Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring Mobile Computing and Remote Access

Published byPeter Hutchinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Configuring Mobile Computing and Remote Access"— Presentation transcript:

1 Configuring Mobile Computing and Remote Access
Presentation: 75 minutes Lab: 45 minutes After completing this module, students will be able to: Describe the configuration of mobile computers and device settings. Explain how to configure virtual private network (VPN) access. Explain how to configure Remote Desktop and Remote Assistance. Provide an overview of DirectAccess. Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 20687B_11.pptx. Important: We recommend that you use PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version, all the features of the slides might not display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Module 11 Configuring Mobile Computing and Remote Access

2 Overview of DirectAccess
20687B Module Overview 11: Configuring Mobile Computing and Remote Access Overview of DirectAccess This module helps students identify and configure the appropriate mobile computer for their needs, and describes the various mobile devices available and how to synchronize them with a computer that is running the Windows® 8 operating system. Additionally, this module describes various power options that students can configure in Windows 8. With DirectAccess and VPN Reconnect, Windows 8 helps end-users to be productive, regardless of where they are, or where the data they need resides. Talk about the increasing need for mobile computing and remote access. Consider asking students about their experiences in using mobile technologies to access their workplace network. Discuss about how the different features of Windows 8 improve the mobile computing and remote access end-user experience. Also, stress that Remote Access is not only for mobile computers, but that desktop computers use it as well.

3 Lesson 1: Configuring Mobile Computers and Device Settings
11: Configuring Mobile Computing and Remote Access Demonstration: Configuring Power Plans This lesson focuses on configuring mobile computer and device settings, including the creation of mobile device-sync partnerships and configuration of power plans.

4 Discussion: Types of Mobile Computers and Devices
11: Configuring Mobile Computing and Remote Access How do mobile computers differ from desktops? What are key end-user needs that mobile computers resolve? Computers play an important part in people’s daily lives, and the ability to carry out computing tasks at any time and in any place has become a necessity for many users. A mobile computer is a device that you can continue to use for work, while you are away from your office. Have students identify and describe the features of various mobile computing devices. Make sure they describe the differences between the various types of available mobile devices. Discussion prompt: Ask students about the types of mobile computers they use. How do mobile computers differ from desktops? What are the key end-user needs that mobile computers resolve?

5 Tools for Configuring Mobile Computers and Device Settings
11: Configuring Mobile Computing and Remote Access Tool Features Power Options Battery meter Power plans Windows Mobility Center Key system settings collected in one place Display brightness, power plan, volume, wireless networking, external display settings, display orientation, and synchronization status Windows Mobile Device center Synchronize various content including music, video, contacts, calendar events, web browser favorites, and other files between Windows Phone devices and Windows 8 Sync Center Sync data between desktop computers, network servers, and mobile devices Show current status of all sync partnerships Presentation Settings Reconfigure your computer for a presentation One click changes multiple settings When you select a mobile computer operating system, ensure that the mobile computer can adapt to a variety of scenarios. Windows 8 provides you with the opportunity to change configuration settings quickly and easily, based on specific requirements. Demonstration Consider demonstrating these tools as you discuss them. Discussion prompt: Ask students to talk about the mobile devices they use. Focus on the available types of mobile devices and their configuration options. Question Aside from USB, how can you establish a connection for synchronizing a Windows Phone device? Answer Depending upon the specific device, you can establish a connection for synchronizing a Windows Phone device with Bluetooth, wireless, and Infrared connections.

6 What Are Mobile Device Sync Partnerships?
11: Configuring Mobile Computing and Remote Access Mobile device sync partnerships update information about the mobile device and the host computer Desktop Files sent to mobile device Mobile device Files sent to desktop A mobile device sync partnership updates information about the mobile device and the host computer. It typically synchronizes calendar information, clocks, and messages, in addition to Microsoft Office documents, and media files on supported devices. You can create mobile device sync partnerships with PDAs, mobile phones, Windows Mobile devices, and portable media players. Discussion prompt: Ask students about the methods they use to synchronize their mobile devices.

7 Power Plans and Power-Saving Options
20687B Power Plans and Power-Saving Options 11: Configuring Mobile Computing and Remote Access Power plan Description Power Saver This plan saves power on a mobile computer by reducing system performance. Its primary purpose is to maximize battery life. High performance This plan provides the highest level of performance on a mobile computer by adapting processor speed to your work or activity, and by maximizing system performance. Balanced This plan balances energy consumption and system performance by adapting the computer’s processor speed to your activity. Windows 8 power options enable the user to conserve a mobile computer’s battery. Demonstration: Consider combining the demonstration in the next topic with this content as you discuss it to reinforce the students’ understanding. Method for turning a computer on or off Data storage state Power needs Sleep or Standby System State Saved to Memory Low Hibernate System State Saved to Disk None Shut Down All Data Saved to Disk

8 Demonstration: Configuring Power Plans
20687B Demonstration: Configuring Power Plans 11: Configuring Mobile Computing and Remote Access In this demonstration, you will see how to configure a power plan Leave the virtual machines running for the subsequent demonstrations. Preparation Steps You will require the 20687B-LON-DC1 and 20687B-LON-CL1 virtual machines for this demonstration. Demonstration Steps Create a power plan for Adam’s laptop Sign in to LON-CL1 as Adatum\Adam using the password Pa$$w0rd. On the Start screen, click Desktop. Pause the pointer in the lower-right corner of the display, and then click Settings. Click Control Panel. Click System and Security, click Power Options, and then on the left, click Create a power plan. On the Create a power plan page, click Power saver. In the Plan name box, type Adam’s plan, and then click Next. Configure the power plan On the Change settings for the plan: Adam’s plan page, in the Turn off the display box, click 3 minutes, and then click Create. In Power Options, next to Adam’s plan, click Change plan settings. On the Change settings for the plan: Adam’s plan page, click Change advanced power settings. Configure the following properties for the plan, and then click OK. Turn off hard disk after: 10 minutes Wireless Adapter Settings, Power Saving Mode: Maximum Power Saving Power buttons and lid, Power button action: Shut down (More notes on the next slide)

9 11: Configuring Mobile Computing and Remote Access
On the Change settings for the plan: Adam’s plan page, click Cancel. Close the Power Options window. Sign out from LON-CL1. Question Why is it not possible to configure options such as what occurs when the user shuts the computer’s lid in the Wireless Adapter Settings, Power Saving Mode? Answer This virtual machine emulates a desktop computer, and those options are unavailable on desktop computers.

10 Lab A: Configuring a Power Plan
11: Configuring Mobile Computing and Remote Access Exercise 1: Creating and Configuring a New Power Plan Exercise 1: Creating and Configuring a New Power Plan Adam wants to ensure that his computer’s battery lasts as long as possible between charges while he is on his trip. He does not want to impose on his customers by asking to plug his computer into an electrical socket at their offices, and would rather charge his laptop in the evenings at his hotel. Virtual Machines B-LON-DC1 20687B-LON-CL1 User Name Adatum\Adam Password Pa$$w0rd Logon Information Estimated Time: 15 minutes

11 20687B Lab Scenario 11: Configuring Mobile Computing and Remote Access Adam is about to take a long trip to visit all of A. Datum’s customers in the United Kingdom. Before he leaves, he would like you to optimize the power consumption on his Windows 8 laptop.

12 20687B Lab Review 11: Configuring Mobile Computing and Remote Access In the lab, you configured a power plan to optimize the battery life of Adam’s laptop computer. What are the compromises that arise from this? Question In the lab, you configured a power plan to optimize the battery life of Adam’s laptop computer. What are the compromises that arise from this? Answer Enabling some power-saving features can affect performance so that programs may take longer to perform typical workloads. Often, you must strike a balance between battery life and performance.

13 Lesson 2: Configuring VPN Access
20687B Lesson 2: Configuring VPN Access 11: Configuring Mobile Computing and Remote Access Demonstration: Creating a Connection Profile

14 What Is a VPN Connection?
20687B What Is a VPN Connection? 11: Configuring Mobile Computing and Remote Access Large Branch Office Medium Branch Office Small Branch Office Home Office with VPN Client Remote User with VPN Client Corporate Headquarters VPN VPN Server A VPN provides a point-to-point connection between components of a private network, through a public network such as the Internet Describe how an enterprise can use a VPN connection to connect remote network clients. Present the slide while explaining the benefits of using a public network (the Internet) to tunnel securely into the corporate local area network (LAN) and gain access to resources. The main benefits of using a VPN connection, rather than a dial-up connection, are cost savings and increased bandwidth. Explain a VPN connection’s properties for each of the following: Encapsulation Authentication Data Encryption

15 Tunneling Protocols for VPN Connections
20687B Tunneling Protocols for VPN Connections 11: Configuring Mobile Computing and Remote Access Windows 8 supports four VPN tunneling protocols: PPTP L2TP/IPsec SSTP IKEv2 Talk about the different support for each of the client protocols. You might want to discuss the port requirements for each VPN protocol: To implement PPTP, you must configure your firewall to pass TCP Port 1723. To implement L2TP, you must configure your firewall to pass UDP Port 500, UDP Port 1701, UDP Port 4500, and IP Protocol ID 50. To implement SSTP, you must configure your firewall to pass TCP port 443 To implement IKEv2, you must configure your firewall to pass UDP port 500.

16 20687B VPN Authentication 11: Configuring Mobile Computing and Remote Access When selecting authentication, always choose the strongest and most secure form of authentication supported by all the components within your network infrastructure Discuss each of these authentication methods with the students. Ask them to choose which authentication method they might select. Emphasize that the more secure the method, the better. Available methods: PAP CHAP MS-CHAPv2 EAP Digital certificates

17 20687B What Is VPN Reconnect? 11: Configuring Mobile Computing and Remote Access The VPN Reconnect feature maintains connectivity across network outages Windows 8 improves the end-user experience for those enterprises that are still using VPN connectivity. With the help of the slide, give an overview of VPN Reconnect. You can provide students with the following example for VPN Reconnect: Consider a user with a laptop that is running Windows 8. When the user travels to work in a train, he or she connects to the Internet with a wireless mobile broadband card, and then establishes a VPN connection to the company’s network. When the train passes through a tunnel, the Internet connection is lost. After the train emerges from the tunnel, the wireless mobile broadband card reconnects to the Internet automatically. With Windows Vista and earlier client operating systems, VPN did not reconnect automatically. Therefore, the user manually had to repeat the multistep process of connecting to the VPN. This was time-consuming for mobile users with intermittent connectivity. VPN Reconnect: Provides seamless and consistent VPN connectivity Uses the IKEv2 technology Automatically reestablishes VPN connections when connectivity is available Maintains the connection if users move between different networks Makes the connection status transparent to users

18 Demonstration: Configuring a VPN
20687B Demonstration: Configuring a VPN 11: Configuring Mobile Computing and Remote Access This demonstration shows how to configure VPN client settings Leave the virtual machines running for subsequent demonstrations. Preparation Steps You require the 20687B-LON-DC1 and 20687B-LON-CL1 virtual machines for this demonstration. These should already be running. Demonstration Steps Create a new VPN connection Switch to the NYC-CL1 computer and sign in as Adatum\Administrator with the password Pa$$w0rd. Open Control Panel. In the Control Panel window, under Network and Internet, click View network status and tasks. In the Network and Sharing Center window, under Change your networking settings, click Set up a new connection or network. In the Choose a connection option dialog box, click Connect to a workplace, and then click Next. In the Connect to a workplace dialog box, select the Use my Internet connection (VPN) option. When prompted, select I’ll set up an Internet connection later. In the Type the Internet address to connect to dialog box, specify an Internet address of and a Destination name of HQ, and then click Create. Configure the VPN connection In the Network and Sharing Center window, click Change adapter settings. On the Network Connections page, right-click HQ, and then click Properties. In HQ Properties, click the Security tab. (More notes on the next slide)

19 11: Configuring Mobile Computing and Remote Access
Click Allow these protocols. In the Type of VPN list, click Point to Point Tunneling Protocol (PPTP), and then click OK. On the Network Connections page, right-click HQ, and then click Connect/Disconnect. Test the connection In the Networks list on the right, click HQ, and then click Connect. Use the following information in the Network Authentication text boxes, and then click OK: User name: Adatum\Administrator Password: Pa$$w0rd The VPN connects. Right-click HQ, and then click Connect/Disconnect. Click HQ, and then click Disconnect.

20 What Is the Connection Manager Administration Kit?
20687B What Is the Connection Manager Administration Kit? 11: Configuring Mobile Computing and Remote Access The Connection Manager Administration Kit: Allows you to customize users’ remote connection experience by creating predefined connections on remote servers and networks Creates an executable file that can be run on a client computer to establish a network connection that you have designed Reduces help desk requests related to the configuration of RAS connections Assists in problem resolution because the configuration is known Reduces the likelihood of user errors when they configure their own connection objects Explain the benefit of storing Remote Access configurations as an executable file that you can send through , place on optical media, or access from a file share, as compared to manually configuring connection objects. Also, discuss the benefits of the troubleshooting process.

21 Configuring and Distributing a Connection Profile
11: Configuring Mobile Computing and Remote Access The CMAK Connection Profile Wizard assists in the process of creating custom connection profiles for users Use the CMAK Connection Profile Wizard to configure: The target operating system Support for VPN Support for dial-up, including the custom phone book Proxy Custom Help file Custom support information Ensure that the students understand how thorough the CMAK is for creating an enterprise’s custom connection solutions, and use the slide to introduce some high-level tasks of the creation process. You will demonstrate how to use the CMAK in the next topic.

22 Demonstration: Creating a Connection Profile
20687B Demonstration: Creating a Connection Profile 11: Configuring Mobile Computing and Remote Access This demonstration shows how to: Install the CMAK feature Create a connection profile Examine the profile Leave the virtual machines running for subsequent demonstrations. Preparation Steps You will require the 20687B-LON-DC1 and 20687B-LON-CL1 virtual machines for this demonstration. These should already be running. Demonstration Steps Install the CMAK feature If necessary, on LON-CL1, sign in as Adatum\administrator with the password Pa$$w0rd. Open Control Panel. Click Programs, and in Programs, click Turn Windows features on or off. In Windows Features, select the RAS Connection Manager Administration Kit (CMAK) check box, and then click OK. Click Close. Create a connection profile In Control Panel, click Control Panel Home. In the View by list, click Large icons. Click Administrative Tools, and then double-click Connection Manager Administration Kit. In the Connection Manager Administration Kit Wizard, click Next. On the Select the Target Operating System page, click Windows Vista or above, and then click Next. On the Create or Modify a Connection Manager profile page, click New profile, and then click Next. On the Specify the Service Name and the File Name page, in the Service name box, type Adatum HQ, in the File name box, type Adatum, and then click Next. (More notes on the next slide)

23 11: Configuring Mobile Computing and Remote Access
On the Specify a Realm Name page, click Do not add a realm name to the user name, and then click Next. On the Merge Information from Other Profiles page, click Next. On the Add Support for VPN Connections page, select the Phone book from this profile check box. In the VPN server name or IP address box, type , and then click Next. On the Create or Modify a VPN Entry page, click Next. On the Add a Custom Phone Book page, clear the Automatically download phone book updates check box, and then click Next. On the Configure Dial-up Networking Entries page, click Next. On the Specify Routing Table Updates page, click Next. On the Configure Proxy Settings for Internet Explorer page, click Next. On the Add Custom Actions page, click Next. On the Display a Custom Logon Bitmap page, click Next. On the Display a Custom Phone Book Bitmap page, click Next. On the Display Custom Icons page, click Next. On the Include a Custom Help File page, click Next. On the Display Custom Support Information page, click Next. On the Display a Custom License Agreement page, click Next. On the Install Additional Files with the Connection Manager profile page, click Next. On the Build the Connection Manager Profile and Its Installation Program page, click Next. On the Your Connection Manager Profile is Complete and Ready to Distribute page, click Finish. (More notes on the next slide)

24 11: Configuring Mobile Computing and Remote Access
Examine the created profile Open Windows Explorer. Navigate to C:\Program Files\CMAK\Profiles\Windows Vista and above\Adatum. You must distribute these files. Close all open windows, and sign out from LON-CL1.

25 Lab B: Implementing a Virtual Private Network Connection
11: Configuring Mobile Computing and Remote Access Exercise 1: Creating and Testing a VPN Connection Exercise 1: Creating and Testing a VPN Connection You decide to create a VPN to connect to LON-DC1. You then will establish a connection to LON-DC1, and attempt to open a shared data folder across the VPN link. Virtual Machines B-LON-DC1 20687B-LON-CL1 User Name Adatum\Administrator Password Pa$$w0rd Logon Information Estimated Time: 30 minutes

26 20687B Lab Scenario 11: Configuring Mobile Computing and Remote Access Adam’s sales trip starts next week. He is keen to be able to access corporate data files while he is on the road. You decide to create a VPN on his laptop computer to facilitate this requirement.

27 20687B Lab Review 11: Configuring Mobile Computing and Remote Access You created and test a VPN connection in the lab. When you are configuring the client-side of a VPN connection, what should factors do you need to consider? Question You created and test a VPN connection in the lab. When you are configuring the client-side of a VPN connection, what should factors do you need to consider? Answer You must consider the server-side settings. The client-side settings, in terms of authentication, encryption, tunneling type and so on, must match those of the server accepting inbound connections. Otherwise, the connection attempt will fail.

28 Lesson 3: Configuring Remote Desktop and Remote Assistance
20687B Lesson 3: Configuring Remote Desktop and Remote Assistance 11: Configuring Mobile Computing and Remote Access Demonstration: Configuring Remote Assistance This lesson focuses on Remote Access and Remote Desktop. Highlight how Remote Assistance allows a technician to access the user’s computer, whereas Remote Desktop allows the user to connect to remote computer resources.

29 What Are Remote Desktop and Remote Assistance?
20687B What Are Remote Desktop and Remote Assistance? 11: Configuring Mobile Computing and Remote Access Remote Desktop Remote Assistance A Windows 8 feature that enables users to connect to their desktop computer from another device Enables administrators to connect to multiple remote servers for administrative purposes A Windows 8 feature that enables support staff to connect to a remote desktop computer Optionally allows for remote control of that computer Enables the seeking or offering of assistance Describe the Remote Desktop and Remote Assistance features. Remote Desktop uses the Remote Desktop Protocol (RDP) to enable users to access files on their office computer from another computer, such as one at their home. Additionally, Remote Desktop enables administrators to connect to multiple Windows Server sessions for remote administration purposes. Remote Assistance enables a user to request help from a remote administrator. To access Remote Assistance, run the Windows Remote Assistance tool. Discussion prompt Ask students if they can see any benefits of using remote management tools. Explain the purpose of Remote Desktop and Remote Assistance features. Mention some real-life situations when you might want to use these two features. Briefly discuss that Windows Firewall may prevent the connection of troubleshooting tools remotely. Demonstration Consider combining the discussion of this content with the next two demonstrations to help reinforce student learning.

30 Configuring Remote Desktop
20687B Configuring Remote Desktop 11: Configuring Mobile Computing and Remote Access Configuring Remote Desktop includes setting it up on the remote computer and the host computer Host Computer Launch the Remote Desktop Connection Choose Options to see the Remote Desktop configuration settings On the General Tab, enter the remote computer’s name and your authentication credentials Save your Connection Settings Select preferences on the remaining tabs Remote Computer Open the System Window Select Remote Settings In the System Properties Window confirm Allow Remote Assistance selected Under Remote Desktop select or add the users who can connect to this computer Demonstration: Consider demonstrating this procedure.

31 Demonstration: Configuring Remote Assistance
20687B Demonstration: Configuring Remote Assistance 11: Configuring Mobile Computing and Remote Access In this demonstration, you will see how to: Request Remote Assistance Configure Windows Firewall to Enable Remote Administration Provide Remote Assistance Revert all virtual machines. Preparation Steps You will require the 20687B-LON-DC1, 20687B-LON-CL1, and 20687B-LON-CL2 virtual machines for this demonstration. You must start 20687B-LON-CL2 now. Demonstration Steps Create a Microsoft Word 2010 Document Sign in to LON-CL1 as Adatum\Adam using the password Pa$$w0rd. On the Start screen, right-click and then click All apps. Click Microsoft Word 2010. In the User Name dialog box, click OK. In Word, if prompted to Help Protect and Improve Microsoft Office, click Don’t make changes, and then click OK. In the Document window, type This is my document, On the ribbon, click the File tab, and then click Save. Click Save. Enable and then request Remote Assistance Pause the pointer in the lower right of the display, and then click Start. In the Apps list, right-click Computer, and then click Properties. In System, click Remote Settings. In the User Account Control dialog box, in the User name box, type administrator. In the Password box, type Pa$$w0rd, and then click Yes. (More notes on the next slide)

32 11: Configuring Mobile Computing and Remote Access
Verify that the Allow Remote Assistance connections to this computer check box is selected, and then click OK. Close System. Pause the pointer in the lower right of the display, and then click Start. Type msra, and then in the Apps list, click msra. In the Windows Remote Assistance wizard, click Invite someone you trust to help you. On the How do you want to invite someone to help you page, click Save this invitation as a file. On the Save as page, in the File name box, type \\LON-dc1\data\Adam’s-Invite, and then click Save. Note the password. Provide Remote Assistance Switch to the LON-CL2 virtual machine, and then sign in as Adatum\Holly with the password Pa$$w0rd. On the Start screen, click Desktop, click Windows Explorer, navigate to \\LON-DC1\data, and then double-click Adam’s-Invite.msrcincident. In the Remote Assistance dialog box, in the Enter password box, type the password that you noted in the previous task, and then click OK. Switch to the LON-CL1 virtual machine. In the Windows Remote Assistance dialog box, click Yes. Switch to the LON-CL2 virtual machine. On the menu, click Request control. (More notes on the next slide)

33 11: Configuring Mobile Computing and Remote Access
Switch to the LON-CL1 virtual machine. In the Windows Remote Assistance dialog box, click Yes. Switch to the LON-CL2 virtual machine. In Word, click the Review menu, and then select the text in the document window. In the menu, click New Comment, and then type This is how you place a comment in a document. Click the cursor elsewhere in the document window. In the Windows Remote Assistance – Helping Adam menu, click Chat. In the Chat window, type Does that help? and then press Enter. Observe the message. Type Yes, thanks, press Enter, and then in the Menu, click Stop sharing. Close all open windows. Discard the file changes, and then sign out from LON-CL1. Close all open windows, and then sign out from LON-CL2. (More notes on the next slide)

34 11: Configuring Mobile Computing and Remote Access
Question Under what circumstances would you use Remote Desktop Connection or Remote Assistance? Answer Use Remote Desktop to access one computer from another computer remotely. For example, you can use Remote Desktop to connect to your work computer from home. You potentially will have access to all of your programs, files, and network resources, as if you were sitting at your work computer. Use Remote Assistance to give or receive assistance remotely. For example, a friend or a technical-support person can remotely access your computer to help you with a computer problem, or show you how to do something. You can help someone else the same way. In either case, both you and the other person see the same computer screen, and you both can control the mouse pointer.

35 Lab C: Implementing Remote Desktop
11: Configuring Mobile Computing and Remote Access Exercise 1: Configuring a Remote Desktop Connection Your students will need an additional virtual machine for this lab. Remind them to start 20687B-LON-CL2. Exercise 1: Configuring a Remote Desktop Connection You decide to enable Remote Desktop on his desktop computer so that Adam can access it to work on his data files should the need arise. Before Adam leaves, you decide to test the remote-desktop connection to his desktop computer from his laptop. Virtual Machines B-LON-DC1 20687B-LON-CL1 20687B-LON-CL2 User Names Adatum\Administrator and Adatum\Adam Password Pa$$w0rd Logon Information Estimated Time: 15 minutes

36 20687B Lab Scenario 11: Configuring Mobile Computing and Remote Access Adam has a desktop computer in his office in London that he may wish to use while he travels around the UK between his customers.

37 20687B Lab Review 11: Configuring Mobile Computing and Remote Access If attempting to connect to a remote computer with Remote Desktop from an Internet-connected computer, what other possible configuration changes might you need to make? Question In the lab, you enabled the Remote Desktop feature through the firewall by editing the local firewall settings. Is there an alternative way in which you can make this change? Answer Yes, you can configure the settings through Group Policy on a domain controller. This enables you to apply the settings to a larger group of computers in a single administrative step. In the lab, you configured Remote Desktop. In what circumstances can you envision using Remote Desktop to troubleshoot a user’s computer? Answers will vary, but will include any situation in which access is required to a user’s computer to perform configuration changes, but physical access is not possible. If attempting to connect to a remote computer with Remote Desktop from an Internet-connected computer, what other possible configuration changes might you need to make? It is likely that in addition to a user’s computer firewall settings, you will need to configure–or request configuration of–the corporate firewall. You will need to enable TCP port 3389 to support remote desktop. It is possible to use different ports over which to connect using Remote Desktop, but this must be configured at the computer to which you want to connect.

38 Lesson 4: Overview of DirectAccess
20687B Lesson 4: Overview of DirectAccess 11: Configuring Mobile Computing and Remote Access Configuring DirectAccess This is a complex topic. The objective is to provide an overview only.

39 Discussion: Complexities of Managing VPNs
20687B Discussion: Complexities of Managing VPNs 11: Configuring Mobile Computing and Remote Access What are the challenges you face when you implement VPNs? Use the question to guide your students through a discussion on the challenges of implementing VPN solutions to enable remote access to their corporate networks. The problems associated with the use of VPNs can include: Management of client software VPN connections that disconnect The need for users to initiate a connection Possible requirement for additional firewall configuration Possible requirement for unidirectional configuration

40 What Is DirectAccess? Features of DirectAccess:
20687B What Is DirectAccess? 11: Configuring Mobile Computing and Remote Access Features of DirectAccess: Connects automatically to corporate network over the public network Uses various protocols, including HTTPS, to establish IPv6 connectivity Supports selected server access and IPsec authentication Supports end-to-end authentication and encryption Supports management of remote client computers Allows remote users to connect directly to intranet servers Provide a high-level overview of DirectAccess, and concentrate on its benefits and the reasons why a company would implement it. Do not talk about requirements. Mention that DirectAccess ensures seamless connectivity on application infrastructure for internal users and remote users. Both Windows Server 2012 and Windows 8 support DirectAccess. DirectAccess enables uninterrupted remote access to intranet resources. Explain that VPNs are traditionally used for remote connections. Discuss the limitations of VPN. Point out how DirectAccess overcomes those limitations and why DirectAccess is a better solution. DirectAccess enables seamless remote access to intranet resources without first establishing a VPN connection

41 Components of DirectAccess
20687B Components of DirectAccess 11: Configuring Mobile Computing and Remote Access Internet websites DirectAccess server AD DS domain controller DNS server Internal network resources Network location server PKI deployment IPv6/IPsec External clients NRPT/ Consec Internal clients A PKI is needed to issue computer certificates to the DirectAccess server, DirectAccess clients, and intranet servers. The DirectAccess server is connected to both the intranet and the Internet, and acts as the gateway for DirectAccess clients on the Internet. The network location server is a web server that is only reachable when the DirectAccess client is directly attached to the intranet. External DirectAccess clients have active Name Resolution Policy Table (NRPT) rules and Connection Security tunnel rules. When accessing intranet resources, the connection security rules use IPv6 and either IPsec tunneling or end-to-end IPsec traffic protection. DirectAccess clients that are connected to the intranet can access intranet resources like any other intranet computer.

42 What Is the Name Resolution Policy Table?
11: Configuring Mobile Computing and Remote Access NRPT is a table that defines DNS servers for different namespaces and corresponding security settings. It is used before the adapter’s DNS settings. Using NRPT: DNS servers can be defined for each DNS namespace rather than for each interface DNS queries for specific namespaces can be optionally secured by using IPsec Students should be familiar with the DNS name resolution process, which you can test by simply asking how the name resolution process works. When you get the answer, extend the explanation of DNS name resolution with the introduction of NRPT and how it is used during name resolution. Mention that the Name Resolution Policy Table is a feature in Windows Server 2008 R2, Windows Server 2012, Windows 7, and Windows 8 and it is controlled through Group Policy. Provide an example of how NRPT can be beneficial if you are using DirectAccess or a VPN connection to a corporate intranet.

43 How DirectAccess Works for Internal Clients
20687B How DirectAccess Works for Internal Clients 11: Configuring Mobile Computing and Remote Access AD DS domain controller DNS server Internet websites Consec Internal clients DirectAccess server NRPT Using the animated slide, explain how DirectAccess clients connect to intranet resources. On the first click. Explain how the DirectAccess client tries to resolve the FQDN of the network location server (NLS) URL. On the second click. Explain how the DirectAccess client establishes connection with NLS. On the third click. Explain the process of checking CRL revocation status of NLS certificate. On the forth click. Explain how based on successful connection of the NLS, the DirectAccess clients ignores DirectAccess rules in the NRPT. On the fifth click. Explain how the DirectAccess client attempts to locate and sign in to AD DS domain using a computer account. On the sixth click. Explain how the DirectAccess client assigns domain firewall profile which ignores Connection Security Tunnel Rules and start accessing intranet resources normally. Network location server CRL dist point

44 How DirectAccess Works for External Clients
20687B How DirectAccess Works for External Clients 11: Configuring Mobile Computing and Remote Access DirectAccess server AD DS domain controller DNS server Consec NRPT External clients Internal network resources Internet websites Infrastructure Intranet DirectAccess server AD DS domain controller DNS server Consec NRPT External clients Internal network resources Infrastructure Intranet DirectAccess server AD DS domain controller DNS server Consec NRPT External clients Internal network resources Infrastructure DirectAccess server AD DS domain controller DNS server Consec NRPT External clients Internal network resources Use the build slide to explain the following processes: On the first click. Explain how the DirectAccess client attempts to access the NLS. On the second click. Explain how the DirectAccess client attempts to locate a domain controller. On the third click. Explain how the DirectAccess client attempts to access intranet resources. On the fourth click. Explain how the DirectAccess client attempts to access Internet resources.

45 Configuring DirectAccess
20687B Configuring DirectAccess 11: Configuring Mobile Computing and Remote Access Configure the AD DS domain controller and DNS Optionally, configure the PKI environment Configure the DirectAccess server Configure the DirectAccess clients and verify DirectAccess functionality Give an overview of DirectAccess configuration on the server and on the client. Remind students that they must install the Remote Access role on the DirectAccess server. For a simple deployment, this server can have just a single network interface with a single IP address connected to the private network and then can be published over Forefront UAG or Forefront TMG for external computers. For an advanced deployment that includes support for two-factor authentication using smart cards and OTP devices, you still need to configure the DirectAccess server to establish two IPsec tunnels. This means that the DirectAccess server needs at least two network adapters, with two consecutive IP addresses on the Internet interface. IPv6 must be enabled on the DirectAccess server and client computer, and the firewall must allow ICMP Echo traffic. For ease of deployment, mention that students can use self-sign certificate on a DirectAccess Server. You can also configure the DirectAccess server in such a way that the CRL list is not mandatory for establishing DirectAccess connectivity. Explain to students that they also need to create a security group and add all client computer accounts as members. Also, the PKI infrastructure and CRL distribution point must be accessible. Question Why is it important that the DirectAccess client should have access to a CRL distribution point? Answer The Certificate Authority server publishes data about revoked certificates at the CRL distribution point. Each certificate has a validity period, but if it is not yet expired, the client must check the CRL to confirm that the certificate is not revoked.

46 Module Review and Takeaways
20687B Module Review and Takeaways 11: Configuring Mobile Computing and Remote Access Review Questions Review Questions Question Amy wants to connect to the network wirelessly but is unable to, so she checks the Windows Mobility Center to turn on her wireless network adapter. She does not see it in the Windows Mobility Center. Why is that? Answer If a setting does not appear in the Windows Mobility Center, it might be because the requested hardware, such as a wireless network adapter, is missing, or that drivers are missing. You have some important files on your desktop work computer that you need to retrieve when you are at a client’s location with your laptop computer. What do you need to do on your desktop computer to ensure that you can download your files when at a customer site? You need to configure remote access on your desktop computer. Select one of the access options in the Remote Settings tab of System from System and Security in Control Panel. Your company recently purchased a Windows Server 2008 server computer. What do you need to do before you can configure this computer with DirectAccess? You will need to upgrade to Windows Server 2008 R2 or Windows Server 2012, and potentially upgrade to an IPv6 infrastructure, in addition to possibly installing a second network adapter in the server.

Download ppt "Configuring Mobile Computing and Remote Access"

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Configuring and Troubleshooting Network Connections

Configuring and Troubleshooting Network Connections
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
Implementing Domain Name System

Implementing Domain Name System
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.

Microsoft ® Official Course Module 7 Configuring File Access and Printers on Windows ® 8 Clients.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Module 8 Configuring Mobile Computers and Remote Access in Windows 7.

Module 8 Configuring Mobile Computers and Remote Access in Windows 7.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Similar presentations

Ads by Google