Network Policy and Access Services in Windows Server 2008
Download
Report
Transcript Network Policy and Access Services in Windows Server 2008
MCTS Guide to Microsoft Windows
Server 2008 Network Infrastructure
Configuration
Chapter 9
Network Policy and Access
Services in Windows Server 2008
Objectives
• Configure routing in Windows Server 2008
• Configure Routing and Remote Access Services in
Windows Server 2008
• Describe Network Policy Server
• Discuss wireless networking with Windows Server
2008
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
2
Configuring Routing in Windows
Server 2008
• Routing and Remote Access Services (RRAS)
– Role service used to configure and manage network
routing in Windows Server 2008
– Recommended for use in small networks that require
simple routing directions
– Not recommended for large and complex
environments
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
3
Configuring Routing in Windows
Server 2008 (continued)
• Activity 9-1: Installing a Windows Server 2008
Member Server
• Time Required: 75 minutes
• Objective: Install a Windows Server 2008 member
server
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
4
Configuring RRAS as a Router
• Routers
– Responsible for forwarding packets between
subnets, or networks with differing IP addressing
schemes
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
5
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
6
Configuring RRAS as a Router
(continued)
• Activity 9-2: Installing RRAS on MSN-SRV-0XX
and MSN-SRV-1XX
• Time Required: 15 minutes
• Objective: Install RRAS
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
7
Working with Routing Tables
• Routing tables are composed of routes
• Routes
– Direct data traffic to its destination based on the
information it contains
• Routing tables
– Can be managed in the RRAS console or from the
command line using the route command
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
8
Working with Routing Tables
(continued)
• Activity 9-3: Viewing the Routing Table in RRAS
• Time Required: 5 minutes
• Objective: View the routing table in RRAS
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
9
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
10
Configuring Routes
• Static routing is limited for the following reasons
– Requires manual creation and management
– Should not be used on networks with more than 10
subnets
– All affected routers require reconfiguration if the
network changes
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
11
Configuring Routes (continued)
• Activity 9-4: Creating a Static Route
• Time Required: 15 minutes
• Objective: Create a static route from the command
line
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
12
Configuring Routes (continued)
• Dynamic protocols
– Route traffic based on information they discover
about remote networks from other routers
• Routing Information Protocol version 2 (RIPv2)
– Uses partner routers, or RIP neighbors, in
determining the dynamic routes it can use for
forwarding packets of data
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
13
Configuring a DHCP Relay Agent
• DHCP relay agent
– Manages the communication between a network’s
DHCP server and clients on subnets without a
DHCP server
• With RRAS
– Network adapters are added and configured to listen
for DHCP broadcast messages
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
14
Configuring a DHCP Relay Agent
(continued)
• Activity 9-5: Configuring MSN-SRV-0XX as a
DHCP Relay Agent
• Time Required: 15 minutes
• Objective: Install a DHCP relay agent
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
15
Configuring Dial-on-Demand Routing
• Demand-dial routing
– Allows a server to initiate a connection only when it
receives data traffic bound for a remote network
– Can use dial-up networks instead of more expensive
leased lines
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
16
Configuring Remote Access Services
in Windows Server 2008
• Dial-up networking
– Connects remote users to their networks using a
standard phone line
• Virtual Private Networks
– Allow client connections to your network from remote
locations
– Works by creating a secure tunnel for transmitting
data packets between two points
– VPN tunneling protocols: Point-to-Point Tunneling
Protocol, Layer 2 Tunneling Protocol, Secure Socket
Tunneling Protocol
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
17
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
18
Configuring Remote Access Services
in Windows Server 2008 (continued)
• Activity 9-6: Installing Remote Access Support for
VPNs in RRAS
• Time Required: 15 minutes
• Objective: Install Remote Access Support with VPN
in RRAS
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
19
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
20
Configuring Remote Access Services
in Windows Server 2008 (continued)
• Activity 9-7: Configuring VPN Ports
• Time Required: 15 minutes
• Objective: Configure VPN ports
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
21
Network Address Translation
• Allows you to shield internal IP address ranges
from public networks by allowing internal clients to
access the Internet through a shared IP address
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
22
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
23
Introduction to Network Policy Server
• Network Policy Server (NPS)
– Role service that provides a framework for creating
and enforcing network access policies for client
health
– Can be used to perform:
• Configure a RADIUS server
• Configure a RADIUS proxy
• Configure and implement Network Access Protection
(NAP)
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
24
Windows Server 2008 Editions and the
NPS Console
• NPS Console
– Central utility for managing
•
•
•
•
RADIUS clients and remote RADIUS servers
Network health and access policies
NAP settings for NAP scenarios
Logging settings
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
25
Windows Server 2008 Editions and the
NPS Console (continued)
• Activity 9-8: Installing NPS
• Time Required: 15 minutes
• Objective: Install the NPS role service
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
26
Windows Server 2008 Editions and the
NPS Console (continued)
• Activity 9-9: Creating a Network Access Policy for
VPN Connections
• Time Required: 15 minutes
• Objective: Create a network access policy
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
27
Introduction to RADIUS
• RADIUS
– Industry-standard protocol that provides centralized
authentication, authorization, and accounting for
network access devices
• Components of RADIUS
–
–
–
–
–
RADIUS clients
Network access servers
RADIUS proxy
RADIUS server
User account database
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
28
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
29
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
30
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
31
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
32
RADIUS Server
• Used on networks to perform authentication,
authorization, and accounting for RADIUS clients
• RADIUS client
– Can be an NPS, which replaces the IAS from
previous versions of Windows Server
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
33
RADIUS Server (continued)
• RADIUS
– Standardized network protocol that centralizes the
following process for user connections
• Authentication
• Authorization
• Accounting
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
34
RADIUS Proxy
• NPS
– Can be configured as a RADIUS proxy
• RADIUS proxies
– Route RADIUS messages between RADIUS clients
and RADIUS servers
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
35
NAP
• Network Access Protection (NAP)
– Provides a tool for you to block external and internal
network threats
– Can be broken into three parts
• Health policy validation
• Health policy compliance
• Limited access
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
36
Authentication Protocol
• Supported authentication protocols in Windows
Server 2008
– Extensible Authentication Protocol–Transport Layer
Security (EAP-TLS)
– Protected Extensible Authentication Protocol–
Transport Layer Security PEAP-TLS
– Protected PEAP–Microsoft Challenge Handshake
Authentication Protocol version 2 (PEAPMSCHAPv2)
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
37
Wireless Access Configuration in
Windows Server 2008
• 802.1x standard
– Developed by the Institute of Electrical and
Electronics Engineers (IEEE)
• On 802.1x networks
– Network access control provides an authentication
mechanism to allow or deny network access based
on port connection
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
38
Wireless Access Configuration in
Windows Server 2008 (continued)
• Categories of EAP implementations
– EAP over local area network (LAN)
– EAP over wireless
• 802.1x uses a three-component model for
authenticating access to networks
– Supplicant
– Authenticator
– Authentication server
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
39
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
40
Summary
• RRAS
– Role service used to configure and manage network
routing in Windows Server 2008
• Routers
– Responsible for forwarding packets between
subnets, or networks with differing IP addressing
schemes
• To process traffic
– Router uses routing tables to determine where to
send traffic
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
41
Summary (continued)
• Routers
– Use dynamic routing protocols and preconfigured
static routes to deliver packets using the best route
possible between two subnets
• Most modern networks
– Support the passing of DHCP broadcast messages
between subnets without a DHCP server to subnets
that contain a DHCP server
• Demand-dial routing
– Allows a server to initiate a connection only when it
receives data traffic bound for a remote network
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
42
Summary (continued)
• VPNs
– Provide secure network access for remote clients
over the Internet through the use of tunneling
protocols
• NAT
– Allows you to shield internal IP address ranges from
public networks
• NAP
– Provides a framework for you to block external and
internal network threats
MCTS Guide to Microsoft Windows Server 2008
Network Infrastructure Configuration
43