Working with Networking Services | 135 Figure 6-4 Terminal Services Confirmation screen Terminal Services will take a moment to install. When it is fi nished, move on to step 3. 3. Connect to the server with the Remote Desktop program: a. Go to the Windows client computer.

b. Open Remote Desktop by navigating to Start All Programs Accessories

Remote Desktop Connection. c. Type in the IP address of the server on which you confi gured Terminal Services.

d. Type in the username administrator. An example is shown in Figure 6-5.

e. Click Connect.

Figure 6-5 Remote Desktop Connection login dialog box 136 | Lesson 6 This makes the connection to the server and prompts for the server’s username and password. Enter those, and then take control of the server. Note that opening port 3389 for use with Terminal Services could be a security vulnerability, so be sure to use Terminal Services only if it is absolutely necessary, and always use Network Level Authentication to secure it further. There are two ways to leave a session. The first is to log off, which ends the user’s session and closes all programs associated with that session. The second is to disconnect. This stops the connection, but the user session still runs on the server, programs still run, resources can still be used, and the user can connect later and resume that session. If you have full administra- tive access, you can also restart or shut down the server. Modifications might be necessary to the Remote Desktop settings on the client computer. Make sure that outbound remote connections are allowed. TAKE NOTE ■ Defining More Networking Services Remote Access Service RAS is grouping of different hardware and software platforms to allow remote access to another computer or network device. Originally used with dial-up services, Microsoft RAS has morphed into RRAS, or Routing and Remote Access Service. This powerful service allows clients to connect remotely to a central network using dial-up and high-speed Internet connections. It also allows connectivity through VPNs. IPsec is an encrypting and authenticating protocol that helps secure VPN and other types of network transactions. THE BOTTOM LINE Defining RRAS Microsoft’s RRAS is built into Windows Server and offers a variety of functions, includ- ing dial-in service and the ability to create virtual private networks. Routing and Remote Access Service RRAS is a network service in Windows Server 2008, Windows Server 2003, and Windows Server 2000. It permits an administrator to configure dial-up remote access servers, VPN servers, and IP routing, as well as NAT. For a long time, the standard way to telecommute to work was to utilize a direct dial-up con- nection. This is illustrated in Figure 6-6. Although this allowed for connectivity, it was often slow, and users suffered from noisy and dropped lines. CERTIFICATION READY How would you define RRAS? 3.5 Figure 6-6 Dial-up connection Today, the standard is to utilize a Virtual Private Network or VPN. With VPNs Figure 6-7, the inherent power of the Internet is exploited, and direct IP connections are made from clients to a VPN server or router. Dial-up connections via modems that connect to the Internet are still supported, but more commonly, high-speed connections like DSL, cable, and fiber optic are preferred. Working with Networking Services | 137 ISP VPN Server VPN Client Figure 6-7 VPN connection ENABLE ROUTING AND REMOTE ACCESS SERVICES GET READY. In this exercise, you will learn how to load up and enable RRAS by performing the following actions: 1. Go to your Windows Server. In this exercise, we are using a Windows Server 2008 computer.

2. Create a new MMC by going to Start Run and typing MMC.

3. Add the Routing and Remote Access snap-in:

a. Click File AddRemove Snap-in.

b. Scroll down and click Routing and Remote Access.

c. Click Add.

d. Click OK.

If you wish, you can add the Server Manager to your MMC as well so that you have most of the tools you will need in one window. At this point, RRAS is not configured or running. Your MMC should look similar to Figure 6-8. Figure 6-8 MMC with RRAS and Server Manager snap-ins added

4. Right-click Routing and Remote Access, and select Add Server.

5. In the Add Server window, leave the default as This computer and click OK. This adds

the server to the RRAS list in the MMC.

6. Right click the server name and select Configure and Enable Routing and Remote

Access. 7. Click Next for the welcome window. The welcome window is where you can select whether you want to have remote access, a VPN, or set up the server as a router. In this exercise, we will make a basic router. 138 | Lesson 6 8. Select the Custom configuration radio button and click Next. 9. Select the LAN routing check box and click Next. 10. Click Finish for the summary screen. Now RRAS is configured and can be modified further depending on what network adapters and IP addresses the server has. By enabling LAN routing, the concept known as IP forwarding has been turned on, but only if the server has two or more network adapters. IP forwarding bridges the gap between the two network adapters even if they are on two different IP networks.

11. Be sure to save the MMC for use later on. You might also want to disable RRAS in

case you will be using other services that might conflict with it in the future. To do this, just right click the server in the MMC and select Disable. Defining IPsec Internet Protocol Security IPsec is a protocol within the TCPIP suite that encrypts and authenticates IP packets. It is designed to secure any application traffic because it resides on the network layer or Internet layer, as TCPIP programmers refer to it. This protocol is used in conjunction with virtual private networks and is an integral part of IPv6. There are three main protocols that IPsec uses to perform its necessary functions: • Security association SA: This generates the encryption and authentication keys that are used by IPsec. • Authentication header AH: This provides connectionless integrity and the authentication of data. It also provides protection versus replay attacks. • Encapsulating security payload ESP: This provides the same services as AH but also provides confidentiality when sending data. The particular IPsec protocol that is used is determined by the application utilizing IPsec. We will talk more about IPsec when we delve into VPNs in Lesson 8. If you get an error mes- sage saying “Class not registered 80040154” or “RPC server is not available,” try installing the role called Network Policy and Access Services. TAKE NOTE CERTIFICATION READY How would you define IPsec? 3.5 CERTIFICATION READY How would you identify and configure DNS? 3.4 Defining DNS The Domain Name System DNS is a worldwide service that resolves host names to IP addresses. This facilitates proper communication between computers. DNS servers commu- nicate with each other in a hierarchy in an effort to teach each other their name resolutions. DNS servers are also implemented in today’s LANs e.g., Microsoft domains, although DNS can be used on any operating system that runs TCPIP. The LAN DNS servers do the same thing as their Internet counterparts, just on a smaller scale although sometimes not so small. DNS servers use inbound port 53 to accept name resolution requests. Microsoft DNS servers run the DNS service, and clients can connect to and use that service as long as their IP properties pages are configured properly. ■ Defining Name Resolution Techniques Computers work best when communicating by IP address. However, humans work best when they communicate with words. Something has to give. Therein lies the purpose of name resolution. Names can be resolved or translated to IP address by services such as DNS and WINS. THE BOTTOM LINE