Chapter Fourteen Working with Remote Access. Objectives Examines some protocols that allows a user to log onto the network from far away Examines some.

Chapter Fourteen

Working with Remote Access

Objectives

• Examines some protocols that allows a user to log onto the network from far away

• Examines some different options for connecting remotely

• Looks at some different carrier options• Learns to configure a machine for RAS or DUN

Remote Access Protocols

• Making a remote connection is similar as any other network connection. You need proper protocol:– PPP– PPTP– RDP and ICA

The Point-to-Point Protocol• An early protocol that supported

dial-up networking or ISDN connections– Based on the Serial Line IP

protocol of the dark ages of computing

• PPP is a layed protocol which is broken down into three layers– Link Control Protocol– Network Control Protocol– IP Control Protocol

The Point-to-Point Protocol• LCP provides the end-to-end services. It handles the tasks of

establishing the connection, exchanging configuration information, and monitoring the connection while it exists.

• NCP transports the data being sent by specific networking suites, such as TCP/IP or IPX/SPX.

• IPCP allows for IP packets to be transmitted over a PPP connection.

Services Provided by PPP

• There are several services provided by PPP– Address notification– Authentication– Link monitoring– Multiple protocol support

Services Provided by PPP

• Address notification allows a sever to dynamically provide a remote client with TCP/IP configuration that exists only for that specific connection. Once the connection is released, so is the IP configuration.

Authentication in PPP

• Authentication is provided through one of two authentication protocols:– The Password Authentication Protocol (PAP)

• Two-way handshake• The machine attempting to log on will transmits user credentials in

plain text. That information is compared to the security database on the machine being logged on to.

• PAP has a few weak points. The most significant weak is too easy to be hacked.

Authentication in PPP– Challenge Handshake Protocol (CHAP)

• Three-way handshake• When CHAP is first configured on a client, the server provides it

with a string of code, known as secret. The server keeps a database of the secrets it has assigned.

• The secret is used to verify the client during the authentication process and is linked to user ID and password.

• Administrator can limit the number of failed challenges.• CHAP still sends its information in plain text.

Point-to-Point Tunneling Protocol

• Provides for encrypted authentication and data transfer

• Can encapsulate upper layer protocols such as IP or IPX for transmission.

• On the receiving end, the data is stripped from the packets, unencrypted, and reassembled.

• PPTP is used by virtual private network (VPN)

RDP and ICA

• Both are thin-client protocols.– All applications and data are processed on remote server.– Only screenshots of the results move across the wire.

• Remote Desktop Protocol (RDP) was developed by Microsoft for NT Terminal Server and Windows 2000 server editions.

• Independent Computing Architecture (ICA) is a Citrix protocol which is nearly identical to RDP.

Circuit Switching vs. Packet Switching

• In a LAN, you have control over the entire process.• In a WAN, you have to use service provided by the

third party.

Remote Connection Options•The different services from the third party will come in one of two

basic forms:•Circuit switching: Make a true physical connection from sender to receiver.

This is what happens in traditional telephone systems.•Packet switching: (1) Split any data (i.e. message) into small packets, (2)

route those packets separately from sender to receiver, and (3) assemble them again.

Circuit Switching Options• Circuit switching is primarily the domain of voice

communication. This is because in voice communication, having the packets arrive in sequence is critical to the quality of the connections. There are two telecommunication options:

– PSTN• Public Switched Telephone Network

– Makes use of a modem– Limited to 53.3Kb/s

– ISDN• Integrated Services Digital Network

PSTN• PSTN also known as POTS (plain old telephone service).

– You need a modem to convert your computer signal from digital to analog.

– This analog signal is converted back to the digital signal at the telecommunication switch center.

ISDN Options• ISDN signal is digital from end to end.• ISDN consists of at least two data channels (B channels) and

one channel for control data (D channel).– Basic rate ISDN （ BRI ） is two 64K B channels and one 16K D

channel.– Primary rate ISDN (PRI) gives you up to twenty-three 64K B channels

and one 64K D channel.

ISDN Connection• How you interconnect your system to the ISDN line will be

determined by your location– In U.S., the U interface is used. The U interface only supports a single

device, and that device is Network Termination-1 (NT1)– The NT1 will convert the incoming two-wire circuit to a four-wire S/T

interface. The S/T interface provide up to seven devices to access.– In order to connect to the telephone line, you need a Terminal

Adapter (TA), such as modem to connect your computer to ISDN network

Packet Switching Options

• The majority of the telecommunication network is done by way of packet-switching technologies.– Cellular Digital Packet Data (CDPD)– General Packet Radio Service (GPRS)– WCDMA/3G– Bluetooth– Frame Relay– ATM– Sonet/SDH

T-lines and E-lines

• Digital Trunk Line (T1) is used to solve two problems:– More calls can be made over a single twisted pair– Increase the transmission distance with several repeater

• T1 lines combine 24 64K digital channels and sends them over the a single carrier in frames. Each frame consists of one 8-bit voice sample for each of the 24 channels plus one single framing bit which makes a 193-bit frame.

• The throughput for T1 is 8000 x 193 = 1.544 Mb/s

T-lines and E-lines• Fractional T1 is any combination of multiple 64K channels that

do not kill an entire T1 line.– The Europe had a different vision, called the E1 line

T-lines and E-lines• In order to connect to T1 network, you need to install a

channel service unit/data service unit (CSU/DSU)– CSU transmits and receives signals from the WAN interface– DSU takes those 193-bit frame and converts them into a frame your

computer can recognize.

Frame Relay

• It is based on the HDLC protocol. Data is moves over the wire using HDLC frames

• Error correction is only done at end points.– Relay devices are not involved in error maintenance.

• Since error correction is done at the end points of the link, an intermediate device simply reads the frame deep enough to extract addressing information. As soon as it has that, the frame is on its way to the next stop. As a result, there is extremely low latency.

Frame Relay

• With Frame relay, you can choose either a Virtual Circuit (VC) or a Permanent Virtual Circuit (PVC)– With VC, when a session is first established, the service provider’s

equipment will determine the best route and create a path from point A to point B

– With PVC, a leased line is dedicated for you as long as you subscribe.

• With Frame Relay, if your bandwidth exceeds your committed information rate (CIR), the discharge eligibility (DE) is set to 1. If the network is congested, this frame will be discarded.

FDDI

• A data link protocol that provides up to 100Mb/s throughput

• Requires a dedicated line to be run• Requires a long-term commitment

Asynchronous Transfer Mode (ATM)

• High-speed fiber backbone• Protocol independent• Transmits data in 53-byte packets

– First 5 bytes are header information– 48 bytes are payload.

• Provides speeds up to 622Mb/s• ATM is a connection-oriented service

Asynchronous Transfer Mode (ATM)

• ATM has 5 layers:– Application - similar to OSI application layer– High-Level Protocols –>agreement on the protocol– Adaptation layer provides end-to-end service, sequencing

of packets, error detection and correction, and synchronization

– ATM layer sets up and maintains the connections– Physical layer similar to OSI physical layer

Sonet/SDH• Synchronous Optical Network (SONET) and Synchronous

Digital Hierarchy (SDH) are very similar technologies. They are physical layer protocol.

• Provides speeds of 155Mb/s and 2.5Gb/s• Mixes multiple protocols into a single carrier using time

division multiplexing• A protection ring acts as a backup in case the primary ring

fails• The core architecture of the Internet

Sonet/SDH• SONET network will be divided into three separate regions:

– Local collector ring provide access to the individual subscriber– Regional network provide service to single service provider– Broadband backbone moves data over the pipeline

Sonet/SDH• Optical carrier level (OCx) is used to define throughput. OC1

represents the base rate of 51.84 Mb/s

Making the Connection• Dial-up networking

– In My Computer in WIN9x– Network and dial-up connections in WIN2K and later– Dial-up uses PPP protocol

• Virtual private networks– PPTP provides higher security– Allows a user to access a remote network over the Internet

• Remote access services– Allows a network administrator to manage remote access on the

server level