Network+ Guide to Networks, 6th Edition
Chapter 10
Virtual Network and Remote Access
At a Glance
Instructor’s Manual Table of Contents

Overview

Objectives

Teaching Tips

Quick Quizzes

Class Discussion Topics

Additional Projects

Additional Resources

Key Terms
10-1
Network+ Guide to Networks, 6th Edition
10-2
Lecture Notes
Overview
This chapter describes the networking components of virtual environments beyond the virtual
LAN or VLAN. It discusses virtualization along with the tools used to provide remote access
and various remote access technologies. These technologies cover both network access and
remote access to computing resources (desktops or client computers).
Chapter Objectives
After reading this chapter and completing the exercises, the student will be able to:
 Explain virtualization and identify characteristics of virtual network components
 Create and configure virtual servers, adapters, and switches as part of a network
 Describe techniques for incorporating virtual components in VLANs
 Explain methods for remotely connecting to a network, including dial-up networking,
virtual desktops, and thin clients
 Discuss VPNs (virtual private networks) and the protocols they rely on
 Identify the features and benefits of cloud computing and NaaS (Network as a Service)
Teaching Tips
Virtualization
1. Describe the basic terminology of virtualization.
2. Use Figure 10-1 to describe the components of a virtualization environment.
3. Explain the advantages of virtualization.
4. Explain the disadvantages of virtualization.
5. Explain that all virtualization providers have similar functionality, but differ in features,
interfaces, and ease of use.
Teaching
Tip
Ensure that students understand that the use of virtualization is a convenience,
but that the convenience comes with a high price and potential for server sprawl
caused by virtualization.
Network+ Guide to Networks, 6th Edition
10-3
Virtual Network Components
1. Explain that virtual machines must connect to physical networks and the components
that connect virtual machines to the physical network are the virtual network
components inside the host machine.
Virtual Machines and Adapters
1. Explain that a VM’s software and hardware characteristics are assigned when it is
created in the virtualization program.
2. Use Figure 10-2 as an example of specifying the hardware resources of a virtual
machine.
3. Explain the purpose of the vNIC.
4. Use Figure 10-3 as an example of a virtual network adapter’s settings.
5. Remind students that every vNIC assigned to a virtual machine has a new MAC address
assigned to it at creation.
Virtual Switches and Bridges
1. Explain the function of virtual switches and virtual bridges.
2. Use Figure 10-4 to explain the connections between virtual machines via a virtual
switch.
3. Explain that the hypervisor controls virtual switches and bridges in the memory of the
host computer.
4. Explain that virtual switches offer users the ability to configure the network traffic any
way that they need for the various applications that are being run by the user.
5. Use Figure 10-5 to show an example of virtual switches passing traffic through a router.
Network Connection Types
1. Explain that whenever you configure a virtual NIC, you will need to select the
connection type for the interface.
2. Define the three modes of connection common to virtual connections: bridged, NAT,
and host-only.
3. Explain the benefits of the bridged networking mode, such as Internet facing servers.
4. Define the services that one might need to provide on a bridged network connection.
Network+ Guide to Networks, 6th Edition
10-4
5. Remind students of the disadvantages of a bridged connection.
6. Use Figures 10-6 and 10-7 to explain a bridged connection.
7. Use Figures 10-8 and 10-9 to show an example of a NAT connection.
8. Explain the services that the host provides for a NAT connection.
9. Discuss the advantages and disadvantages of a NAT connection.
10. Explain the circumstances where you might want to use a host-only connection for a
guest versus the other types.
11. Use Figure 10-10 to demonstrate a host-only connection.
12. Explain the limitations of a host-only connection.
Virtual Appliances
1. Define a virtual appliance.
2. Explain that there are both commercial and non-commercial sources of virtual
appliances.
3. Define the advantages of a virtual appliance over installing software on a traditional
server.
Teaching
Tip
Have students visit the VMWare Solution Exchange to see a list of potential
appliances at https://solutionexchange.vmware.com/store/category_groups/19
Virtual Networks and VLANs
1. Remind students of the function of VLANs from Chapter 6.
2. Explain that physical adapters can present multiple VLANs to a virtual machine host.
3. Explain how VMWare handles VLANs, physical NICs, and port groups.
4. Use Figure 10-11 to explain an example of how you can configure a single NIC to
connect multiple VLANs to virtual guests.
Network+ Guide to Networks, 6th Edition
Teaching
Tip
10-5
Explore the VMWare best practices for using multiple VLANs from VMWare at
http://www.vmware.com/technical-resources/virtual-networking/virtualnetworks.html
Quick Quiz 1
1. True or False: Virtualization is the emulation of a computer, operating system
environment, or application on a physical system.
Answer: True
2. When multiple virtual machines contend for finite physical resources, one virtual
machine could _____ those resources and impair the performance of other virtual
machines on the same computer.
a. reframe
b. repair
c. monopolize
d. optimize
Answer: C
3. The software that allows you to define VMs and manages resource allocation and
sharing among them is known as a virtual machine manager, or, more commonly, a(n)
____________________.
Answer: hypervisor
4. True or False: VMs that must be available at a specific address, such as mail servers or
Web servers, should be assigned host-only network connections.
Answer: False
5. In _____ networking mode, VMs on one host can exchange data with each other and
with their host, but they cannot communicate with any nodes beyond the host.
a. host-only
b. bridged
c. NAT
d. network-only
Answer: A
6. True or False: To add VMs to a VLAN defined on a physical network, you modify a
switch’s configuration.
Answer: False
Network+ Guide to Networks, 6th Edition
10-6
Remote Access and Virtual Computing
1. Explain why a user might need to connect to a remote network for services.
2. Point out that there are a variety of remote access methods that fit various access
scenarios.
3. Explain that dial-up networking, Microsoft’s RAS or RRAS, as well as VPNs, are just
some of many remote access methods.
Dial-Up Networking
1. Define and describe dial-up networking methods.
2. Point out that dial-up networking can use a variety of transmission methods from PSTN
to ISDN.
3. Mention that dial-up networking does not provide either the throughput or reliability
required for many of today’s modern applications.
4. Describe how dial-up networking requires a great deal of an administrator’s time and
energy to properly maintain an appropriate level of service.
Teaching
Tip
Point out that dial-up networking is useful in many scenarios, including a domain
logon: http://www.baudlabs.com/archives/100
Remote Access Servers
1. Explain the purpose of a remote access server.
2. Use Figure 10-12 to explain how remote clients connect via a remote access server.
3. Emphasize that remote access servers come in a variety of configurations, including
dedicated devices and servers with the remote access role.
Remote Access Protocols
1. Define and describe the two most popular remote access protocols, SLIP and PPP.
2. Note that SLIP can only carry IP packets, but that PPP can carry any protocol.
3. Describe the differences between synchronous and asynchronous protocols.
4. Describe the advantages of using PPP over SLIP.
Network+ Guide to Networks, 6th Edition
10-7
5. Emphasize that the flexibility of PPP has caused many ISPs to adopt it using PPP over
Ethernet for many broadband applications.
6. Use Figure 10-16 to explain the placement of PPPoE in the OSI model.
Remote Virtual Computing
1. Point out that there are two main uses of remote virtual computing, which include
remote assistance and access to remote applications (including whole desktops).
2. Describe the advantages of Remote Desktop.
3. Describe the features of VNC (Virtual Network Computing).
4. Describe the advantages of ICA (Independent Computing Architecture).
Teaching
Tip
Students may find more information about the clients available for ICA from
http://www.citrix.com/lang/English/lp/lp_2309126.asp.
VPNs (Virtual Private Networks)
1. Note that virtual private networks establish connections between sites or sites and
clients over public networks.
2. Explain how VPNs can be used to reduce costs for remote workers.
3. Emphasize that the two most important factors with VPNs are interoperability and
security.
4. Review the two classifications of VPNs, client-to-site and site-to-site.
5. Use Figure 10-14 to visualize a site-to-site VPN.
6. Note that the endpoint of each side of a VPN is responsible for encrypting and
decrypting the traffic sent over the link.
7. Use Figure 10-15 to describe a client-to-site VPN.
8. Explain the two most popular VPN tunneling protocols, PPTP and L2TP.
Network+ Guide to Networks, 6th Edition
10-8
Cloud Computing
1. Define cloud computing, which has the following characteristics no matter what kind of
service is offered.
a. Self-service and on demand
b. Elastic
c. Support for multiple platforms
d. Resource pooling and consolidation
e. Metered service
2. Explain that Figure 10-16 is an example of a cloud computing model.
Teaching
Tip
Students may find more information various cloud services from Amazon at
http://aws.amazon.com/ec2/.
Quick Quiz 2
1. True or False: Many remote access methods exist, and they vary according to the type
of transmission technology, clients, hosts, and software they can or must use.
Answer: True
2. True or False: Traditional dial-up networking can provide the quality required by many
network applications.
Answer: False
3. ____________________ transmission was designed for communication that happens at
random intervals, such as sending the keystrokes of a person typing on a remote
keyboard.
Answer: Asynchronous
4. True or False: Many types of remote virtual computing software exist, and they differ
significantly in their capabilities, security mechanisms, and supported platforms.
Answer: False
5. Two important considerations when designing a VPN are _____ and security.
a. reliability
b. interoperability
c. availability
d. performance
Answer: B
Network+ Guide to Networks, 6th Edition
10-9
Class Discussion Topics
1. Discuss the benefits of cloud computing.
2. Discuss why an organization would want to develop an enterprise-wide approach to
remote access via VPNs.
Additional Projects
1. Have the student research the available cloud computing services offering infrastructure
services. Students should be sure to use the common features of a cloud computing
platform to ensure that the service they are reporting on is a cloud computing service
according to the text.
2. Have students research policies and procedures at several organizations surrounding
either cloud computing or remote access, including remote desktops. Students may also
want to research the controversy surrounding companies that want to provide these
services commercially for certain popular applications, like Microsoft Office, in the
context of what they learn from their policy and procedure research.
Additional Resources
1. OpenVPN
http://openvpn.net/
2. PPP and PPPoE
http://whatismyipaddress.com/ppp-pppoe
3. PPTP (RFC2637)
http://www.ietf.org/rfc/rfc2637.txt
4. Remote Desktop Protocol
http://msdn.microsoft.com/en-us/library/windows/desktop/aa383015(v=vs.85).aspx
5. RFB (VNC) Protocol
http://www.realvnc.com/docs/rfbproto.pdf
Network+ Guide to Networks, 6th Edition
10-10
Key Terms
 Anything as a Service See XaaS.
 authentication The process of comparing and matching a client’s credentials with the
credentials in the NOS user database to enable the client to log on to the network.
 client-to-site VPN A type of VPN in which clients, servers, and other hosts establish
tunnels with a private network using a remote access server or VPN gateway. Each
client on a client-to-site VPN must run VPN software to create the tunnel for, and
encrypt and encapsulate data.
 cloud computing The flexible provision of data storage, applications, or services to
multiple clients over a network. Cloud computing consolidates resources and is elastic,
metered, self-service, multiplatform, and available on demand.
 credentials A user’s unique identifying characteristics that enable him to authenticate
with a server and gain access to network resources. The most common credentials are a
username and a password.
 dial-up networking The process of dialing into a remote access server to connect with
a network, be it private or public.
 elastic A characteristic of cloud computing that means services can be quickly and
dynamically—sometimes even automatically—scaled up or down.
 Everything as a Service See XaaS.
 guest In the context of virtualization, a virtual machine operated and managed by a
virtualization program.
 host In the context of virtualization, the physical computer on which virtualization
software operates and manages guests.
 Hyper-V Microsoft’s virtualization software package. Hyper-V operates with Windows
Server 2008 and Windows Server 2008 R2.
 hypervisor The element of virtualization software that manages multiple guest
machines and their connections to the host (and by association, to a physical network).
A hypervisor is also known as a virtual machine manager.
 ICA (Independent Computing Architecture) The software from Citrix Systems, Inc.,
that, when installed on a client, enables the client to connect with a host computer and
exchange keystrokes, mouse clicks, and screen updates. Citrix’s ICA client can work
with virtually any operating system or application.
 Kernel-based Virtual Machine See KVM.
 KVM (Kernel-based Virtual Machine) An open source virtualization package
designed for use with Linux systems.
 L2TP (Layer 2 Tunneling Protocol) A protocol that encapsulates PPP data, for use on
VPNs. L2TP is based on Cisco technology and is standardized by the IETF. It is
distinguished by its compatibility among different manufacturers’ equipment; its ability
to connect between clients, routers, and servers alike; and also by the fact that it can
connect nodes belonging to different Layer 3 networks.
 Layer 2 Tunneling Protocol See L2TP.
 multitenant A feature of cloud computing in which multiple customers share storage
locations or services without knowing it.
 NaaS (Network as a Service) A type of cloud computing that offers clients a complete
set of networking services—for example, mail, Web, DNS, DHCP, and remote access
services, plus LAN and WAN connectivity.
 Network as a Service See NaaS.
Network+ Guide to Networks, 6th Edition
10-11
 open source The term that describes software whose code is publicly available for use
and modification.
 Point-to-Point Protocol See PPP.
 Point-to-Point Protocol over Ethernet See PPPoE.
 Point-to-Point Tunneling Protocol See PPTP.
 PPP (Point-to-Point Protocol) A communications protocol that enables a workstation
to connect to a server using a serial connection. PPP can support multiple Network layer
protocols and can use both asynchronous and synchronous communications. It performs
compression and error correction and requires little configuration on the client
workstation.
 PPPoE (Point-to-Point Protocol over Ethernet) PPP running over an Ethernet
network.
 PPTP (Point-to-Point Tunneling Protocol) A Layer 2 protocol developed by
Microsoft that encapsulates PPP data for transmission over VPN connections. PPTP
operates with Windows RRAS access services and can accept connections from
multiple different clients. It is simple, but less secure than other modern tunneling
protocols.
 private cloud An arrangement in which shared and flexible data storage, applications,
or services are managed on and delivered via an organization’s internal network.
 public cloud An arrangement in which shared and flexible data storage, applications, or
services are managed centrally by service providers and delivered over public
transmission lines, such as the Internet. Rackspace and Amazon (with its EC2 offering)
are leading public cloud service providers.
 RAS (Remote Access Service) The dial-up networking software provided with
Microsoft Windows 95, 98, NT, and 2000 client operating systems. RAS requires
software installed on both the client and server, a server configured to accept incoming
clients, and a client with sufficient privileges (including username and password) on the
server to access its resources. In more recent versions of Windows, RAS has been
incorporated into the RRAS (Routing and Remote Access Service).
 RDP (Remote Desktop Protocol) An Application layer protocol that uses TCP/IP to
transmit graphics and text quickly over a remote client-host connection. RDP also
carries session, licensing, and encryption information.
 remote access A method for connecting and logging on to a LAN from a workstation
that is remote, or not physically connected, to the LAN.
 Remote Access Service See RAS.
 Remote Desktop A feature of Windows operating systems that allows a computer to
act as a remote host and be controlled from a client running another Windows operating
system.
 Remote Desktop Protocol See RDP.
 Routing and Remote Access Service (RRAS) The software included with Windows
operating systems that enables a server to act as a router, firewall, and remote access
server. Using RRAS, a server can provide network access to multiple remote clients.
 RRAS See Routing and Remote Access Service.
 Serial Line Internet Protocol See SLIP.
 site-to-site VPN A type of VPN in which VPN gateways at multiple sites encrypt and
encapsulate data to exchange over a tunnel with other VPN gateways. Meanwhile,
clients, servers, and other hosts on a site-to-site VPN communicate with the VPN
gateway.
Network+ Guide to Networks, 6th Edition
10-12
 SLIP (Serial Line Internet Protocol) A communications protocol that enables a
workstation to connect to a server using a serial connection. SLIP can support only
asynchronous communications and IP traffic and requires some configuration on the
client workstation. SLIP has been made obsolete by PPP.
 thin client A client that relies on another host for the majority of processing and hard
disk resources necessary to run applications and share files over the network.
 tunnel A secured, virtual connection between two nodes on a VPN.
 tunneling The process of encapsulating one type of protocol in another. Tunneling is
the way in which higher-layer data is transported over VPNs by Layer 2 protocols.
 virtual adapter See vNIC.
 virtual appliance An image that includes the appropriate operating system, software,
hardware specifications, and application configuration necessary for a prepackaged
solution to run properly on a virtual machine.
 virtual bridge An interface connecting a vNIC with a virtual or physical network, or a
port on a virtual switch.
 virtual desktop A desktop operating environment that is hosted virtually, on a different
physical computer from the one the user interacts with.
 virtual machine See VM.
 virtual machine manager See hypervisor.
 Virtual Network Computing See VNC.
 virtual network interface card See vNIC.
 virtual private network See VPN.
 virtual server A server that exists as a virtual machine, created and managed by
virtualization software on a host, or physical, computer.
 virtual switch A logically defined device that is created and managed by virtualization
software and that operates at the Data Link layer. Ports on a virtual switch connect
virtual machines with a network, whether virtual or physical, through the host’s
physical NIC.
 virtual workstation A workstation that exists as a virtual machine, created and
managed by virtualization software on a host, or physical, computer.
 VirtualBox A virtualization software platform from Oracle.
 virtualization The emulation of a computer, operating system environment, or
application on a physical system.
 VM (virtual machine) A computer that exists in emulation on a physical computer, or
host machine. Multiple VMs may exist on one host where they share the physical
computer’s CPU, hard disk, memory, and network interfaces.
 VMware A vendor that supplies the most popular types of workstation and server
virtualization software. Used casually, the term VMware may also refer to the
virtualization software distributed by the company.
 VNC (Virtual Network Computing) An open source system that enables a remote
client (or viewer) workstation to manipulate and receive screen updates from a host.
Examples of VNC software include RealVNC, TightVNC, and UltraVNC.
 vNIC (virtual network interface card) A logically defined network interface
associated with a virtual machine.
Network+ Guide to Networks, 6th Edition
10-13
 VPN (virtual private network) A logically constructed WAN that uses existing public
transmission systems. VPNs can be created through the use of software or combined
software and hardware solutions. This type of network allows an organization to carve
out a private WAN through the Internet, serving only its offices, while keeping the data
secure and isolated from other (public) traffic.
 XaaS (Anything as a Service, or Everything as a Service) A type of cloud computing
in which the cloud assumes functions beyond networking, including, for example,
monitoring, storage, applications, and virtual desktops.
 Xen An open source virtualization software platform from Citrix Systems.