VPNs protect communications between trusted networks. To design MCTS Certification secure VPNs, the network infrastructure must be part of the design. Network infrastructure consider-ations for VPNs include.
The following sections describe the redundancy and network location considerations. VPN placement and protection are discussed in the section “Guidelines for Placing VPN Servers on Networks” later in this lesson. Types of VPNs were discussed in Lesson 1 in the “Types of VPNs That Work with Windows Server 2003” section
Redundancy is provided by establishing multiple VPN servers. If one VPN server fails, client sessions are disconnected. However, clients can connect again by using a different VPN server. To reduce the necessity to configure multiple connectoids (one for each VPN server), use Network Load Balancing. However, don’t confuse redundancy with load balancing. Load balancing can be provided via round-robin Domain Name System (DNS) or clustering.
Round-robin DNS is configured by entering several weighted host records that use the same DNS name but several IP addresses. This provides load balancing because each request for name resolution will provide one of many IP addresses and thus be directed to a different computer. However, DNS has no way of knowing when a spe?cific VPN server is not available. The IP address for a 70-620 that is not available will be provided just as often as one that is.
Network load balancing, a Microsoft clustering technology that spreads requests for a single IP address among several Microsoft Windows servers, can also provide load bal?ancing in addition to scalability and redundancy. If a VPN server fails, client sessions will also fail and the user will be prompted to log on again. The user’s new session will be managed by one of the other VPN servers in the cluster. Figure 7-7 shows Microsoft network load balancing.
Firewall configuration is important. Without proper configuration, one or both of two problems will exist. First, the VPN traffic, other required traffic, or both will not be able to pass through the firewall. Second, too much access will be granted to your network, thus making you more vulnerable to attack. It is not the designer’s job to configure the firewall. Instead, the designer should supply MCITP Enterprise Administrator the firewall administrator with the infor?mation necessary to provide secure remote access.
The CompTIA has been designed for professionals who analyze the business requirements. The autor devote herself to research the problems and knowledge of MCSE Certification.If you have any questions about MCSE,you can comments on the article the autor publiced.