Windows 2000 Server has many new networking applications. Three new additions to Windows 2000 Server are Internet Information Server 5 (IIS), Telnet, and Terminal Services. All of your networking services rely on standard network protocols, the most important of which is TCP/IP. You should read Section 3.5 of Part I if you’re not familiar with TCP/IP and other basic network protocols.
Internet Information Server allows Windows 2000 to publish and share files within the intranet, across the Internet, or both. In addition to the web server and File Transfer Protocol (FTP) server, Windows 2000 also includes Telnet server and a Windows terminal server.
A web server allows you to publish documents viewable in a variety of web browser clients. This web server supports both standard HTML and Active Server Pages (ASP). When you install IIS, a default web site is created to act as a template as you modify the properties of your web server. These properties are collectively called the web environment. IIS 5 includes a new feature to help you manage your web environment, called WebDAV.
You can create a virtual directory named WebDAV and store your web site files in it. You can then add, remove, modify, search, and lock files in the WebDAV directory remotely by using a Microsoft client, such as Internet Explorer 5 or any Microsoft Office 2000 application. Access to all web directories, including WebDAV, is permissions based.
You can set permissions for the WebDAV folder to control access to the data available through the IIS server. The basic permissions are Read, Write, and Directory Browsing.
The Read permission gives users the ability to view and copy files stored in the WebDAV directory. The Write permission allows users to save files into the WebDAV directory. The Directory Browsing permission allows the user to see all the files in the WebDAV folder.
An FTP server allows you to send and receive files between computers. The IIS FTP server will accept connections from any compatible FTP client, as long as the user has the proper permissions to access the site. One new feature of IIS 5 is that it supports FTP restart. If the FTP client also supports FTP restart, a broken connection can be automatically restarted where it left off, rather than starting over again from the beginning.
Telnet allows you to log in to a computer and remotely execute programs. Telnet has been a part of Unix systems and the Internet in general for quite a long time.
Windows 2000 Server includes a license that only allows two simultaneous Telnet clients to connect, which nearly negates the fact that they included it at all. You can buy more licenses to allow a reasonable amount of simultaneous connections.
Windows 2000 Terminal Services is somewhat like a graphical Telnet session. The application and the data actually reside on a remote server, but the user sees the output of the program on their screen as if they were running the program locally. This is accomplished by the Terminal Services client’s transmitting keyboard and mouse data to the terminal server, which then passes the information along to the application.
Terminal Services allows great flexibility in the client hardware, because all of the actual computing is being done remotely on the server. It also allows an administrator to upgrade only a single copy of the program (on the server) and, the next time clients start the program, that will be the new version. In large organizations this can save hundreds of hours of installing applications on individual workstations.
The one major drawback of using Terminal Services to share applications is that because the terminal server is doing all the computing work for several clients, it needs to be a very fast computer with a huge amount of RAM.
Terminal Services runs in one of two modes, remote administration mode or application server mode . Both of these modes are explained a little later in this section. You have to choose which mode to use when you install Terminal Services.
If Terminal Services is not already installed, you can install it with the Add/Remove Programs applet in the Control Panel. Select Terminal Services from the Add/Remove Windows Components section. The files will be copied from the Windows 2000 Server installation media.
Remote administration mode allows an administrator to control the server as if they were actually logged in locally to the server. This doesn’t require much computing power compared to running application sharing, so it shouldn’t be a major performance drain on the server.
The administrator can connect to the server over any TCP/IP connection. The standard Windows 2000 Server license allows two simultaneous remote administration connections.
Terminal Services allows applications to be stored remotely on a server or servers, and clients can run applications remotely. The performance depends on both the speed of the server and the speed of the connection between the client and the server.
Microsoft requires both a Windows 2000 Client Access license and a Terminal Services Client Access license for each client that connects to the terminal server for application sharing.
Windows 2000 Server’s standard Routing and Remote Access Service (RRAS) is an expanded and improved version of Windows NT RAS. Its major features include a RADIUS server, support for OSPF and RIP for IP routing, IPX routing, demand-dial routing, a multiprotocol router, a virtual private network (VPN) server, and a standard RAS server.
The Remote Access Service part of RRAS should be familiar to anyone who is familiar with RAS for NT. RAS provides support for standard dialup connections or a VPN connection using Point-to-Point Tunneling Protocol (PPTP). Windows 2000 RAS also supports ISDN, DSL, X.25, T-Carrier, and ATM connections through either a modem or an Ethernet interface.
Windows 2000 can provide Internet service using either Internet Connection Sharing (ICS) or Network Address Translation (NAT). However, if you are using the Internet Key Exchange (IKE), you won’t be able to use NAT. IKE is explained in more detail in Part VII, Section 33.7.
In the past, when two remote computers needed to transfer data securely, a dedicated connection was used. A common method was leasing a T1 line over which only the private data was sent between the remote computers. This wasn’t very practical or economical.
With the explosive growth of the Internet, virtually every place can be connected to every other place without having a dedicated line connecting the remote sites. The drawback is security. If you’re sharing a connection with dozens, hundreds, or thousands of other people and using several communications carriers, you can’t be sure your data isn’t being viewed by someone during its journey.
If you can encrypt, or scramble, the data and then send it over the public Internet, you can achieve a virtually private, secure connection without a dedicated line. Instead of using standard PPP, a VPN uses a more secure protocol, such as Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), or IPSec. All of these protocols are supported by Windows 2000 Server.