Virtual Private Network

Short for virtual private network, a network that is constructed by using public wires
to connect nodes. For example, there are a number of systems that enable you to
create networks using the Internet as the medium for transporting data. These
systems use encryption and other security mechanisms to ensure that only
authorized users can access the network and that the data cannot be
intercepted.
A virtual private network (VPN) is a network that uses a public
telecommunication infrastructure, such as the Internet, to provide remote
offices or individual users with secure access to their organization's
network. A virtual private network can be contrasted with an expensive system of
owned or leased lines that can only be used by one organization. The goal of a VPN
is to provide the organization with the same capabilities, but at a much lower cost.

A VPN works by using the shared public infrastructure while maintaining privacy
through security procedures and tunneling protocols such as the Layer Two
Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the
sending end and decrypting it at the receiving end, send the data through a
"tunnel" that cannot be "entered" by data that is not properly encrypted. An
additional level of security involves encrypting not only the data, but also the
originating and receiving network addresses

Latest client version : Cisco VPN Client - 4.9.01 (0100)

Internet Authentication Service

Internet Authentication Service (IAS) is the Microsoft implementation of a Remote

Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server
2003. As a RADIUS server, IAS performs centralized connection
authentication, authorization, and accounting for many types of network
access, including wireless and virtual private network (VPN) connections. As
a RADIUS proxy, IAS forwards authentication and accounting messages to other
RADIUS servers.

IPv6

Support for Internet Protocol version 6 (IPv6), a new suite of standard protocols for
the Network layer of the Internet, is built into the latest versions of Microsoft
Windows, which include Windows Vista, Windows Server 2008, Windows Server
2003, Windows XP with Service Pack 2, Windows XP with Service Pack 1, Windows
XP Embedded SP1, and Windows CE .NET.

IPv6 is designed to solve many of the problems of the current version of IP (known
as IPv4) such as address depletion, security, autoconfiguration, and extensibility. Its
use will also expand the capabilities of the Internet to enable a variety of valuable
and exciting scenarios, including peer-to-peer and mobile applications.
Network Access Protection

Network Access Protection (NAP) is a policy enforcement platform built into

Microsoft Windows Vista and Windows Server 2008 that allows you to
better protect your private network by enforcing compliance with computer
health requirements. For example, a firewall must be installed and enabled and
the latest operating system updates must be installed. With NAP, you can create
customized health requirement policies to validate computer health before allowing
network access or communication, automatically update compliant computers to
ensure ongoing compliance, and optionally confine noncompliant computers to a
restricted network until they become compliant.

Next Generation TCP/IP Stack

The Next Generation TCP/IP Stack in Windows Vista and Windows Server 2008 is a
complete redesign of TCP/IP functionality for both Internet Protocol version 4 (IPv4)
and Internet Protocol version 6 (IPv6) that meets the connectivity and performance
needs of today's varied networking environments and technologies.

Network Policy Server

Network Policy Server (NPS) is the Microsoft implementation of a Remote

Authentication Dial-in User Service (RADIUS) server and proxy in Windows
Server 2008 (now in beta testing). NPS is the replacement for Internet
Authentication Service (IAS) in Windows Server 2003.

As a RADIUS server, NPS performs centralized connection authentication,

authorization, and accounting for many types of network access, including
wireless and virtual private network (VPN) connections. As a RADIUS proxy,
NPS forwards authentication and accounting messages to other RADIUS servers. NPS
also acts as a health evaluation server for Network Access Protection (NAP).

Quality of Service

Quality of Service (QoS) is a set of technologies for managing network

traffic in a cost effective manner to enhance user experiences for home and
enterprise environments. QoS technologies allow you to measure bandwidth,
detect changing network conditions (such as congestion or availability of
bandwidth), and prioritize or throttle traffic. For example, QoS technologies can
be applied to prioritize traffic for latency-sensitive applications (such as voice or
video) and to control the impact of latency-insensitive traffic (such as bulk data
transfers).

Routing and Remote Access

Routing and Remote Access is a network service in Microsoft Windows Server 2008
(now in beta testing), Windows Server 2003, and Windows 2000 Server that
provides the following services:

• Dial-up remote access server

• Virtual private network (VPN) remote access server

• Internet Protocol (IP) router for connecting subnets of a private network

• Network address translator (NAT) for connecting a private network to the

Internet

• Dial-up and VPN site-to-site demand-dial router

Scalable Networking

The Microsoft Scalable Networking initiative seeks to deliver innovative networking

technology solutions for the Microsoft Windows family of operating systems focused
on eliminating potential operating system bottlenecks associated with network
packet processing. Through the introduction of new architectural innovations like TCP
Chimney Offload and NetDMA, the Scalable Networking initiative seeks to deliver
support for the latest network acceleration and hardware-based offload technologies
without requiring changes to existing applications or network management practices.

Server and Domain Isolation

With the explosive growth and adoption of pervasive, highly-connected networks,

administrators are faced with a potentially paradoxical situation: to provide greater
accessibility while maintaining security. Even though more ubiquitous connectivity
can yield numerous business benefits—like productivity gains and operational cost
savings—it has the potential to introduce new risks to the organization’s networked
infrastructure. This can include costly virus attacks, rogue users and devices, and
unauthorized access to sensitive information.
A Server and Domain Isolation solution based on Microsoft Windows Internet
Protocol security (IPsec) and the Active Directory directory service enables
administrators to dynamically segment their Windows environment into more secure
and isolated logical networks based on policy and without costly changes to their
network infrastructure or applications. This creates an additional layer of policy-
driven protection, and helps better protect against costly network attacks, helps
prevent unauthorized access to trusted networked resources, achieve regulatory
compliance, and reduce operational costs.

Networking - Routing

Unicast Routing Overview

Unicast routing is the process of forwarding unicasted traffic from a source to a

destination on an internetwork. Unicasted traffic is destined for a unique address. To
understand the details of routing protocols, such as Routing Information Protocol
(RIP) and Open Shortest Path First (OSPF), and their implementation in Microsoft®
Windows® 2000 Server, it is important to have a solid foundation in the principles of
unicast routing. Because Windows 2000, with the Routing and Remote Access
service, is an open platform that can conceivably host any internetworking protocol
and routing protocol, this chapter provides an overview of protocol-independent
unicast routing principles. The Internet Protocol (IP) and the Internetwork Packet
Exchange (IPX) protocol are used as the example protocols where appropriate.

Demand-Dial Routing

Microsoft® Windows® 2000 provides extensive support for demand-dial routing, the
routing of packets over point-to-point links such as analog phone lines and ISDN.
Demand-dial routing allows you to connect to the Internet, to connect branch offices,
or to implement router-to-router virtual private network (VPN) connections.
Windows Firewall

Windows Firewall is a built-in, host-based, stateful firewall that is included in

Windows Vista, Windows XP with Service Pack 2, Windows Server 2003 with Service
Pack 1, Windows Server 2003 with Service Pack 2, and Windows Server 2008 (now
in beta testing). No separate installation is required for Windows Firewall.

Windows Firewall drops incoming traffic that does not correspond to either traffic
sent in response to a request of the computer (solicited traffic) or unsolicited traffic
that has been specified as allowed (excepted traffic). Windows Firewall provides
a level of protection from malicious users and programs that rely on
unsolicited incoming traffic to attack computers.

PPTP

Short for Point-to-Point Tunneling Protocol, a new technology for creating VPNs, developed
jointly by Microsoft, U.S. Robotics and several remote access vendor companies, known
collectively as the PPTP Forum. A VPN is a private network of computers that uses the
public Internet to connect some nodes. Because the Internet is essentially an open
network, PPTP is used to ensure that messages transmitted from one VPN node to another
are secure. With PPTP, users can dial in to their corporate network via the Internet.

L2TP

Short for Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs
to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunneling
protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the
ISP's routers support the protocol.

Proxy Server
A server that sits between a client application, such as a Web browser, and a real server.
It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it
forwards the request to the real server.

Proxy servers have two main purposes:

Improve Performance: Proxy servers can dramatically improve performance

for groups of users. This is because it saves the results of all requests for a certain
amount of time. Consider the case where both user X and user Y access the World
Wide Web through a proxy server. First user X requests a certain Web page,
which we'll call Page 1. Sometime later, user Y requests the same page. Instead of
forwarding the request to the Web server where Page 1 resides, which can be a
time-consuming operation, the proxy server simply returns the Page 1 that it
already fetched for user X. Since the proxy server is often on the same network as
the user, this is a much faster operation. Real proxy servers support hundreds or
 thousands of users. The major online services such as America Online, MSN and
Yahoo, for example, employ an array of proxy servers.
 Filter Requests: Proxy servers can also be used to filter requests. For
example, a company might use a proxy server to prevent its employees from
accessing a specific set of Web sites.

ISA Server

Microsoft's ISA Server (Internet Security and Acceleration Server) is the successor to
Microsoft's Proxy Server 2.0 (see proxy server) and is part of Microsoft's .NET
support. ISA Server provides the two basic services of an enterprise firewall and a
Web proxy/cache server. ISA Server's firewall screens all packet-level, circuit-
level, and application-level traffic. The Web cache stores and serves all regularly
accessed Web content in order to reduce network traffic and provide faster
access to frequently-accessed Web pages. ISA Server also schedules downloads of
Web page updates for non-peak times.

ISA Server allows administrators to create policies for regulating usage based on
user, group, application, destination, schedule, and content type criteria. ISA
Server is designed to work with Windows 2000 and later operating systems and to
take advantage of Windows' Kerberos security. ISA Server includes a software
development kit (SDK).

ISA Server comes in two editions, Standard Edition and Enterprise Edition. Standard
Edition is a stand-alone server that supports up to four processors. Enterprise Edition is
for large-scale deployments, server array support, multi-level policy, and computers with
more than four processors. Licenses are based on the number of processor

IP Sec
IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP)
communications by authenticating and/or encrypting each IP packet in a data stream.
IPsec also includes protocols for cryptographic key establishment.
Managing Accepted Domains

An accepted domain is any Simple Mail Transfer Protocol (SMTP) namespace for
which a Microsoft Exchange organization sends or receives e-mail. Accepted domains
include those domains for which the Exchange organization is authoritative. An
Exchange organization is authoritative when it handles mail delivery for recipients in
the accepted domain. Accepted domains also include domains for which the
Exchange organization receives mail and then relays it to an e-mail server that is
outside the Active Directory directory service forest for delivery to the recipient.

What is Citrix?

Citrix MetaFrame Presentation Server is a technology that can allow remote users to
connect to applications that are actually installed on a remote computer. It uses a
mix of technology that results in that remote application looking and behaving just
as though it was installed on the local machine.

WinFrame
is that network users on non-Windows machines (e.g., Macintoshes, DOS systems, and
UNIX machines) can run Windows A technology developed by Citrix Systems that turns
Windows NT into a multi-user operating system. Together with another Citrix technology
called ICA, WinFrame enables a Windows NT server to function like a minicomputer.
The result applications. The actual applications are executed on the WinFrame
Application Server; the client machines are just terminals, used only for entering user
input and displaying application output.

The ICA protocol is responsible for sending input and output between the client machines
and the WinFrame server. Conceptually, the protocol is similar to X-Window, which
serves the same purpose for UNIX systems.

Windows Server Update Services 3.0

Microsoft Windows Server Update Services (WSUS) 3.0 delivers new

features including an MMC-based user interface with advanced filtering
and reporting, improved performance and operational reliability,
flexible deployment options to improve branch office support, and
more content access through the Microsoft Update Catalog site.
Share Point
SharePoint is an enterprise information portal, from Microsoft, that can be configured to run
Intranet, Extranet and Internet sites. Microsoft Office SharePoint Server 2007 allows people,
teams and expertise to connect and collaborate. A SharePoint enterprise portal is composed of
both SharePoint Portal and Windows SharePoint Services, with SharePoint being built upon
WSS. WSS is typically used by small teams, projects and companies. SharePoint Server is
designed for individuals, teams and projects within a medium to large company wide enterprise
portal.