Network protocols and technologies

Remote Access Quarantine Service is an essential component of Network Access Quarantine Control for Windows Server 2003 with SP1. Network administrators can enforce network access requirements on remote computers with Network Access Quarantine Control. Lack of access makes it difficult to enforce network requirements (such as the use of antivirus software) on remote computers. By deploying the components of Network Access Quarantine Control, including installing the optional Remote Access Quarantine Service (RQS.exe) component on Windows Server 2003 with SP1, and by including the RQC.exe component with the advanced customization features of Connection Manager, network administrators can create connections that check for required programs, registry settings, files, or combinations thereof. They can also quarantine a remote-access session until these checks have been performed. Installing the Remote Access Quarantine Service does not automatically start the Remote Access Quarantine Agent service, another aspect of Network Access Quarantine Control. As the network administrator, you must decide the best time to start the service in relation to the configuration of the Routing and Remote Access service. The Remote Access Quarantine Agent service depends on the Routing and Remote Access service. However, when the Routing and Remote Access service is restarted, the Remote Access Quarantine Agent service is not automatically restarted. You must manually restart the Remote Access Quarantine Agent service.For more information, see the following:Network Access Quarantine Control in Windows Server 2003 at the Microsoft Web site.VPN Quarantine Sample Scripts for Verifying Client Health Configurations at the Microsoft Web site.

The ValueAdd folder has been removed from Windows Server 2003 with SP1. To install support tools that were previously found in that folder, such as Phone Book Administrator, go to the Support folder on your Setup CD.

With Winsock Direct, applications that use Winsock can perform faster and with less CPU overhead when they communicate across a system area network (SAN). Winsock Direct has the effect of streamlining communications between distributed components if there is a SAN in place.

Dynamic Host Configuration Protocol (DHCP) works with DNS and Active Directory on Internet Protocol (IP) networks, helping to free you from assigning and tracking static IP addresses. DHCP dynamically assigns IP addresses to computers or other resources connected to an IP network.

With the Internet Connection Sharing feature of Network Connections, you can connect your home network or small office network to the Internet. For example, you might have a home network that connects to the Internet with a digital subscriber line (DSL) connection. By enabling Internet Connection Sharing on the computer that uses DSL, you can provide network address translation, addressing, and name resolution services for all computers on your home network. For more information, see Internet Connection Sharing and network address translation. Internet Connection Sharing and Network Bridge are not included in Windows Server 2003, Web Edition; Windows Server 2003, Datacenter Edition; and the Itanium-based versions of the original release of the Windows Server 2003 operating systems.

Network Address Translation (NAT) hides internally managed IP addresses from external networks by translating private internal addresses to public external addresses. This reduces IP address registration costs by letting you use private IP addresses internally, with translation to a small number of registered IP addresses externally. It also hides the internal network structure, reducing the risk of attacks against internal systems.

You can give users ready access to your organization's network even when they are out of the office, and reduce the cost of such access, by implementing a virtual private network (VPN). The VPN connection creates a secure tunnel across the Internet into the private network.There are two types of VPN technology in the Windows Server 2003 family: Point-to-Point Tunneling Protocol (PPTP), which employs user-level Point-to-Point Protocol (PPP) authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption. Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (IPSec). L2TP employs user-level PPP authentication methods and computer-level certificates with IPSec for data encryption. On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000.

Routing and Remote Access replaces the Routing and Remote Access Service (RRAS) and Remote Access Service (RAS) features in Windows NT 4.0. Routing and Remote Access is a single, integrated service that terminates connections from either dial-up or VPN clients or that provides routing (IP, IPX, and AppleTalk), or both. With Routing and Remote Access, your server can function as a remote access server, a VPN server, a gateway, or a branch-office router. For more information, see Routing and Remote Access.

Asynchronous transfer mode (ATM) is a high-speed, connection-oriented protocol designed to transport multiple types of traffic across a network. It is applicable to both local area networks (LANs) and wide area networks (WANs). Using ATM, your network can simultaneously transport a wide variety of network traffic: voice, data, image, and video.

Simple Object Access Protocol (SOAP) is an XML-based protocol for exchanging information in a decentralized, distributed environment. It consists primarily of two core parts: an envelope for handling extensibility and modularity and an encoding mechanism for representing data types within the envelope. It does not require synchronous execution or request/response interaction. SOAP provides a simple protocol with an extensibility mechanism for adding functionality, such as message routing, security, and guaranteed delivery. By relying on the availability of ubiquitous protocols, including not only XML and Hypertext Transfer Protocol (HTTP) but Simple Mail Transfer Protocol (SMTP) and File Transfer Protocol (FTP), SOAP is available to the broadest assortment of platforms and clients.

Fibre Channel is a technology for 1-gigabit-per-second data transfer that maps common transport protocols such as small computer system interface (SCSI) and Internet Protocol (IP), merging networking and high-speed I/O into a single connectivity technology. Fibre Channel technology gives you a way to address the distance and the address-space limitations of conventional channel technologies. For more information, see Fibre Channel hardware configuration.

Automatic configuration for multiple networks provides easy access to network devices and the Internet. It also provides the mobile computer user with seamless operations on both office and home networks without having to reconfigure TCP/IP settings manually. With automatic configuration for multiple networks, TCP/IP can use an alternative configuration if a DHCP server is not found.

Connection Manager offers several new features:Automatic proxy configuration for Connection Manager clients. Configure user proxy settings to ensure that the user has appropriate access to internal and external resources while connected to your service.Connection Manager Favorites. Eliminates repetitive configuration of Connection Manager properties when users switch among common dialing locations.Client log files. Troubleshoot problems with Connection Manager connections.Connection Manager Administration Kit. Customize Connection Manager for your needs using the Connection Manager Administration Kit (CMAK) Wizard.

The Web Distributed Authoring and Versioning (WebDAV) redirector supports the WebDAV protocol for remote document sharing over HTTP. The WebDAV redirector supports the use of existing applications, and it supports file sharing across the Internet (through firewalls, routers, and so forth) to HTTP servers.

This feature supports the ability of Internet Authentication Service (IAS) to forward Remote Authentication Dial-In User Service (RADIUS) authentication and accounting requests to another RADIUS server. This includes flexible, rule-based forwarding, load balancing, and failover between multiple IAS/RADIUS server and load balancing RADIUS-EAP requests; the ability to force the client into a compulsory tunnel with or without user authentication; and selective forwarding of authentication and accounting requests to different RADIUS servers.This feature is not included on computers running the Microsoft® Windows Server™ 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition. In Windows Server 2003, Standard Edition, you can configure IAS with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. For more information about these limits, see Internet Authentication Service.

Wireless networking functionality in the Windows Server 2003 family supports the IEEE 802.11 standard, and it minimizes the configuration that is required to access wireless networks. The automatic wireless network configuration feature makes it possible for users to roam across different wireless networks in different locations, without the need to reconfigure their network connection settings for each new location. Security options for 802.11 include authentication services and encryption services that are based on the Wired Equivalent Privacy (WEP) algorithm. For enhanced security, 802.1X authentication is enabled by default in the Windows Server 2003 family of products. IEEE 802.1X authentication provides authenticated access to 802.11 wireless networks and to wired Ethernet networks. IEEE 802.1X authentication provides support for Extensible Authentication Protocol (EAP) security types, so that users can use authentication methods such as certificates.

The Windows Server 2003 family supports IP version 6 (IPv6), which is a suite of standard protocols that is the next generation of network layer protocols for the Internet. For more information, see IP Version 6.