Connecting
Telecommuters and Remote Employees
| |
Contents
Whether telecommuting, traveling, or
working permanently from a satellite location, staying
connected to the company network is critical. The best
solutions let employees work anytime and anywhere�as if
they were directly connected to the company network. Letting
employees work in a consistent way, regardless of their
location, can aid productivity, improve internal
communications, and increase an organization�s
responsiveness to customers.
The Microsoft� Windows� 2000 operating
system supports an array of features to address different
needs�from small, one-office businesses to very large,
geographically-dispersed organizations. Remote network
access capabilities are secure, fast, and easy-to-use. With
Windows 2000, mobile users can connect directly to the
company network through with their own dial-up connection or
ISDN line. Or they can connect securely through most
Internet connections using virtual private networking (VPN).
Regardless of where you are, Windows 2000 can help get you
connected quickly, easily, and securely.
Connecting a telecommuter or traveling
employee requires four components.
- A PC loaded with connection features
such as Dial-up Networking in addition to a secure
communications environment.
- A server �gateway� system that
links the remote PC to the company network.
- An authentication system (on the
gateway or another system) that validates remote users
and manages the policy for giving them access to the
network.
- A simple way to manage remote PC
configurations, so that traveling employees don�t have
to be technical experts.
Depending on the situation, the
configuration and services involved in these components can
be basic or sophisticated. Some just require a single modem
in a single server to handle direct-dial connections from a
few employees. Others require a complex network of VPN
gateways, direct-dial network access boxes, centralized
RADIUS authentication servers, smart cards, and public key
infrastructure (PKI)-based encryption systems. Regardless of
the situation, Windows 2000 includes everything needed to
confidently connect remote users to the company network.
Through its integrated remote access
services, Windows 2000 helps organizations provide:
| More Productive Remote Access with
Windows 2000 Professional.
| | Easier Remote Access Solutions for
Small and Growing Business.
| | Scalable Remote Access Solutions for
Large Organizations. |
More Productive Remote Access
with Windows 2000 Professional
|
Back
to Top |
Most users work inside the company network
with the benefit of high-speed links. Others travel between
buildings and need wireless communications to overcome
limitations of running copper or optical fiber links under
sidewalks and streets. Some users require quick access from
home to check e-mail on the company server. Others work
remotely on a full-time basis and need high performance,
reliable connections. Still others travel frequently and
need low-cost access from whatever city they happen to be
in.
To meet these needs, Windows 2000
Professional provides:
| Wired connections through standard
Ethernet and token-ring networks.
| | Wireless network access.
| | Simple dial-up connections to a company
network.
| | DSL and cable modem support for
high-speed remote access.
| | Encrypted VPN services to let employees
connect to the company network using Internet access
points. |
In the case of wired connections, it�s a
simple matter of plugging in the card and starting the
system. For other connections that require some information
that cannot be automatically sensed by Plug and Play,
Windows 2000 makes setup easy through the New Connections
Wizard. Non-technical users can easily define their own
dial-up connections by just knowing phone numbers and their
login information. Because of the auto-configuration
features in Windows 2000, IP addresses, gateway information,
naming service addresses and more can be hidden through
standards-based services.
For larger organizations requiring central
control of client set-up, Windows 2000 includes a variety of
management features. The Connection Manager Administration
Kit lets administrators customize the dialer with the phone
books and customized connection action features they need.
The resulting dialer can be easily distributed in a number
of ways, including through mail or Web downloads. The end
user can easily install the customized dialer without any
user intervention, and in the process receive updated
software drivers, custom help files, auto-updating
phonebooks, and more.
These features make it easy to keep the
mobile professional connected and productive without
technical difficulties.
Easier Remote Access Solutions
for Small and Growing Business
|
Back
to Top |
Small and growing business owners don�t
require advanced technical skills to take advantage of
Windows 2000 remote access networking services.
Simple-to-set-up remote access services that include
scalable technologies ensure the remote access services will
meet the changing needs of a growing business.
For basic networks, the New Connection
Wizard walks you through the set-up of the remote access
server for both direct-dial connections and for VPN. Plug
and Play modem configuration makes it easy to install a
modem in the server. The wizard asks a few simple questions
to determine if you want dial-up, VPN, or both types of
access, and asks you which network interface to allow the
connections to come in on. Next, it presents you with a
simple list of known users; just check the box on the users
you want to allow remote access for, and you're essentially
finished.
With Windows 2000 in small business, you
can have gateway services, authentication system, and
central client-management tools all integrated in a single
low-cost PC platform. And you can run these services on an
existing server to save hardware costs.
Scalable Remote Access Solutions
for Large Organizations
|
Back
to Top |
In larger companies, remote access
infrastructure can get much more complex. The servers need
to be part of a demilitarized zone (DMZ) architecture. The
volume of connections is high. There may be multiple systems
involved, some managing incoming modem connections and
others managing VPN. There may be multiple access points in
different geographic locations that all link to the
corporate network. You may be allowing contractors, partners
and customers into specific regions of your network. And
there are likely different and fine-grained policies that go
beyond the simple �yes/no let them have remote access�
scenario. Finally, centrally managing mobile PCs is critical
to avoid the costs of creating depots that employees must
send systems to for configuration.
This means having a set of services that
allow integration of different vendor products based on
standards. It means integrating policy management with the
corporate user directory so that rules can be applied to
groups of users. It means having the scalability to grow
with an increasing population of telecommuters. And it means
having rock-solid security for the connections to prevent
intrusion.
Windows 2000 Server and Windows 2000
Advanced Server include rich, scalable, secure, and
high-performance remote access services. You can choose to
use some or all of the services to create the solution you
need.
The integrated Routing and Remote Access
Service acts as a foundation for the network access system,
or �gateway.� It includes the ability to connect
high-density modem pools to manage hundreds of incoming
direct-dial connections. With broad third-party support, you
can choose from a variety of devices with telephone, ISDN,
T1, or T3 interfaces. In addition, the system lets you
accept incoming connections over network interfaces
including WAN connections like frame relay or X.25 and LAN
interfaces (coming in from your DMZ) on Ethernet or
Token-ring. You can use these connections to link systems in
the clear or using the most advanced standards-track
encryption capabilities available today [Layer 2 Tunneling
Protocol (L2TP) with IPSec].
You can choose to start small with a
non-dedicated server that accepts incoming connections, move
to a dedicated uni-processor gateway, or even a
multi-processor system with multiple high-speed links. And
because the system includes the option to add hardware
acceleration cards for encryption, you can scale the system
to thousands of simultaneous connections in a single server.
Finally, you can combine multiple systems together with
central management control to scale out for an advanced,
reliable remote access infrastructure that�s always
available.
Scalable Remote Access Policy Management
Many companies have existing remote access
infrastructures that they want to preserve and add to, and
some have strong preferences for third-party network access
boxes. Regardless of the situation, virtually every large
company wants to centrally manage remote access policies
based on the groups of users defined in their company-wide
user directory.
Windows 2000 lets you accomplish this in
several ways:
First, the remote access services of
Windows 2000 let you use passwords to existing PAP, CHAP or
MS-CHAP systems, or add new and forthcoming authentication
tools like smart cards and biometric devices, to login
users. Because it implements the standards-based Extensible
Authentication Protocol (EAP), you have the confidence that
your Windows 2000 Server-based gateway can authenticate
users with new devices as they emerge in the future and that
they will work with other authentication databases as well.
Second, because the Routing and Remote
Access Service can authenticate the login directly with the
Active DirectoryTM service, you don't have to
install a separate computer to act as an authentication
server.
Third, the remote access services can use
the RADIUS protocol to forward authentication to a
RADIUS-capable authentication server that might validate
users on a non-Windows user directory (like NetWare or
UNIX).
Fourth, Windows 2000 includes an advanced
RADIUS server of its own called Internet Authentication
Service (IAS). With IAS, most RADIUS network access servers
can integrate indirectly with Active Directory to
authenticate users. For example, you might use a Cisco VPN-router
and a Lucent dial-up access box and have them authenticate
incoming connections against Active Directory. IAS also
includes sophisticated remote access policy rules that let
you manage things based on a combination of Active Directory
groups, time of day, type of connection, type of
authentication (for example, smart card only), encryption
protocol used, strength of encryption key used, and much
more. IAS can even tell the remote access server how to
restrict where users can go once they connect. This lets you
open access to business partners and be confident they only
get to the system or two that you want them to, and they
can't see other parts of the network.
Flexibility, Standards-Based Remote
Access Platform
Best of all, Windows 2000 is built
entirely on interoperable remote access standards. All of
the protocols are published with broad industry support. For
VPN access, it gives you the choice of Point-to-Point
Tunneling Protocol (PPTP) or L2TP with IPSec encryption.
There are no proprietary extensions that compromise
interoperability or IPSec security. You can use the
integrated Windows 2000 Professional VPN client with a
standards-based VPN server and authenticate users against
Active Directory through IAS. You can offer access to
contractors and business partners without telling them which
proprietary systems to buy. And if you are consolidating
networks inherited through acquisitions, you know that the
Windows 2000 remote access services will work with other
standards-based systems. Windows 2000 was designed for
interoperability so you�ll have a lasting investment based
on proven security and communications protocols.
|