[an error occurred while processing this directive]

 


Exploring 2000 - Considering connectivity
(February 1999)
Bob Walder looks at the issues involved in building corporate-wide networks for a changing workplace
.


This article is based on NT 5.0, Beta 2.


There are a number of challenges facing organisations trying to create a corporate-wide network these days. The Network Operating System (NOS) has to provide far more than simple file and print services, as it is often the computing heart of the company. Microsoft has increased its share of the NOS market with NT Server 4.0, particularly in new business sales. Windows 2000 Server (the new name for NT 5.0) must take on Novell’s NetWare 5.0 and the continued push for Novell Directory Services if it is to sustain that trend. In order to ensure success in the high-end corporate market place, Windows 2000 must continue to improve and address a number of key issues by providing support for both established and emerging network technologies.

Networking changes


As far as the established technologies are concerned, TCP/IP is key. Windows NT 4.0 already offered a robust TCP/IP stack, as well as DHCP, DNS and WINS services in an attempt to simplify address assignment and name resolution. With Windows 2000, this is now under the umbrella of Active Directory which customers can use to replicate and synchronise DNS naming throughout the corporate network, thus eliminating the need to maintain a separate replication service for DNS. Integrated DHCP and Dynamic DNS services use this directory-registered information to provide address assignment and naming services. As DHCP allocates addresses, DNS and Active Directory are automatically updated. This removes the problem of maintaining consistency between DNS databases and dynamically-allocated IP addresses. The move to Dynamic DNS under Windows 2000 brings all address allocation and naming under the watchful eye of the directory service, whilst maintaining complete compatibility with existing standard DHCP and DNS systems.

At the physical level, ATM and Gigabit support is provided for connection to corporate backbones. Digital Subscriber Line (DSL) connections can also be used to connect remote users once such services become more widely available (if they ever do this side of the Atlantic!) This has prompted some changes to TCP/IP within Windows 2000 to provide performance improvements in such high-bandwidth environments. Large window support allows the window size (i.e. the maximum number of packets that can be sent before an acknowledgement of the first packet is required) to be dynamically recalculated and increased, where appropriate. Currently, when packets are corrupted or lost, performance suffers, as all packets sent after the problem one must be retransmitted. Windows 2000 adds support for selective acknowledgements, meaning that only the missing or corrupt packet needs to be re-sent. This improves network utilisation and increases performance in transmissions subject to interference or congestion.

Finally, the ability to better estimate Round Trip Time (RTT) interval between hosts on the network means that each host’s timeout values are far more accurate, meaning fewer timeouts and packet retransmissions.

Enhanced support for remote users


Windows 2000 has also enhanced support for remote users. A mobile workforce means that end users require tools that extend their networks and offices into the hotel room, car park or even the moving train. Windows 2000 sets up remote connections by providing consistent access regardless of connection type via a new utility called the Connection Manager. A single interface manages the connection and provides consistency for the user without distinguishing between direct, remote, RAS dial-in or Virtual Private Network (VPN) connections.

Per-connection settings mean that it is no longer necessary to manually reconfigure TCP/IP parameters when changing between a direct LAN connection, or a dial-up Internet connection, to a local ISP. Multiple parameters can be assigned to a single communications device, allowing several different ISPs to be used when travelling, but with each one being accessed via a single interface, and, with no reconfiguration required between connections. A phone book tool automatically distributes a direct-dial and ISP telephone number list to all users whenever they connect (be it directly or via a VPN). All the user needs to do is select the closest city from the list to make the most cost-effective connection to the corporate network. The Connection Manager can also be configured to launch other applications at different stages in the connection (i.e. launch email after the connection completes and terminate it when disconnecting), thus automating the whole remote access process as much as possible for the user.

At connection time, the workstation dynamically adapts to corporate security and authentication policies established in the Active Directory. Through the directory, administrators can establish group policies for full-featured control of remote access protocols, time of use, type of use, encryption and authentication. These policies can then be applied to individual users, groups, and organisational units or to entire directory trees if required.

Connecting branches


Remote connectivity covers more than just mobile workers. Enterprises are beginning to utilise smaller branch offices which also need to be connected to the central corporate network, but not necessarily all the time, making fixed leased line connections far too costly. Instead, branch offices can make use of the Internet for their head office connectivity, and ensure that all their data is kept private by employing VPNs. There is a choice of three key VPN protocols under Windows 2000 – IPSec, L2TP and PPTP. IPSec is an IETF proposed standard that, despite its single protocol focus, is quickly gaining popularity for public key encryption and VPN access. If legacy protocols such as IPX must be used over a VPN, L2TP can be used with optional IPSec encryption. If public key systems frighten users with the complexities of key management, then PPTP can be used with shared secret keys.

Sharing connections


Windows 2000 has also included the ability to share connections - an ideal means of providing WAN or Internet connectivity for a small number of users without having to dedicate an expensive routed link. Once a connection has been defined on a PC, it can be shared in the same manner as other network resources such as disk drives. Other users on the same network can access the shared connection, and the PC with the modem attached will initiate the link automatically. Where routed connections are provided between offices, Windows 2000 includes a complete set of routing and gateway services. Standard protocols like OSPF, RIP and RIP for IPX let Windows 2000 route IP and IPX packets whilst interoperating with general purpose routers. Branch offices can also participate in corporate multicast network applications through integrated IGMP services. Not only will Windows 2000 register itself as a client of a multicast session, its routing services will forward multicast traffic to remote office clients.

For example, branch office workstations can participate in NetShow sessions while sharing a single connection to the corporate network through a Windows 2000 server. The server receives the data stream and then forwards it as a multicast to branch offices.

Quality of Service APIs


To better support multimedia data streams across the network, Windows 2000 also includes some clever technology which helps to keep audio and video transmissions as clean and smooth as possible. Quality of Service (QoS) APIs allow applications to invoke Admission Control Services, RSVP signalling protocol, and traffic control from Windows 2000 servers and the networks to which they are attached. RSVP provides a mechanism for conveying application QoS requirements and user identities end to end through the network. QoS functionality is further extended through support of traffic shaping, IP precedence, 802.1p, and varied Layer 2 media support. This allows network managers the ability to deploy QoS applications while protecting network bandwidth, and allows ISVs to use these APIs to obtain the quality they need for QoS-enabled applications.

Although connectivity and networking is what Network Operating Systems are supposed to be all about, previous generations of NOS have not made things as straightforward as they could be. Windows 2000 includes many useful new features that should make the life of the network administrator that much easier when supporting a range of head office, branch office and remote user connections throughout an organisation.