Module 9: Remote User Connectivity Contents Overview Introducing Routing and Remote Access Designing a Functional Remote Access Solution 10 Securing a Remote Access Solution 26 Enhancing a Remote Access Design for Availability 33 Optimizing a Remote Access Design for Performance 40 Lab A: Designing a Remote Access Solution 44 Review 51 Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  2000 Microsoft Corporation All rights reserved Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries/regions Project Lead: Don Thompson (Volt Technical) Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Jack Creasey, Doug Steen (Independent Contractor) Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Kristen Heller (Wasser) Copy Editor: Kaarin Dolliver (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Test Leads: Sid Benevente, Keith Cotton Test Developer: Greg Stemp (S&T OnSite) Production Support: Lori Walker (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Manager: Ken Rosen Group Product Manager: Robert Stewart Other product and company names mentioned herein may be the trademarks of their respective owners Module 9: Remote User Connectivity iii Instructor Notes Presentation: 90 Minutes Lab: 30 Minutes This module provides students with the information and decision-making experiences needed to design a remote access solution by using Routing and Remote Access Students will make remote access technology decisions for a Microsoft® Windows® 2000 networking infrastructure based on the needs of the organization At the end of this module, students will be able to: Recognize Routing and Remote Access as a solution for remote access Identify the design decisions that influence a functional remote access solution Select appropriate strategies to secure remote access connections Select appropriate strategies to enhance remote access availability Select appropriate strategies to improve remote access performance Upon completion of the design lab, students will be able to design a remote access solution by using Routing and Remote Access in a Windows 2000 environment Course Materials and Preparation This section provides you with the required materials and preparation tasks that are needed to teach this module Required Materials To teach this module, you need the following materials: Microsoft PowerPoint® file 1562B_09.ppt Preparation Tasks To prepare for this module: Review the contents of this module Read any relevant information in the Windows 2000 Help files, the Windows 2000 Resource Kit, or in documents provided on the Instructor CD Read the relevant RFCs in the Windows 2000 Help files Review discussion material and be prepared to lead class discussions on the topics Complete the lab and be prepared to elaborate beyond the solutions found there Read the review questions and be prepared to elaborate beyond the answers provided in the text iv Module 9: Remote User Connectivity Module Strategy Use the following strategy to present this module: Introducing Routing and Remote Access Routing and Remote Access supports dial-up connections for remote users connecting to a private network Providing a Routing and Remote Access solution can reduce the dependence on service infrastructures and the performance variability of the Internet In this section: • Emphasize that identifying the number of dial-up clients, connection technologies, client authentication and security requirements, and client connection protocols is the first step in designing a Routing and Remote Access solution • Introduce virtual private network (VPN) and explain how it enhances the security of a Routing and Remote Access solution • Explain dial-up access and server interoperability as the main features of Routing and Remote Access • Explain the benefits of integrating Routing and Remote Access with DHCP, WINS, DNS, Remote Authentication Dial-In User Service (RADIUS), and the Active Directory™ directory service Designing a Functional Remote Access Solution To design a remote access solution based on Routing and Remote Access, you must consider the network access requirements, the protocols required, and server placement issues In this section: • Explain that, to integrate remote access solutions into a local area network (LAN) environment, security policies for dial-up clients, concurrent sessions and multilinks, the aggregate throughput for clients, and client configuration must be identified • Emphasize that selecting dial-up solutions, enabling supported protocols, providing client-to-server connections, and providing demand-dial router-to-router connections are the necessary tasks for integrating remote access solutions into a routed environment • Emphasize that selecting dial-up or VPN-based servers, and providing remote access client and router-to-router connections are the necessary tasks for integrating VPN into a routed environment • Point out that Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) are the two tunneling protocols supported by Routing and Remote Access in Windows 2000 that provide authentication and data encryption for creating VPN connections • Point out that the placement of VPN servers must be determined to integrate VPN servers with the Internet • Describe the issues pertaining to the placement of remote access servers on a network Module 9: Remote User Connectivity v • Ensure that students understand the scenario description and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses Securing a Remote Access Solution The security of a network is compromised if remote users are provided access to intranet-based resources An effective security configuration confirms the identity of the clients attempting to access the resources on the network, protects resources from unauthorized users, and provides an efficient way to set up and maintain security on the network In this section: • Explain that Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), Microsoft Challenge Handshake Authentication Protocol version (MS-CHAP v2), Extensible Authentication Protocol-Transport Level Security (EAP-TLS), CHAP, Shiva Password Authentication Protocol (SPAP), and Password Authentication Protocol (PAP) are the authentication protocols supported by Routing and Remote Access • Explain that Microsoft Point-to-Point Encryption (MPPE) and L2TP/Internet Protocol Security (IPSec) are the appropriate encryption methods supported by Routing and Remote Access • Explain access restricted by user, access restricted by a policy in a Windows 2000 native-mode domain, and access restricted by a policy in a Windows 2000 mixed-mode domain as the methods of ensuring security with remote access policies • Describe how to secure the network resources by limiting access to the remote access or VPN server • Describe how integration of Routing and Remote Access with RADIUS can be used for authentication and accounting Enhancing a Remote Access Design for Availability The availability of a remote access implementation design is measured by the percentage of time users are able to obtain remote access to intranetbased resources In this section: • Point out that any design that requires high availability must include more than one Routing and Remote Access or VPN server Explain that adding redundant remote access servers can create highly available remote access services • Explain how RADIUS centralizes the administration of remote access policies by configuring all remote access and VPN Servers to share a common policy • Make sure that students understand the scenario description and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses vi Module 9: Remote User Connectivity Optimizing a Remote Access Design for Performance In a remote access or VPN solution, you must improve the performance of individual servers, or share the load of servers by including additional servers in the network design as the number of remote access clients increases In this section: • Explain that factors such as changes in client application usage, wide area network (WAN) usage, and number of clients can affect the performance of a remote access server Emphasize that a possible solution for performance degradation is to use multiple remote access servers and distribute the client load across the servers • Explain that improving server performance, dedicating a server to remote access and VPN servers, upgrading existing remote access and VPN servers, and improving WAN and LAN connection performance are the various methods of improving the performance of an individual remote access server Lab Strategy Use the following strategy to present this lab Lab A: Designing a Routing and Remote Access Solution In the design lab, students will design a remote access solution based on specific requirements outlined in the given scenario Students will review the scenario and the design requirements and read any supporting materials They will use this information, and the knowledge gained from the module, to develop a detailed design by using Routing and Remote Access as a solution To conduct the lab: Read through the lab carefully, paying close attention to the instructions and to the details of the scenario Consider dividing the class into teams of two or more students Present the lab and make sure students understand the instructions and the purpose of the lab Direct students to use the planning worksheet to record their solutions Remind students to consider any functionality, security, availability, and performance criteria provided in the scenario and how they will incorporate strategies to meet these criteria in their design Allow some time to discuss the solutions after the lab is completed A solution is provided in your materials to assist you in reviewing the lab results Encourage students to critique each other’s solutions and to discuss any ideas for improving their designs Module 9: Remote User Connectivity Overview Slide Objective To provide an overview of the module topics and objectives Lead-in In this module, you will develop a strategy for designing a remote access solution Introducing Routing and Remote Access Designing a Functional Remote Access Solution Securing a Remote Access Solution Enhancing a Remote Access Design for Availability Optimizing a Remote Access Design for Performance An organization might allow dial-up clients and remote office locations to access its private network resources The remote access features of Routing and Remote Access in Microsoft® Windows® 2000 provide secure, dial-up access to a network for remote access clients The remote access clients connect remotely by using various protocols and connection types At the end of this module, you will be able to: Recognize Routing and Remote Access as a solution for remote access Identify the design decisions that influence a functional remote access solution Select appropriate strategies to secure remote access connections Select appropriate strategies to enhance remote access availability Select appropriate strategies to improve remote access performance Module 9: Remote User Connectivity Introducing Routing and Remote Access Slide Objective To introduce Routing and Remote Access as a solution for remote access Lead-in To design a remote access solution, you must identify the client requirements and how Routing and Remote Access meets these requirements Design Decisions for a Remote Access Solution VPN with Remote Access Solutions Routing and Remote Access Features Integration Benefits Routing and Remote Access enables remote access clients to access corporate networks as if they were directly connected to the corporate network The remote access clients connect to the network by using dial-up communication links To design a remote access solution, you need to: Identify the decisions influencing a remote access solution Describe the architectural elements of a virtual private network (VPN) in a remote access networking strategy Identify the features offered by Routing and Remote Access so that you can apply them successfully in the network design Identify the benefits of integrating Routing and Remote Access with other Windows 2000 services Module 9: Remote User Connectivity Design Decisions for a Remote Access Solution Slide Objective Adapter or Modem To identify the decisions that influence the design of a remote access solution Lead-in To develop a remote access solution, you must identify the number of dial-up users, and assess the requirements of these users Remote Access Client Public Network Adapter or Modem Remote Access Server Provider Network PSTN X.25 ISDN Intranet Number of Dial-Up Clients? Local or Network-Wide Resources? Connection Technologies? Client Authentication, Security, and Encryption? Client Connection Protocols? Discuss the bulleted points with students Tell them that these are the questions they need to answer before designing a remote access solution Explain the relevance of these decisions with reference to the graphic Routing and Remote Access supports dial-up connections for remote users connecting to a private network Users can access resources on the remote access server or on attached networks, provided they meet the network security requirements defined for the network design Providing a Routing and Remote Access solution can reduce the dependence on service infrastructures (such as Internet service providers (ISPs)), and the performance variability of the Internet In designing a Routing and Remote Access solution, you need to consider the: Maximum number of simultaneous user connections required Types of resources that the clients would require to access (local, remote, or both) Connection technologies and throughput requirements For example, connections that use modems over Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN), or X.25 Client authentication, security, and encryption requirements Client connection protocols Module 9: Remote User Connectivity VPN with Remote Access Solutions Slide Objective To describe the architectural elements of VPN in a remote access networking strategy Dial-Up Dial-Up VPN VPN Client Client Voluntary Tunnel Point of Presence (POP) Lead-in VPN provides a secure communications link across a network and can secure data from end-to-end or from the network access server to the private network PSTN ISDN POP/Network Access Server (NAS) Compulsory Tunnel VPN Server VPN Server VPN Server VPN Server Internet VPN Server VPN Server RADIUS Server RADIUS Server POP/NAS Compulsory Tunnel with RADIUS VPN Connection Types VPN Connection Types Account-based Authentication and Encryption Account-based Authentication and Encryption Compatibility with Other Operating Systems Compatibility with Other Operating Systems Use this slide to point out the three types of connections Explain how authentication, encryption, and compatibility are managed in each connection type Many organizations are transitioning from a centralized in-house dial-up remote access infrastructure to an Internet-based infrastructure for clients accessing a corporate intranet Organizations requiring support for dial-up clients can reduce costs by outsourcing the remote access dial-up points to an ISP In addition, VPN maintains a high level of security for client connections to the private network A VPN supports secure point-to-point communications over a private or public IP-based network VPN connections are Transmission Control Protocol (TCP)based and require no intermediate router support VPN Connection Types VPN supports Internet Protocol (IP) layer tunneling that creates a secure connection between a VPN-based remote access client and a remote access server on the private network The computers participating in a VPN connection authenticate one another and encrypt the data flowing through the VPN Note It is possible to create a tunnel and send the data through the tunnel without encryption However, it will not be a VPN connection because the private data is sent across a shared or public network in an unencrypted form VPN connections can be designed as compulsory or voluntary tunnels Compulsory tunnels are pre-configured device-initiated connections for which: The remote access server initiates tunnel connections The remote access server supports the tunnel protocol Client authentication is per user based and optionally uses Remote Authentication Dial-In User Service (RADIUS) Client support for tunneling is not required 38 Module 9: Remote User Connectivity Module 9: Remote User Connectivity 39 Questions Answer the following questions to determine how a remote access solution for this scenario can be developed Circle the correct answer, or provide a detailed explanation The organization requires that the remote access solution must not degrade if a single server fails How many remote access servers are required in this design? a Four servers b Five servers c Seven servers d Eight servers The correct answer is d Eight servers are required, one extra than the seven servers that are currently in place The extra server is required to provide failure protection If all dial-up clients are using Windows 2000–based computers, what authentication levels would you enforce? Use MS-CHAP v2 or EAP-TLS for smart card authentication The organization management would like to give access to a group of contractors and has heard that they can limit the contractors’ access to the remote access servers Suggest a solution for the organization One possibility is to provide a remote access server and allow access to only local resources This can only be set on a per server basis If the VPN/proxy/firewall fails, the organization would lose Internet access and VPN availability Suggest solutions to increase the availability If you place all of these functions on one computer, in addition to compromising on security, you can lose all functions immediately upon VPN/proxy/firewall failure One possible solution is to use two VPN servers, positioned either inside or outside a firewall, to provide redundancy 40 Module 9: Remote User Connectivity Optimizing a Remote Access Design for Performance Slide Objective To select appropriate strategies to improve the performance of a remote access solution Lead-in Distributing Remote Access Across Multiple Servers Improving Remote Access Performance on a Server A remote access design may require improvement in performance as the number of remote access clients grows In a remote access or VPN solution, the increase in the number of client connections can affect the performance of the solution You must improve the performance of individual servers, or share the load of servers by including additional servers in the network design as the number of remote access clients increases Module 9: Remote User Connectivity 41 Distributing Remote Access Across Multiple Servers Slide Objective To describe how the performance of Routing and Remote Access can be improved by using multiple servers Using Connection Manager to Distribute Clients Lead-in Adding Remote Access Servers at Remote Locations Factors such as changes in client application usage, WAN usage, and the number of clients can affect the performance of Routing and Remote Access Evaluate and then redistribute remote access clients across remote access servers Provide a new phone book that reflects the redistribution Distributes network load to the location where the resource resides Improves remote access performance Adding VPN Servers Factors such as changes in client application usage, WAN usage, and number of clients can affect the performance of a remote access server A possible solution for the performance degradation is to use multiple remote access servers and distribute the client load across the servers Using Connection Manager to Distribute Clients In a multiple-server remote access solution, the clients must be distributed evenly across the servers Connection Manager allows the distribution of a phone book with multiple access numbers to clients The clients connect to the dial-up numbers in the order specified in their phone book The order of the phone book entries can be set for individual users or groups, allowing the client load to be evenly distributed between servers Adding Remote Access Servers at Remote Locations Adding remote access servers at remote locations may improve performance where clients access local resources At each remote location, install the appropriate number of remote access servers to support the clients that dial-up to access resources Install remote access servers at remote locations if: The cost of the additional remote access servers is acceptable The dial-up clients mostly access local resources A significant reduction of phone charges results from calling local numbers Adding VPN Servers Create VPN server designs by adding multiple VPN servers in a load-balancing configuration These redundant servers distribute the remote access clients in a manner that divides total resource usage across all of the servers 42 Module 9: Remote User Connectivity Improving Remote Access Performance on a Server Slide Objective To describe the various methods of improving the performance of an individual remote access server Lead-in The method used to improve the performance of a remote access server depends on the performance-limiting factors Improving Single Server Performance Dedicating a Server to Remote Access and VPN Servers Upgrading Existing Remote Access and VPN Servers Improving WAN and LAN Connection Performance Routing and Remote Access enhances server performance by supporting multiple CPUs that can be used by the multithreaded service You can select a solution to enhance the performance of the server, depending on the components limiting the performance of the server Improving Single Server Performance The following table lists the performance-limiting factors with the possible solutions If the performance-limiting factor is Client connection speed Consider Upgrading to modems that support a higher transmission rate Upgrading to intelligent communications adapters to offload processing from the remote access server Remote access server connection Using multiple or higher bandwidth network cards for the private and public network connection Individual computer Minimizing or offloading other services running on the computer Adding multiple CPUs Providing ample memory to support the service Note If the remote access server is also providing resources for remote access clients, the performance of the disk subsystems might become a limiting factor Under these circumstances, the disk subsystem performance may be improved by using redundant array of independent disks (RAID) arrays Module 9: Remote User Connectivity 43 Dedicating a Server As a Remote Access and VPN Server In some designs, remote access and VPN servers share resources with other services and applications on the same physical computer If performance is not achieving the design specifications, move all other functions to a separate computer Consider dedicating a server to remote access or VPN if: Other functions running on the same computer can be transferred to another system The cost of adding the additional server is unacceptable The existing server hardware cannot be upgraded further Upgrading Existing Remote Access and VPN Servers When the resources of the VPN server are exhausted, the performance degrades relative to the degree to which the resources are used After enough resources are depleted, the performance of the VPN server does not achieve the design specifications Consider upgrading the existing VPN servers if: Other functions must run on the same computer The cost of adding the additional server is unacceptable The existing VPN server hardware supports future upgrades Improving WAN and LAN Connection Performance In a proper design of remote access and VPN servers, the maximum data rate of the Internet or intranet connection must be the limiting factor in accessing resources For example, if the design specifies the use of 256 Kbps asymmetric digital subscriber line (ADSL) connections for remote access clients, clients must expect data transmission rates near 256 Kbps To improve the data throughput rates, consider: Upgrading to an ISP that provides improved data rates Upgrading to intelligent communications adapters to offload processing from the server 44 Module 9: Remote User Connectivity Lab A: Designing a Remote Access Solution Slide Objective To introduce the lab Lead-in In this lab, you will be presented with a business scenario You will determine how features of remote access in Windows 2000 can be applied to satisfy business needs You will critique a remote access design and finally prepare a design of your own Objectives After completing this lab, you will be able to: Evaluate a scenario to determine the requirements for a Routing and Remote Access design Design a Routing and Remote Access solution for the given scenario Prerequisites Before working on this lab, you must have: Knowledge of Routing and Remote Access features and functionality Knowledge of Routing and Remote Access strategies for security, availability, and performance Estimated time to complete this lab: 30 minutes Module 9: Remote User Connectivity 45 Exercise Making Remote Access Implementation Decisions In this exercise, you will design a remote access solution for the given scenario Review the diagrams and the scenario Answer the questions provided to complete your solution to the scenario When you are finished, be prepared to discuss your decisions with the rest of the class Scenario An organization has decided to restructure an existing remote access–based solution to its private network You are assigned the task of evaluating how dial-up remote access is used in the existing physical network design The current network configuration provides: Intranet access to all shared folders and Web-based applications at all locations Access to the Internet from all locations Remote access to corporate resources, regardless of a single server failure, for 60 remote staff members Support for all of the hosts, as shown in the diagram Support for dial-up clients with a mixture of 33.6 and 56 Kbps modems Support for a mission-critical Web-based application that requires 24-hoursa-day, 7-days-a-week availability Remote access to shared folder resources on Windows 2000 and Novell NetWare 3.x–based servers, and to Web-based applications and files, including a sales multimedia presentation requiring sustained 28 Kbps throughput Isolation of the organization’s network from the Internet by using a proxy server and a firewall, both situated at LocationA Encryption for all remote communications authentication and data In the current scenario: Each remote user consumes an average of two percent of the remote access server’s resources with an inactive baseline of four percent Corporate guidelines for resource computers and servers require that average usage not be above 70 percent Average data rates for remote clients not fall below 30 Kbps 46 Module 9: Remote User Connectivity High Level Network Design The following diagram shows an overview of the existing network configuration Each location is shown in detail in subsequent diagrams Internet LocationA LocationA T1 Li n k 1283 Hosts 25 833 Hosts p Kb a Fr ct s ion al T1 Li n 64 k IS DN Kb ps Li n k 129 Hosts LocationC LocationC LocationB LocationB LocationA Network Design The following diagram shows the existing network configuration at LocationA Firewall Proxy Server Proxy Server Link to Internet Segment A1 Segment A2 Router A1 Router A1 Router A2 Router A2 Segment A3 File and Print File and Print Server Server Remote Access Remote Access Servers Servers Link to LocationB Link to LocationC Router A3 Router A3 NetWare 3.x NetWare 3.x Module 9: Remote User Connectivity 47 LocationB Network Design The following diagram shows the existing network configuration at LocationB nk Li to ca Lo nA tio Router B1 Router B1 Segment B1 Segment B2 LocationC Network Design The following diagram shows the existing network configuration at LocationC nk Li to c Lo at nA io Segment C1 Router C1 Router C1 48 Module 9: Remote User Connectivity Design Decisions Using the information provided in the scenario, evaluate the appropriate decisions that must be made to implement a remote access solution Use the following questions to formulate how remote access needs to be configured to fulfill the requirements specified in the scenario Circle the correct answer(s) Given the number of remote clients, and ignoring reliability considerations, how many remote access servers are required in this design? a One server b Two servers c Five servers d Six servers The correct answer is b Two servers are required Which of the following protocols are required for appropriate access to intranetwork resources? a TCP/IP b IPX/SPX c NetBEUI d DLC e AppleTalk The correct answers are a and b Choice a is required for folder resources in Windows 2000 and intranetwork Web-based applications Choice b is required for NetWare 3.x folder resources Which of the following security protocols would you enable on the remote access clients and servers? a PAP b CHAP c EAP d MS-CHAP and MS-CHAP version The correct answers are c and d Choice a does not support encrypted passwords and data Choice b does not support data encryption Module 9: Remote User Connectivity 49 Which of the following configuration steps are necessary to provide remote access functionality in the event of a single point of failure? a Configure a backup remote access connection for the remote access clients in the event of a failure on their primary server b Publish an alternate list of phone numbers for use by the remote access users c Add additional communications ports to the existing remote access servers d Upgrade any unintelligent communications controllers to intelligent communications controllers The correct answer is a Choice b is appropriate but the remote access users are required to manually create or modify their own connections Choice c is not appropriate because the additional ports improve functionality but not add additional reliability Choice d is not appropriate because the upgrade increases performance but does not add additional reliability What is the minimum number of remote access servers that are necessary to provide remote access functionality in the event of a single point of failure? a Two remote access servers b Three remote access servers c Four remote access servers d Six remote access servers The correct answer is b Which of the following configurations are appropriate in creating a highly available remote access design? a Divide dial-up users across all remote access servers; for each group, designate one of the servers as the primary remote access server b Install additional communications ports to use in the event of a communications port failure c Divide dial-up users across all remaining remote access servers and designate the other servers as the backup remote access servers d Install additional modems to use in the event of a modem failure The correct answers are a and c 50 Module 9: Remote User Connectivity If your solution has three remote access servers and one of these fails, how many remote users will each remaining remote access server be required to support? a 60 remote users b 30 remote users c 26 remote users d The remaining remote access servers will not support all of the remote users The correct answer is b Which of the following would assist performance if the remote user average throughput rate were limited to a figure below the specification on a specific remote access server? a Add an additional remote access server and evenly redistribute the users across the new configuration b Add additional communications ports to the remote access server and assign users to use the phone numbers associated with the new ports c Upgrade the modems attached to the remote access server to higher speed modems d Replace unintelligent communications port controllers with intelligent communications port controllers The correct answers are a and d A multimedia presentation is to be used by six remote access clients concurrently It is available on a server in LocationC What recommendations would you make to the management? The link from LocationA to LocationC will not carry the required traffic The choices to enable the solution to work are: • Move the presentation to a server in LocationA • Increase the bandwidth of the link from LocationA to LocationC Module 9: Remote User Connectivity 51 Review Slide Objective To reinforce module objectives by reviewing key points Lead-in The review questions cover some of the key concepts taught in the module Introducing Routing and Remote Access Designing a Functional Remote Access Solution Securing a Remote Access Solution Enhancing a Remote Access Design for Availability Optimizing a Remote Access Design for Performance Your organization is connecting two remote locations by using remote access servers Which features of remote access in Windows 2000 are useful in creating the design? The design must include specifications to use MS-CHAP v2 for the strongest authentication, IPSec for encryption, and a demand-dial interface to establish the connections A remote access design is to be deployed in a multinational organization Which data encryption protocols are appropriate for the design? Because the design affects remote access implementations outside the United States and Canada, only 40-bit DES and 56-bit DES are appropriate You are evaluating an existing remote access design How would you determine if the remote access design achieves the business goals for security? The design achieves the security business goals when only authorized users can access intranet-based resources Methods of achieving the business goal are user authentication, authentication encryption, data encryption, access restriction by using remote access policies, and access restriction to resources located on the remote access server THIS PAGE INTENTIONALLY LEFT BLANK ... Kbps V.90 client connections 38 Module 9: Remote User Connectivity Module 9: Remote User Connectivity 39 Questions Answer the following questions to determine how a remote access solution for this... connecting user • Authentication accepts and rejects for the connecting user • Accounting-interim requests, sent periodically by the remote access server during a user session Module 9: Remote User Connectivity. .. enhances remote access availability by adding redundant remote access servers, and by centralizing the management of remote access servers 34 Module 9: Remote User Connectivity Adding Redundant Remote