Microsoft Windows Server 2003 Deployment Kit [Electronic resources] : Deploying Network Services نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Microsoft Windows Server 2003 Deployment Kit [Electronic resources] : Deploying Network Services - نسخه متنی

Microsoft Corporation

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
توضیحات
افزودن یادداشت جدید







Implementing Your Connection Manager Solution


After you create your service profile(s), test your remote access solution in its entirety before distributing your service profile to the users.

Figure 9.4 shows the process for implementing your managed remote access client solution using Connection Manager.


Figure 9.4: Implementing Your Connection Manager Solution



Testing Your Remote Access Solution


When testing your solution in a lab, recreate the actual user experience as closely as possible. It is likely that the client will be deployed on computers not directly under the control of your organization, such as a user's home computer. For this reason, it is necessary to test your service profile(s) using a standard set of applications and test on the same types of hardware that you will deploy to.





Important

Test both the server and client portions of your remote access design.


Use the following guidelines to test your deployment:



Load and run the client on each operating system you are supporting for remote access. If you are supporting both dial-up and VPN connections, test both of these types of connections on your test clients.



Test custom actions in detail, using a standard set of application that users might have on their computers. Be sure your test is representative of the end-user experience.



Make sure your phone books are updating. If phone books are not updating, check the URL that is pointing to the phone book server, check for firewall conflicts, and ensure that IIS is correctly configured on PBS server.



Test your distribution method before announcing and rolling it out. For information about establishing a distribution method, see "Distributing Your Connection Manager Service Profiles" later in this chapter.




Distributing Certificates


If you configured the security settings of the VPN Entries in the CMAK wizard to use L2TP/IPSec, you might need to distribute certificates to your users. The certification authority (CA) is generally set up as a Web server. You can either have your CA on the Internet or on your intranet.

Internet Enrollment


With Internet enrollment, users go to a public Web site to obtain their certificates. Internet enrollment is useful if you are using a CA that is provided by another company.


Intranet Enrollment


If certificates are optional but recommended, users can obtain their certificates after connecting to your intranet. Configure the service profile to attempt authentication by using L2TP first. This setting allows the client to attempt a connection using L2TP; if L2TP is not available, the client connects using PPTP. When you configure this setting, the client will first attempt to connect using L2TP each time the client connects. By using this setting, clients can connect the first time by using PPTP and get a certificate. After receiving the certificate, subsequent connections will use L2TP.

You can configure the Connection Manager Certificate Deployment Tool, Cmgetcer.dll, as a custom action. This tool enables the client to get a certificate from the certification authority.

For more information about certification authorities and certificates, see "Designing a Public Key Infrastructure" in Designing and Deploying Directory and Security Services of this kit.


Educating Users About Security


When distributing your service profiles, you should also inform users of their responsibilities in protecting the organization's resources. Educate your users about potential threats and how to avoid them, including:



Enable a personal firewall (such as ICF in Windows XP).



Use strong passwords on their remote computers.



Never save passwords for any connection.

To prevent users from saving their password for this connection, disable the Save Password check box on the Connection Manager client. For more information, see "Providing Advanced Customization" earlier in this chapter.



Lock their computers when they are not actively using them. They do this by password-protecting the screen saver or through the Ctrl-Alt-Delete dialog box.



Do not share VPN connections or run a VPN connection from an ICS host. Sharing the VPN connection allows all computers on the ICS network — using the VPN connection — to access your organization's network and resources using the VPN connection's credentials.





Distributing Your Connection Manager Service Profiles


There are several ways to distribute your service profile, each with costs and benefits. Choose one of the following methods, or provide more than one method to give your users a choice.

Distributing Service Profiles on CD or Floppy Disk


You can distribute CDs or floppy disks containing your self-installing Connection Manager package. Connection Manager and the service profile fit on a floppy disk. However if you want to include other programs, such as anti-virus software, you might need more space than a floppy provides so a CD is a better choice.

The benefit of distributing this way is that you can physically give a copy to all users or send them easily through the mail. However, this solution might be costly and has little inherent security.

Distributing Service Profiles by E-mail


You can send a service profile through e-mail to your users. If you choose to send the service profile through e-mail, ensure that users are able to receive .exe files, because not all e-mail systems allow executable files as attachments.

Distributing Service Profiles by Download


You can set up a Web site where users can download the service profile. Desktop users can download to a floppy disk, and portable-computer users can download directly to their computers from a Web site inside your network.

It is also possible to make the service profile available by download from a Web site over the Internet. However, identify any security risks to your organization before posting your service profile on an Internet site.

Pre-installing Service Profiles


You can install the service profile on each client individually. The benefit of this method is that users are not required to install anything themselves, which can reduce user frustration and calls to your help desk. However, this method requires administrator or help desk resources during the initial installation, which might be a large resource hit during the roll out phase of your deployment. This method is useful when there are a small number of client computers or when all of the client computers and devices are controlled by your organization.

Combining Distribution Methods


You can also use a combination of distribution methods. For example, a company could distribute the Connection Manager service profiles on CD to users who work from their own computers from remote locations, provide downloads for local employees who have portable computers, and pre-install the service profile on any new portable computers before distribution.

/ 146