A Guide to Windows 7 Networking.Byline: jeevan@cpidubai.com (Staff) Whether at home or at the office, networking has gone mainstream. Once upon a time, a computer had value as a stand-alone machine running applications, but that time has passed. Without an ability to access the Internet, retrieve e-mail, chat via instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or , and connect with file shares and software, the computer is little more than an expensive paperweight. <p>Clearly, the trend is toward remote and mobile computing Using a computing device while in transit. Mobile computing implies wireless transmission, but wireless transmission does not necessarily imply mobile computing. Fixed wireless applications use satellites, radio systems and lasers to transmit between permanent objects such as buildings , and it's important for an operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. to provide the tools necessary to remain connected and productive from anywhere. Microsoft is incorporating a variety of new networking features in Windows 7 that simplify connectivity and help users access network resources no matter where they are connecting from. Here we'll take a closer look at some of the innovative networking features to be found in Windows 7 (we may get a little bit technical at times). <p>HomeGroup<p>Let's start with an enhancement aimed primarily at home users and home businesses: With Windows 7, Microsoft introduces the concept of HomeGroup. The HomeGroup feature serves two primary purposes: (1) to make sharing files and resources between computers on a home network easier, and (2) to protect shared files and resources from guests or wireless-network intruders. <p>Many homes have multiple computers, and users want to be able to share music and pictures, or network all of the computers so as to print to a single printer. This type of local area networking has been possible in Windows for years, but it has often been easier said than done, leading to many hours of user frustration. <p>Open HomeGroup from the Control Panel. Click on Create a HomeGroup to begin the process. You can determine the types of files or content that you want to share with the HomeGroup by checking or unchecking the appropriate boxes. <p>After you click Next to create the HomeGroup, Windows 7 will automatically generate a password that other users will need in order to join the HomeGroup and share the resources. Windows 7 Starter and Windows 7 Home Basic versions cannot create a HomeGroup, but computers running any version of Windows 7 can join a HomeGroup. One significant drawback to the HomeGroup concept is that it works only with Windows 7, so any Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. or Windows Vista The current version of Windows for the desktop. It was released in late 2006 for businesses and early 2007 for consumers. Vista adds numerous features, including improved security and advanced multimedia capabilities. systems in the home will not be able to participate. <p>Using a HomeGroup simplifies the process of sharing files, folders, and other network resources with trusted computers on your home network. At the same time, it enables you to allow visiting guests to connect to your wireless network for Internet access See how to access the Internet. without also granting them access to the shared content and resources. It also prevents any unauthorized rogue wireless connections from gaining access to shared resources. <p>VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. Reconnect<p>Roaming users rely on VPNs (virtual private networks) to provide a secure connection between their computer and the internal company network. When a user is sitting in a hotel room, or in a conference room at a customer site, and establishes a VPN connection, the user's PC will generally remain connected unless there is some other network issue that interrupts the connection.<p>However, users who rely on wireless broadband High-speed wireless transmission of data. What is "high" speed is always a changing number. Wireless systems are typically slower than land-based, wireline networks. In the past, wireless broadband started at 250 Kbps, whereas land-based broadband was generally considered to start at T1 connectivity to establish a VPN connection while on the move are faced with frequent dropped connections and a cumbersome process for reauthenticating and reestablishing the VPN connection each time. <p>The VPN Reconnect feature allows Windows 7 to automatically reestablish active VPN connections when Internet connectivity is interrupted. As soon as Windows 7 reconnects with the Internet, Windows 7 will also reconnect with the VPN. The VPN will still be unavailable as long as the Internet connection is down, and the process of reconnecting will take a few seconds after Internet access becomes available again, but VPN Reconnect will ensure that users stay connected with the network resources they need access to. <p>VPN Reconnect is basically an IPSec tunnel using the IKEv2 (Internet Key Exchange Internet key exchange (IKE) is the protocol used to set up a security association (SA) in the IPsec protocol suite. Overview IKE is defined in RFC 2407, RFC 2408 and RFC 2409. IKEv2 is defined in RFC 4306. ) protocol for key negotiation and for transmission of ESP (1) (Enhanced Service Provider) An organization that adds value to basic telephone service by offering such features as call-forwarding, call-detailing and protocol conversion. (Encapsulating Security Payload) packets. ESP is part of the IPSec security architecture that provides confidentiality, authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. of data origin, and connectionless integrity. <p>In situations such as viewing streaming video A one-way video transmission over a data network. It is widely used on the Web as well as company networks to play video clips and video broadcasts. Computers in home networks stream video to digital media hubs connected to a home theater. over a VPN connection while riding on a commuter train, users typically lose all buffered data and have to start the video over every time connectivity is lost. The features of the IKEv2 IPSec tunnel and ESP help ensure a persistent connection even if the IP address changes during the reconnect and allows the streaming video to resume from the point it was at when VPN connectivity was lost. <p>DirectAccess<p>What's better than a VPN that automatically reconnects and retains its connection state? How about not needing a VPN in the first place? DirectAccess is one of the most compelling and game-changing features of Windows 7, both for users and for administrators faced with a remote and roaming work force. <p>Aside from the issues mentioned above for users trying to stay connected on a VPN and access internal network resources, roaming users also pose a problem for administrators. Mobile computers that aren't connected to the network miss out on security updates, software patches, and Group Policy updates. They will get the updates when they eventually connect, but days or weeks might go by with those remote systems missing critical updates. <p>DirectAccess provides a persistent and seamless bidirectional The ability to move, transfer or transmit in both directions. connection between the internal network and the Windows 7 system, as long as that Windows 7 system can connect to the Internet. With DirectAccess, remote and roaming users experience the same access to corporate shares, intranet sites, and internal applications as they would if they were sitting in the office connected directly to the network. <p>DirectAccess works both ways. Not only can the computer access the network seamlessly across any Internet connection, but the IT administrator can also connect to DirectAccess client computers--even when the user is not logged on. With DirectAccess, IT Administrators can monitor, manage, and deploy updates to DirectAccess client computers as long as they are connected to the Internet. <p>DirectAccess uses IPsec for authentication and encryption. DirectAccess can also integrate with Network Access Protection (NAP) to require that DirectAccess clients be compliant with system health requirements before being allowed to connect to the network. IT administrators can restrict access through DirectAccess and configure the servers that users and individual applications can access. <p>Built on IPv6<p>IPv6 is required for DirectAccess. DirectAccess connectivity is built on the foundation of globally routable IP addresses that IPv6 provides. IPv6 has been around for a while, and most systems and network devices are IPv6-capable, but the actual adoption of IPv6 as a replacement for IPv4 networking has been slow. <p>Microsoft was aware that IPv6 is not available everywhere, so the company designed DirectAccess to take advantage of IPv6 transition tools such as 6to4, Teredo teredo: see shipworm. , and ISATAP ISATAP Intra-Site Automatic Tunnel Addressing Protocol (IETF) . Within the network, DirectAccess relies on NAT-PT NAT-PT Network Address Translation - Protocol Translation (Network Address Translation-Protocol Translation) to provide connectivity between DirectAccess and IPv4 resources. <p>DirectAccess uses split-tunnel routing to intelligently route network traffic based on the intended destination. Only traffic destined des·tine tr.v. des·tined, des·tin·ing, des·tines 1. To determine beforehand; preordain: a foolish scheme destined to fail; a film destined to become a classic. 2. for the corporate network is routed through the DirectAccess server, while traffic intended for resources on the public Internet is routed directly to its destination. Split-tunneling ensures that the resources of the DirectAccess server are not consumed by unnecessary network traffic. <p>Windows Server See Windows Server 2008, Windows Server 2003, Windows Home Server, Windows 2000 and Windows NT. 2008 R2 Required<p>DirectAccess cannot function in a vacuum on a Windows 7 system. It requires a DirectAccess server to connect to, and a DirectAccess server means Windows Server 2008 R2. The DirectAccess server must have two network interface cards: one connected to the public Internet and one to provide access to the internal intranet resources. DirectAccess also requires at least two consecutive IPv4 addresses on the network interface card connected to the Internet. <p>The IPv6 translation technologies mentioned above (6to4, Teredo, and ISATAP) must be implemented on the DirectAccess server. Only a PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of (Public Key Infrastructure) environment can issue the necessary certificate for authentication and security, and a DNS server A dedicated server or a service within a server that provides DNS name resolution in an IP network. It turns names for Web sites and network resources into numeric IP addresses. DNS servers are used in large companies, in all ISPs and within the DNS system in the Internet, a vital service running on Windows Server 2008 or Windows Server 2008 R2 is required as well. <p>Users who experience problems connecting to DirectAccess can use the appropriate troubleshooting wizard to identify and resolve problems. Open the Network and Sharing Center and click on Troubleshoot problems; then select the Connection to a Workplace Using DirectAccess wizard to begin troubleshooting. <p>URL-Based QoS<p>No matter how much network bandwidth an organization has, it is safe to assume it is not unlimited. As more users access the network, or more users connect to bandwidth-intensive data like streaming audio A one-way audio transmission over a data network. It is widely used on the Web as well as company networks to play audio clips and Internet radio. Computers in home networks stream audio (mostly music) to digital media hubs connected to home theaters. and video, the network bandwidth is nibbled away until it is gone, forcing the router to queue data, which in turn slows down network communications. <p>Even without maxing out the internal network capacity, this type of queuing often takes place where the internal network meets the external network. The internal network may be operating at 1GBps speeds, but the connection to the public Internet might be 10MBps. Network packets from the internal network are queued by the router and transmitted on a first-come-first-serve basis as bandwidth becomes available on the external connection. <p>Not all network destinations are created equal, though, or treated equally. Requests to an application server used to process orders or data being sent to a mission-critical database should take precedence over traffic destined for Google or Facebook, say. <p>Administrators can configure Quality of Service (QoS) to prioritize the traffic and ensure that the high-priority traffic gets preferential treatment. Windows will assign outgoing packets a DSCP DSCP Defense Supply Center Philadelphia (US DoD) DSCP Differentiated Services Code Point DSCP Diffserv Code Points DSCP Defense Satellite Communications Program DSCP Decision Support and Custormer Platform (Sprint) (Differentiated Services Offerings that can be classified by type, or quality, of service. For example, a differentiated services network could prioritize real time traffic for a higher fee. Code Point) number that the router can use to determine the priority of the packets. As the network gets bogged down and packets are queued up, the default first-in-first-out functionality is overridden, and high-priority packets are sent out first. <p>The QoS functionality has been a part of previous versions of Windows, but it required that priority be assigned based on specific IP addresses and port numbers. However, multiple Web sites may use the same IP address, and one Web site may have multiple IP addresses, making QoS difficult to utilize in some instances. <p>With Windows 7, Microsoft has added an ability to configure QoS based on URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. . Administrators can ensure that traffic intended for intranet applications or important Web sites gets processed ahead of lower-priority traffic (see the last figure above) without having to configure the precise IP address and port of the destination sites. <p>URL-based QoS can also be used to intentionally downgrade the priority of nonbusiness-related sites such as ESPN ESPN Entertainment and Sports Programming Network or Facebook. Assigning these URLs a low priority will force those packets to be handled with even less urgency than normal traffic. <p>Copyright 2009 IDG IDG International Data Group IDG Integrated Drive Generator IDG Installation Design Guide IDG Internet Discussion Group IDG Inset Dielectric Guide IDG International Dangerous Goods (mail, shipping) Middle East. All rights reserved. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion