dcsimg
 

ExamSim MCSE 2000: Connecting Remote Offices

by ServerWatch Staff

(Each week we present a question similar to those you will find in our ExamSim software. If you are interested in purchasing the ExamSim software, just click the ExamSim MCSE 2000 link)You are the new network administrator for a small company. This company has about 800 computers spread across two physical locations. The central office is in Dallas, TX and there are about 500 computers at that location. The company also has an office in Laramie, WY where they have a little over 300 computers. The network infrastructure includes a variety of Windows-based clients, including Windows 95, Windows 98, Windows NT 4.0 and Windows 2000 Servers and workstations.

Thomas Shinder

(Each week we present a question similar to those you will find in our ExamSim software. If you are interested in purchasing the ExamSim software, just click the ExamSim MCSE 2000 link)

You are the new network administrator for a small company. This company has about 800 computers spread across two physical locations. The central office is in Dallas, TX and there are about 500 computers at that location. The company also has an office in Laramie, WY where they have a little over 300 computers. The network infrastructure includes a variety of Windows-based clients, including Windows 95, Windows 98, Windows NT 4.0 and Windows 2000 Servers and workstations.

The company would like to connect the two locations in a cost-efficient manner. Before you came on the job, the company had hired a consultant who told them the only way to connect the offices was to obtain a dedicated Frame Relay connection which included monthly line charges as well as packet charges. The company tried this solution for a month, and found it to be cost-prohibitive. They decided to stop the dedicated Frame Relay link between the sites and now wish for you to come up with an answer.

Which of the following solutions would allow the company to connect the offices in a cost-effective manner?

  1. Install a Windows 2000 Professional machine in each office and make each of them a NAT Server. The NAT Servers will be used to link each of the offices in NAT gateway-to-gateway solution using 56Kpbs dedicated analog links.
  2. Install a Windows 2000 Server computer in each office and enable the Routing and Remote Access Service. Create a one-way VPN link from the Dallas to the Laramie office using a dedicated ISDN connection.
  3. Install a Windows 2000 Server computer in each office and enable the Routing and Remote Access Service. Create demand-dial routes at each office that connects to the other office. Use ISDN adapters at each site to connect the Servers to each other.
  4. Install a Windows 2000 Server computer in each and enable the Routing and Remote Access Service. At each site, obtain a local ISP account and configure a dedicated connection on both servers to connect to their local ISPs. Configure a demand-dial VPN connection at each site to connect the sites to one another via the VPN.

The correct answers are C and D.

If you would like to see the explanations for this question, check out the next page link below.

Thomas Shinder

This question focuses on your level of understanding of WAN internetworking, the Windows 2000 Routing and Remote Access Service, Demand Dial Routing, and Virtual Private Networking. Like most of the Windows 2000 MCSE exam questions you'll run into, this question tests your understanding of multiple subjects, and your ability to integrate your knowledge of those subjects.

This company was sold a bill of goods with their previous consultant, because the most expensive option you have to connect two sites together is via dedicated WAN links. This company had to pay quite a bit of money to connect to the two sites via a dedicated Frame Relay line. With the technologies available in Windows 2000, a company of this size does not need to incur the expense of dedicated connections.

There are actually two viable solutions to this company's problem:

  1. The company could configure a Windows 2000 Server at each site and enable the Routing and Remote Access Service on each computer. On each of the Windows 2000 Servers, you could configure a demand-dial routing connection to connect the servers to each other. This would allow the users from both sites to take advantage of the demand-dial route to access resources on the opposite network. The demand-dial route can be configured to drop the connection after a short period of inactivity, and therefore avoid the costs of a long-distance connection that is not being actively used.
  2. The company could take advantage of a second option that includes the use of a virtual demand-dial route. In this example, you would have a Windows 2000 Server at each office and configure each of them to be VPN Servers. In this case, each server would have a dedicated link to the Internet via a local ISP. You could configure ISDN connections for each of the computers to their local ISPs, and then create a demand-dial VPN link on each RRAS Server to the other server. The advantage to this solution is that the offices will be able to access each other's resources via the link, but they will also be able to access Internet resources because of their connection to the Internet.

The key to cost savings in this example is to take advantage of technologies that prevent you from requiring a long distance dedicated link between the sites. In the first approach, you use an on-demand point-to-point connection between the offices and do not use the Internet. In this second scenario, you take advantage of the Internet and never incur any long distance charges.

For an explanation of demand-dial routing, click the link before for the next page.

Thomas Shinder

A demand-dial route is a connection that is created temporarily between networks that allows them to exchange information. For example, you might have two private networks with network IDs 192.168.1.0/24 and 192.168.2.0/24 and you want to them to able to exchange packets. In order to do so, you need to install a device that can route packets between the networks. If these networks were connected via fast Ethernet links, you could use a dedicated hardware router, or a multihomed Windows 2000 Server machine as a software router. The Ethernet connections are dedicated connections; they are "always on".

But when sites are geographically disparate, the issue of dedicated connections becomes a little more complex. You can create dedicated point-to-point links between the sites, but this can become prohibitively expensive. You could also configure virtual private links between the sites, but leaving those links open all the time could represent a security risk.

The demand-dial solution addresses both of these problems. If you choose the more secure point-to-point solution, you configure a static route on your Windows 2000 RRAS Server to direct all packets to the other network via a demand-dial connection. When a user on one of the networks seeks to access a resource on the other network, the packet is sent to the RRAS Server for routing. The static route instructs the router to forward the packet using the demand-dial route and a dial-up connection is established. When the connection becomes idle for a specified period of time, the connection is dropped. The company saves money because they do not need to support a dedicated long-distance connection.

In the VPN demand-dial scenario, the overall costs of ISP and local line charges should be less than that of a dedicated long distance point-to-point connection. The issue with a VPN connection is security. From a security standpoint, you would prefer that the door open to your private network's data remain closed as much as possible. To accomplish this end you can configure a demand-dial VPN connection. To increase security, you could filter out all but VPN connections sources from your own VPN gateways. Of course, this alternative will not enable Internet access for the sites.

For coverage is answer to the question, go to the next page via the link below.

Thomas Shinder

Answer A is incorrect because you cannot make Windows 2000 Professional machines demand dial routers. Windows 2000 Professional does not include the Routing and Remote Access service and therefore you cannot create demand-dial routing connections between the sites with this solution. In addition, NAT (Network Address Translation) does not allow you to configure demand-dial links and is not involved with the creation of demand-dial routing or VPN demand-dial links. NAT is one of the routing protocols included in the Windows 2000 Routing and Remote Access service.

Answer B is incorrect because you run into the cost-prohibitive solution of using dedicated point-to-point links between the sites. If the company were to maintain continuous point-to-point links via two ISDN modems, they would have to pay long distance charges for the time online, as well as possible packet charges depending on the policies of the local telephone company. This is also a somewhat unusual setup in that a dedicated point-to-point connection is used to tunnel data between the sites. This can be done to add more security, however. Another problem is that the connection is a one-way connection, which would leave the other users unable to access resources on the opposite subnet.

Answer C is correct because you can save money by creating a demand-dial point-to-point routed connection between the sites. The link will stay active only as long as it is needed, and then the line will be dropped.

Answer D is correct because you can save money by using dedicated connections to local ISPs, and then create demand-dial VPN connections to route packets between VPN gateways. The link will remain active only as long as it is needed, and then the tunnel is torn down. This adds security to the VPN solution.

This article was originally published on Monday Nov 20th 2000
Home
Mobile Site | Full Site