The process of comparing and matching a client s credentials with the

Document Sample
The process of comparing and matching a client s credentials with the Powered By Docstoc
					Network+ Guide to Networks, 6th Edition   10-1

Chapter 10
Virtual Network and Remote Access

At a Glance

Instructor’s Manual Table of Contents
   Overview

   Objectives

   Teaching Tips

   Quick Quizzes

   Class Discussion Topics

   Additional Projects

   Additional Resources

   Key Terms
Network+ Guide to Networks, 6th Edition                                                        10-2

Lecture Notes

This chapter describes the networking components of virtual environments beyond the virtual
LAN or VLAN. It discusses virtualization along with the tools used to provide remote access
and various remote access technologies. These technologies cover both network access and
remote access to computing resources (desktops or client computers).

Chapter Objectives
After reading this chapter and completing the exercises, the student will be able to:
    Explain virtualization and identify characteristics of virtual network components
    Create and configure virtual servers, adapters, and switches as part of a network
    Describe techniques for incorporating virtual components in VLANs
    Explain methods for remotely connecting to a network, including dial-up networking,
        virtual desktops, and thin clients
    Discuss VPNs (virtual private networks) and the protocols they rely on
    Identify the features and benefits of cloud computing and NaaS (Network as a Service)

Teaching Tips
    1. Describe the basic terminology of virtualization.

    2. Use Figure 10-1 to describe the components of a virtualization environment.

    3. Explain the advantages of virtualization.

    4. Explain the disadvantages of virtualization.

    5. Explain that all virtualization providers have similar functionality, but differ in features,
       interfaces, and ease of use.

                 Ensure that students understand that the use of virtualization is a convenience,
                 but that the convenience comes with a high price and potential for server sprawl
                 caused by virtualization.
Network+ Guide to Networks, 6th Edition                                                      10-3

Virtual Network Components

    1. Explain that virtual machines must connect to physical networks and the components
       that connect virtual machines to the physical network are the virtual network
       components inside the host machine.

Virtual Machines and Adapters

    1. Explain that a VM’s software and hardware characteristics are assigned when it is
       created in the virtualization program.

    2. Use Figure 10-2 as an example of specifying the hardware resources of a virtual

    3. Explain the purpose of the vNIC.

    4. Use Figure 10-3 as an example of a virtual network adapter’s settings.

    5. Remind students that every vNIC assigned to a virtual machine has a new MAC address
       assigned to it at creation.

Virtual Switches and Bridges

    1. Explain the function of virtual switches and virtual bridges.

    2. Use Figure 10-4 to explain the connections between virtual machines via a virtual

    3. Explain that the hypervisor controls virtual switches and bridges in the memory of the
       host computer.

    4. Explain that virtual switches offer users the ability to configure the network traffic any
       way that they need for the various applications that are being run by the user.

    5. Use Figure 10-5 to show an example of virtual switches passing traffic through a router.

Network Connection Types

    1. Explain that whenever you configure a virtual NIC, you will need to select the
       connection type for the interface.

    2. Define the three modes of connection common to virtual connections: bridged, NAT,
       and host-only.

    3. Explain the benefits of the bridged networking mode, such as Internet facing servers.

    4. Define the services that one might need to provide on a bridged network connection.
Network+ Guide to Networks, 6th Edition                                                     10-4

    5. Remind students of the disadvantages of a bridged connection.

    6. Use Figures 10-6 and 10-7 to explain a bridged connection.

    7. Use Figures 10-8 and 10-9 to show an example of a NAT connection.

    8. Explain the services that the host provides for a NAT connection.

    9. Discuss the advantages and disadvantages of a NAT connection.

    10. Explain the circumstances where you might want to use a host-only connection for a
        guest versus the other types.

    11. Use Figure 10-10 to demonstrate a host-only connection.

    12. Explain the limitations of a host-only connection.

Virtual Appliances

    1. Define a virtual appliance.

    2. Explain that there are both commercial and non-commercial sources of virtual

    3. Define the advantages of a virtual appliance over installing software on a traditional

Teaching         Have students visit the VMWare Solution Exchange to see a list of potential
Tip              appliances at

Virtual Networks and VLANs
    1. Remind students of the function of VLANs from Chapter 6.

    2. Explain that physical adapters can present multiple VLANs to a virtual machine host.

    3. Explain how VMWare handles VLANs, physical NICs, and port groups.

    4. Use Figure 10-11 to explain an example of how you can configure a single NIC to
       connect multiple VLANs to virtual guests.
Network+ Guide to Networks, 6th Edition                                                    10-5

                 Explore the VMWare best practices for using multiple VLANs from VMWare at

Quick Quiz 1
    1. True or False: Virtualization is the emulation of a computer, operating system
       environment, or application on a physical system.
       Answer: True

    2. When multiple virtual machines contend for finite physical resources, one virtual
       machine could _____ those resources and impair the performance of other virtual
       machines on the same computer.
          a. reframe
          b. repair
          c. monopolize
          d. optimize
       Answer: C

    3. The software that allows you to define VMs and manages resource allocation and
       sharing among them is known as a virtual machine manager, or, more commonly, a(n)
       Answer: hypervisor

    4. True or False: VMs that must be available at a specific address, such as mail servers or
       Web servers, should be assigned host-only network connections.
       Answer: False

    5. In _____ networking mode, VMs on one host can exchange data with each other and
       with their host, but they cannot communicate with any nodes beyond the host.
           a. host-only
           b. bridged
           c. NAT
           d. network-only
       Answer: A

    6. True or False: To add VMs to a VLAN defined on a physical network, you modify a
       switch’s configuration.
       Answer: False
Network+ Guide to Networks, 6th Edition                                                      10-6

Remote Access and Virtual Computing
    1. Explain why a user might need to connect to a remote network for services.

    2. Point out that there are a variety of remote access methods that fit various access

    3. Explain that dial-up networking, Microsoft’s RAS or RRAS, as well as VPNs, are just
       some of many remote access methods.

Dial-Up Networking

    1. Define and describe dial-up networking methods.

    2. Point out that dial-up networking can use a variety of transmission methods from PSTN
       to ISDN.

    3. Mention that dial-up networking does not provide either the throughput or reliability
       required for many of today’s modern applications.

    4. Describe how dial-up networking requires a great deal of an administrator’s time and
       energy to properly maintain an appropriate level of service.

Teaching         Point out that dial-up networking is useful in many scenarios, including a domain
Tip              logon:

Remote Access Servers

    1. Explain the purpose of a remote access server.

    2. Use Figure 10-12 to explain how remote clients connect via a remote access server.

    3. Emphasize that remote access servers come in a variety of configurations, including
       dedicated devices and servers with the remote access role.

Remote Access Protocols

    1. Define and describe the two most popular remote access protocols, SLIP and PPP.

    2. Note that SLIP can only carry IP packets, but that PPP can carry any protocol.

    3. Describe the differences between synchronous and asynchronous protocols.

    4. Describe the advantages of using PPP over SLIP.
Network+ Guide to Networks, 6th Edition                                                      10-7

    5. Emphasize that the flexibility of PPP has caused many ISPs to adopt it using PPP over
       Ethernet for many broadband applications.

    6. Use Figure 10-16 to explain the placement of PPPoE in the OSI model.

Remote Virtual Computing

    1. Point out that there are two main uses of remote virtual computing, which include
       remote assistance and access to remote applications (including whole desktops).

    2. Describe the advantages of Remote Desktop.

    3. Describe the features of VNC (Virtual Network Computing).

    4. Describe the advantages of ICA (Independent Computing Architecture).

Teaching      Students may find more information about the clients available for ICA from

VPNs (Virtual Private Networks)
    1. Note that virtual private networks establish connections between sites or sites and
       clients over public networks.

    2. Explain how VPNs can be used to reduce costs for remote workers.

    3. Emphasize that the two most important factors with VPNs are interoperability and

    4. Review the two classifications of VPNs, client-to-site and site-to-site.

    5. Use Figure 10-14 to visualize a site-to-site VPN.

    6. Note that the endpoint of each side of a VPN is responsible for encrypting and
       decrypting the traffic sent over the link.

    7. Use Figure 10-15 to describe a client-to-site VPN.

    8. Explain the two most popular VPN tunneling protocols, PPTP and L2TP.
Network+ Guide to Networks, 6th Edition                                                  10-8

Cloud Computing
    1. Define cloud computing, which has the following characteristics no matter what kind of
       service is offered.
           a. Self-service and on demand
           b. Elastic
           c. Support for multiple platforms
           d. Resource pooling and consolidation
           e. Metered service

    2. Explain that Figure 10-16 is an example of a cloud computing model.

Teaching      Students may find more information various cloud services from Amazon at

Quick Quiz 2
    1. True or False: Many remote access methods exist, and they vary according to the type
       of transmission technology, clients, hosts, and software they can or must use.
       Answer: True

    2. True or False: Traditional dial-up networking can provide the quality required by many
       network applications.
       Answer: False

    3. ____________________ transmission was designed for communication that happens at
       random intervals, such as sending the keystrokes of a person typing on a remote
       Answer: Asynchronous

    4. True or False: Many types of remote virtual computing software exist, and they differ
       significantly in their capabilities, security mechanisms, and supported platforms.
       Answer: False

    5. Two important considerations when designing a VPN are _____ and security.
          a. reliability
          b. interoperability
          c. availability
          d. performance
       Answer: B
Network+ Guide to Networks, 6th Edition                                                   10-9

Class Discussion Topics
    1. Discuss the benefits of cloud computing.

    2. Discuss why an organization would want to develop an enterprise-wide approach to
       remote access via VPNs.

Additional Projects
    1. Have the student research the available cloud computing services offering infrastructure
       services. Students should be sure to use the common features of a cloud computing
       platform to ensure that the service they are reporting on is a cloud computing service
       according to the text.

    2. Have students research policies and procedures at several organizations surrounding
       either cloud computing or remote access, including remote desktops. Students may also
       want to research the controversy surrounding companies that want to provide these
       services commercially for certain popular applications, like Microsoft Office, in the
       context of what they learn from their policy and procedure research.

Additional Resources
    1. OpenVPN

    2. PPP and PPPoE

    3. PPTP (RFC2637)

    4. Remote Desktop Protocol

    5. RFB (VNC) Protocol
Network+ Guide to Networks, 6th Edition                                                 10-10

Key Terms
     Anything as a Service See XaaS.
     authentication The process of comparing and matching a client’s credentials with the
      credentials in the NOS user database to enable the client to log on to the network.
     client-to-site VPN A type of VPN in which clients, servers, and other hosts establish
      tunnels with a private network using a remote access server or VPN gateway. Each
      client on a client-to-site VPN must run VPN software to create the tunnel for, and
      encrypt and encapsulate data.
     cloud computing The flexible provision of data storage, applications, or services to
      multiple clients over a network. Cloud computing consolidates resources and is elastic,
      metered, self-service, multiplatform, and available on demand.
     credentials A user’s unique identifying characteristics that enable him to authenticate
      with a server and gain access to network resources. The most common credentials are a
      username and a password.
     dial-up networking The process of dialing into a remote access server to connect with
      a network, be it private or public.
     elastic A characteristic of cloud computing that means services can be quickly and
      dynamically—sometimes even automatically—scaled up or down.
     Everything as a Service See XaaS.
     guest In the context of virtualization, a virtual machine operated and managed by a
      virtualization program.
     host In the context of virtualization, the physical computer on which virtualization
      software operates and manages guests.
     Hyper-V Microsoft’s virtualization software package. Hyper-V operates with Windows
      Server 2008 and Windows Server 2008 R2.
     hypervisor The element of virtualization software that manages multiple guest
      machines and their connections to the host (and by association, to a physical network).
      A hypervisor is also known as a virtual machine manager.
     ICA (Independent Computing Architecture) The software from Citrix Systems, Inc.,
      that, when installed on a client, enables the client to connect with a host computer and
      exchange keystrokes, mouse clicks, and screen updates. Citrix’s ICA client can work
      with virtually any operating system or application.
     Kernel-based Virtual Machine See KVM.
     KVM (Kernel-based Virtual Machine) An open source virtualization package
      designed for use with Linux systems.
     L2TP (Layer 2 Tunneling Protocol) A protocol that encapsulates PPP data, for use on
      VPNs. L2TP is based on Cisco technology and is standardized by the IETF. It is
      distinguished by its compatibility among different manufacturers’ equipment; its ability
      to connect between clients, routers, and servers alike; and also by the fact that it can
      connect nodes belonging to different Layer 3 networks.
     Layer 2 Tunneling Protocol See L2TP.
     multitenant A feature of cloud computing in which multiple customers share storage
      locations or services without knowing it.
     NaaS (Network as a Service) A type of cloud computing that offers clients a complete
      set of networking services—for example, mail, Web, DNS, DHCP, and remote access
      services, plus LAN and WAN connectivity.
     Network as a Service See NaaS.
Network+ Guide to Networks, 6th Edition                                                  10-11

     open source The term that describes software whose code is publicly available for use
      and modification.
     Point-to-Point Protocol See PPP.
     Point-to-Point Protocol over Ethernet See PPPoE.
     Point-to-Point Tunneling Protocol See PPTP.
     PPP (Point-to-Point Protocol) A communications protocol that enables a workstation
      to connect to a server using a serial connection. PPP can support multiple Network layer
      protocols and can use both asynchronous and synchronous communications. It performs
      compression and error correction and requires little configuration on the client
     PPPoE (Point-to-Point Protocol over Ethernet) PPP running over an Ethernet
     PPTP (Point-to-Point Tunneling Protocol) A Layer 2 protocol developed by
      Microsoft that encapsulates PPP data for transmission over VPN connections. PPTP
      operates with Windows RRAS access services and can accept connections from
      multiple different clients. It is simple, but less secure than other modern tunneling
     private cloud An arrangement in which shared and flexible data storage, applications,
      or services are managed on and delivered via an organization’s internal network.
     public cloud An arrangement in which shared and flexible data storage, applications, or
      services are managed centrally by service providers and delivered over public
      transmission lines, such as the Internet. Rackspace and Amazon (with its EC2 offering)
      are leading public cloud service providers.
     RAS (Remote Access Service) The dial-up networking software provided with
      Microsoft Windows 95, 98, NT, and 2000 client operating systems. RAS requires
      software installed on both the client and server, a server configured to accept incoming
      clients, and a client with sufficient privileges (including username and password) on the
      server to access its resources. In more recent versions of Windows, RAS has been
      incorporated into the RRAS (Routing and Remote Access Service).
     RDP (Remote Desktop Protocol) An Application layer protocol that uses TCP/IP to
      transmit graphics and text quickly over a remote client-host connection. RDP also
      carries session, licensing, and encryption information.
     remote access A method for connecting and logging on to a LAN from a workstation
      that is remote, or not physically connected, to the LAN.
     Remote Access Service See RAS.
     Remote Desktop A feature of Windows operating systems that allows a computer to
      act as a remote host and be controlled from a client running another Windows operating
     Remote Desktop Protocol See RDP.
     Routing and Remote Access Service (RRAS) The software included with Windows
      operating systems that enables a server to act as a router, firewall, and remote access
      server. Using RRAS, a server can provide network access to multiple remote clients.
     RRAS See Routing and Remote Access Service.
     Serial Line Internet Protocol See SLIP.
     site-to-site VPN A type of VPN in which VPN gateways at multiple sites encrypt and
      encapsulate data to exchange over a tunnel with other VPN gateways. Meanwhile,
      clients, servers, and other hosts on a site-to-site VPN communicate with the VPN
Network+ Guide to Networks, 6th Edition                                                 10-12

     SLIP (Serial Line Internet Protocol) A communications protocol that enables a
      workstation to connect to a server using a serial connection. SLIP can support only
      asynchronous communications and IP traffic and requires some configuration on the
      client workstation. SLIP has been made obsolete by PPP.
     thin client A client that relies on another host for the majority of processing and hard
      disk resources necessary to run applications and share files over the network.
     tunnel A secured, virtual connection between two nodes on a VPN.
     tunneling The process of encapsulating one type of protocol in another. Tunneling is
      the way in which higher-layer data is transported over VPNs by Layer 2 protocols.
     virtual adapter See vNIC.
     virtual appliance An image that includes the appropriate operating system, software,
      hardware specifications, and application configuration necessary for a prepackaged
      solution to run properly on a virtual machine.
     virtual bridge An interface connecting a vNIC with a virtual or physical network, or a
      port on a virtual switch.
     virtual desktop A desktop operating environment that is hosted virtually, on a different
      physical computer from the one the user interacts with.
     virtual machine See VM.
     virtual machine manager See hypervisor.
     Virtual Network Computing See VNC.
     virtual network interface card See vNIC.
     virtual private network See VPN.
     virtual server A server that exists as a virtual machine, created and managed by
      virtualization software on a host, or physical, computer.
     virtual switch A logically defined device that is created and managed by virtualization
      software and that operates at the Data Link layer. Ports on a virtual switch connect
      virtual machines with a network, whether virtual or physical, through the host’s
      physical NIC.
     virtual workstation A workstation that exists as a virtual machine, created and
      managed by virtualization software on a host, or physical, computer.
     VirtualBox A virtualization software platform from Oracle.
     virtualization The emulation of a computer, operating system environment, or
      application on a physical system.
     VM (virtual machine) A computer that exists in emulation on a physical computer, or
      host machine. Multiple VMs may exist on one host where they share the physical
      computer’s CPU, hard disk, memory, and network interfaces.
     VMware A vendor that supplies the most popular types of workstation and server
      virtualization software. Used casually, the term VMware may also refer to the
      virtualization software distributed by the company.
     VNC (Virtual Network Computing) An open source system that enables a remote
      client (or viewer) workstation to manipulate and receive screen updates from a host.
      Examples of VNC software include RealVNC, TightVNC, and UltraVNC.
     vNIC (virtual network interface card) A logically defined network interface
      associated with a virtual machine.
Network+ Guide to Networks, 6th Edition                                                 10-13

     VPN (virtual private network) A logically constructed WAN that uses existing public
      transmission systems. VPNs can be created through the use of software or combined
      software and hardware solutions. This type of network allows an organization to carve
      out a private WAN through the Internet, serving only its offices, while keeping the data
      secure and isolated from other (public) traffic.
     XaaS (Anything as a Service, or Everything as a Service) A type of cloud computing
      in which the cloud assumes functions beyond networking, including, for example,
      monitoring, storage, applications, and virtual desktops.
     Xen An open source virtualization software platform from Citrix Systems.

Shared By: