection for every network interface adapter installed in the computer. • The Windows installation program creates these connections automatically, but to connect to a dial-up or VPN server, you must create additional connections manually. © 2013 John Wiley & Sons, Inc. 26 Create a VPN Connection The How do you want to connect? page © 2013 John Wiley & Sons, Inc. 27 Create a VPN Connection The Type the Internet address to connect to page © 2013 John Wiley & Sons, Inc. 28 Create a VPN Connection The Network Authentication pane © 2013 John Wiley & Sons, Inc. 29 Using VPN Reconnect • Windows 8.1 includes a feature called VPN Reconnect, based on the IKEv2 Mobility and Multihoming (MOBIKE) protocol, which enables a computer to reconnect to a VPN server automatically, after an interruption as long as eight hours. • To configure VPN Reconnect, you open the Properties sheet for a VPN connection, click the Security tab, and click Advanced settings. • In the Advanced Properties dialog box that appears, click the IKEv2 tab and select the Mobility checkbox. © 2013 John Wiley & Sons, Inc. 30 Using VPN Reconnect Enabling VPN Reconnect © 2013 John Wiley & Sons, Inc. 31 Creating a Broadband Connection • While many Internet Service Providers (ISPs) offer broadband services that provide “always on” connections to the Internet, some still offer metered connections that require users to log on and log off. • Windows 8.1 provides wizard options that enable you to create a broadband connection that you can activate and deactivate at will. © 2013 John Wiley & Sons, Inc. 32 Create a Broadband Connection The Type the information from your Internet Service Provider (ISP) page © 2013 John Wiley & Sons, Inc. 33 Using Broadband Tethering • Broadband tethering is a new Windows 8.1 feature that enables a portable computer with a mobile broadband connection to function as a wireless “hot spot,” sharing its Internet connection with other devices. © 2013 John Wiley & Sons, Inc. 34 Using Remote Desktop • Windows Server 2012 R2 includes a role called Remote Desktop Services, which provides clients with access to server resources in a variety of ways. • The Remote Desktop Session Host role service functions much like the Remote Desktop Services service in Windows 8.1, except that it can provide multiple (licensed) users with access to the server desktop. © 2013 John Wiley & Sons, Inc. 35 DirectAccess • DirectAccess is a feature in Windows 8.1 and Windows Server 2012 R2 that enables remote users to automatically connect to the company network whenever they have Internet access. © 2013 John Wiley & Sons, Inc. 36 DirectAccess Benefits • Designed as a replacement for VPNs, DirectAccess eliminates the need for client users to manually establish wide area connections to their networks. • DirectAccess provides many other benefits to users and administrators, including the following: o o o o o Bidirectional Encrypted Authenticated Authorized Verified © 2013 John Wiley & Sons, Inc. 37 Lesson Summary • BranchCache is a feature in Windows 8.1 and Windows Server 2012 R2 that enables networks with computers at remote locations to conserve bandwidth by storing frequentlyaccessed files on local drives. • Windows 8.1 includes remote access client capabilities that enable users to connect to a network using dial-up or virtual private network (VPN) connections. • In a virtual private network (VPN) connection, the remote client and the remote access server are both connected to the Internet, using local service providers. • Windows 8.1 and Windows Server 2012 R2 include a remote access solution called DirectAccess, which enables clients to remain connected to their host networks whenever they have access to the Internet. © 2013 John Wiley & Sons, Inc. 38 Copyright 2013 John Wiley & Sons, Inc.. All rights reserved. Reproduction or translation of this work beyond that named in Section 117 of the 1976 United States Copyright Act without the express written consent of the copyright owner is unlawful. Requests for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc.. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.