MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008 Objectives • Configure routing in Windows Server 2008 • Configure Routing and Remote Access Services in Windows Server 2008 • Describe Network Policy Server • Discuss wireless networking with Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 2 Configuring Routing in Windows Server 2008 • Routing and Remote Access Services (RRAS) – Role service used to configure and manage network routing in Windows Server 2008 – Recommended for use in small networks that require simple routing directions – Not recommended for large and complex environments MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 3 Configuring Routing in Windows Server 2008 (continued) • Activity 9-1: Installing a Windows Server 2008 Member Server • Time Required: 75 minutes • Objective: Install a Windows Server 2008 member server MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 4 Configuring RRAS as a Router • Routers – Responsible for forwarding packets between subnets, or networks with differing IP addressing schemes MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 5 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 6 Configuring RRAS as a Router (continued) • Activity 9-2: Installing RRAS on MSN-SRV-0XX and MSN-SRV-1XX • Time Required: 15 minutes • Objective: Install RRAS MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 7 Working with Routing Tables • Routing tables are composed of routes • Routes – Direct data traffic to its destination based on the information it contains • Routing tables – Can be managed in the RRAS console or from the command line using the route command MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 8 Working with Routing Tables (continued) • Activity 9-3: Viewing the Routing Table in RRAS • Time Required: 5 minutes • Objective: View the routing table in RRAS MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 9 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 10 Configuring Routes • Static routing is limited for the following reasons – Requires manual creation and management – Should not be used on networks with more than 10 subnets – All affected routers require reconfiguration if the network changes MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 11 Configuring Routes (continued) • Activity 9-4: Creating a Static Route • Time Required: 15 minutes • Objective: Create a static route from the command line MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 12 Configuring Routes (continued) • Dynamic protocols – Route traffic based on information they discover about remote networks from other routers • Routing Information Protocol version 2 (RIPv2) – Uses partner routers, or RIP neighbors, in determining the dynamic routes it can use for forwarding packets of data MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 13 Configuring a DHCP Relay Agent • DHCP relay agent – Manages the communication between a network’s DHCP server and clients on subnets without a DHCP server • With RRAS – Network adapters are added and configured to listen for DHCP broadcast messages MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 14 Configuring a DHCP Relay Agent (continued) • Activity 9-5: Configuring MSN-SRV-0XX as a DHCP Relay Agent • Time Required: 15 minutes • Objective: Install a DHCP relay agent MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 15 Configuring Dial-on-Demand Routing • Demand-dial routing – Allows a server to initiate a connection only when it receives data traffic bound for a remote network – Can use dial-up networks instead of more expensive leased lines MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 16 Configuring Remote Access Services in Windows Server 2008 • Dial-up networking – Connects remote users to their networks using a standard phone line • Virtual Private Networks – Allow client connections to your network from remote locations – Works by creating a secure tunnel for transmitting data packets between two points – VPN tunneling protocols: Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol, Secure Socket Tunneling Protocol MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 17 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 18 Configuring Remote Access Services in Windows Server 2008 (continued) • Activity 9-6: Installing Remote Access Support for VPNs in RRAS • Time Required: 15 minutes • Objective: Install Remote Access Support with VPN in RRAS MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 19 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 20 Configuring Remote Access Services in Windows Server 2008 (continued) • Activity 9-7: Configuring VPN Ports • Time Required: 15 minutes • Objective: Configure VPN ports MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 21 Network Address Translation • Allows you to shield internal IP address ranges from public networks by allowing internal clients to access the Internet through a shared IP address MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 22 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 23 Introduction to Network Policy Server • Network Policy Server (NPS) – Role service that provides a framework for creating and enforcing network access policies for client health – Can be used to perform: • Configure a RADIUS server • Configure a RADIUS proxy • Configure and implement Network Access Protection (NAP) MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 24 Windows Server 2008 Editions and the NPS Console • NPS Console – Central utility for managing • • • • RADIUS clients and remote RADIUS servers Network health and access policies NAP settings for NAP scenarios Logging settings MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 25 Windows Server 2008 Editions and the NPS Console (continued) • Activity 9-8: Installing NPS • Time Required: 15 minutes • Objective: Install the NPS role service MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 26 Windows Server 2008 Editions and the NPS Console (continued) • Activity 9-9: Creating a Network Access Policy for VPN Connections • Time Required: 15 minutes • Objective: Create a network access policy MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 27 Introduction to RADIUS • RADIUS – Industry-standard protocol that provides centralized authentication, authorization, and accounting for network access devices • Components of RADIUS – – – – – RADIUS clients Network access servers RADIUS proxy RADIUS server User account database MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 28 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 29 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 30 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 31 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 32 RADIUS Server • Used on networks to perform authentication, authorization, and accounting for RADIUS clients • RADIUS client – Can be an NPS, which replaces the IAS from previous versions of Windows Server MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 33 RADIUS Server (continued) • RADIUS – Standardized network protocol that centralizes the following process for user connections • Authentication • Authorization • Accounting MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 34 RADIUS Proxy • NPS – Can be configured as a RADIUS proxy • RADIUS proxies – Route RADIUS messages between RADIUS clients and RADIUS servers MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 35 NAP • Network Access Protection (NAP) – Provides a tool for you to block external and internal network threats – Can be broken into three parts • Health policy validation • Health policy compliance • Limited access MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 36 Authentication Protocol • Supported authentication protocols in Windows Server 2008 – Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) – Protected Extensible Authentication Protocol– Transport Layer Security PEAP-TLS – Protected PEAP–Microsoft Challenge Handshake Authentication Protocol version 2 (PEAPMSCHAPv2) MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 37 Wireless Access Configuration in Windows Server 2008 • 802.1x standard – Developed by the Institute of Electrical and Electronics Engineers (IEEE) • On 802.1x networks – Network access control provides an authentication mechanism to allow or deny network access based on port connection MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 38 Wireless Access Configuration in Windows Server 2008 (continued) • Categories of EAP implementations – EAP over local area network (LAN) – EAP over wireless • 802.1x uses a three-component model for authenticating access to networks – Supplicant – Authenticator – Authentication server MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 39 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 40 Summary • RRAS – Role service used to configure and manage network routing in Windows Server 2008 • Routers – Responsible for forwarding packets between subnets, or networks with differing IP addressing schemes • To process traffic – Router uses routing tables to determine where to send traffic MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 41 Summary (continued) • Routers – Use dynamic routing protocols and preconfigured static routes to deliver packets using the best route possible between two subnets • Most modern networks – Support the passing of DHCP broadcast messages between subnets without a DHCP server to subnets that contain a DHCP server • Demand-dial routing – Allows a server to initiate a connection only when it receives data traffic bound for a remote network MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 42 Summary (continued) • VPNs – Provide secure network access for remote clients over the Internet through the use of tunneling protocols • NAT – Allows you to shield internal IP address ranges from public networks • NAP – Provides a framework for you to block external and internal network threats MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 43