^The logical leap from being more efficient by linking corporate subnets to being more efficient by linking enterprise networks was a short one. In the past, the concept has always been there. The security technology had just never kept pace. Today, companies are discovering that they can work more efficiently with partners by connecting their networks to conduct transactions in real time. This lets teams across two or more companies work together more effectively. Windows 2000 Server has gone a long way to improving the platform for creating these types of connections.
For example, a company may want to publish a subset of business applications for partners to access through secured dynamic Web pages. Say your company is the number one producer of widgets. Your widgets are so popular that your customers are installing thousands of them every day. They could install tens of thousands of them a day, but there is a communication problem. The problem manifests itself like this: The people in your customer's purchasing department are overworked. Besides ordering for every other department in the corporation, they have to check the on-hand inventory of widgets that go into their Super D' Duper Vertical Ferblitzer. So, in addition to everything else they have to do, they have to get the inventory and see how many widgets they need. Then, they have to call your sales office and try to reach the number-one widget salesperson on the planet. This is no easy task. Once the two people get together, the order is placed and written up, and the salesperson starts it on its way to manufacturing. This is a great system. It has worked well for the past 50 years. Unfortunately, the system is holding both companies back. By making a subset of the ordering applications available to your partner, their purchasing guru can order the widgets online and avoid the hassle. If both companies were really efficient and had some Visual Basic or SQL programmers, they could probably develop an automatic interface that would determine how many widgets the manufacturer needed, and enter the order automatically. The whole thing could take place without the input of the purchasing guru or the number-one widget salesperson on the planet. They could be busy doing lunch, and the widget supply would not slow down. This is an example of the inventory database needing to be connected with the supplier's systems for just-in-time delivery, by linking the databases through Microsoft SQL Server-based queries.
Another example is the efficient use of contractors. Now, in today's business world, contractors are wonderful things. They are disposable employees. In addition, contractors can come in and handle specialized projects that your permanent staff is not geared up for. They may have the niche expertise that many companies need once in a while and no company needs full time. There are also times when you don't need just one contractor—you need a team of contractors from different companies to collaborate to solve your business problem. By linking the contracting companies into your company network, these virtual teams can share files, printers, plotters, and videoconferencing tools to solve many of your problems without even being on site. If they don't have to come on site, you are not paying travel, per diem, rental cars, hotels, and entertainment. Those are things that go right to the bottom line.
To meet these business goals, you must have an operating system that is capable of hosting secured Web pages, or a system that can link networks with the security to control where traffic goes and what can go inside them. Those types of solutions mean using some of the security protocols and techniques mentioned in Chapter 9: things like a Public Key Infrastructure for cross-platform security and Secure Socket Layer (SSL) for secured Web pages.
You also have to have a way to manage and control firewalls. With the use of security policies in the Active Directory service, Windows 2000 is a flexible enough platform to develop the firewall solutions and central management of firewall policies. As was mentioned in earlier chapters, these solutions inspect the traffic coming in to keep viruses out. In addition, firewalls monitor the information that is being accessed. Windows 2000 can handle the routing services needed to link through clear and secure connections with static routes and packet filters to control where traffic goes. Once the connection has been made, Active Directory will let you manage access controls to the services used by applying centrally managed authentication and access control policies. When you get these policies configured, your network will be open for e-business without compromising the security or control of your information.
When you cut through all the smoke and mirrors, there are just two major methods of connecting remote offices to the company network. One way is to use a dedicated connection. This usually includes things like a dial-up connection or, if higher bandwidth is needed, you are looking at leased private lines. Depending on distance, desired performance, cost, and other factors, these work well. In other cases, it might be more cost effective to link these networks through the Internet. As we mentioned in Chapter 9, you can use the Internet Authentication Service (IAS) and RRAS, to connect branch offices and private networks using either method.
To move traffic between networks, the Windows 2000 system lets you define manually configured static routes, or you can use the standards-based routing protocols that are included. Windows 2000 Server supports RIP for basic IP and IPX routing, and it includes support for Open Shortest Path First (OSPF), for enterprise routing. The system adds support for Internet Group Management Protocol (IGMP) version 2 so that multiple PCs can share a single multicast video broadcast stream to reduce traffic on the network link.
A routing protocol is only as good as its infrastructure. In this case, there is native support for a variety of network media, including asynchronous transfer mode (ATM), Tl, frame relay, X.25, dial-up, ISDN, DSL, cable modem, and satellite. This lets you choose the right connection for your business. If your company is headquartered in some out-of-the-way places (like ours), you also have the flexibility to change your infrastructure of choice when new technologies become available. You can also choose the level of communications protection to suit your security needs. Where companies are confident of the link privacy, communications between networks can be done in the clear. When security is important and legacy protocols (such as IPX/SPX) or multicast protocols (including important routing protocols) are required, Windows 2000 Server connects networks and encrypts traffic using Layer 2 Tunneling Protocol (L2TP) with IPSec. If static routes with IP-only and unicast-only traffic are what you need, you can choose IPSec Tunnel Mode alone.
We have said it before and we will say it again. One of the biggest challenges for an IT staff is the traveling or remote user. These people may be telecommuting, traveling, or working permanently from a satellite location. They still need to stay connected to the company network. All the IT staff has to do is find the best solution to let employees work anytime and anywhere, just as if they were directly connected to the company network. Now, in many cases, there have been solutions available in the past to do this. Unfortunately, many of them were written for computer people and not for real people. When you let these nomad employees work in a consistent way, regardless of their location, it can aid productivity, improve internal communications, and increase an organization's responsiveness to customers.
If you are tasked with making this happen, you can configure Windows 2000 so mobile users can connect directly to the company network through their own dial-up connection or ISDN line. Or, they can connect securely through most Internet connections using Virtual Private Networking (VPN). If you institute VPNs, information transmitted will use IPSec, and be encrypted. Anyone on the Internet who is trying to sniff your communication will be thwarted.
So, what kinds of protocols are available to make this happen?
Design Study: Get a Clue!
In this design study, we are going to take a somewhat different approach. We are going to examine a company that could make good use of the Internet and Virtual Private Networks, but doesn't.
Now, I am sure that most of you feel there must be only about three businesses in the world that have been in operation for over a year that don't have some kind of dot-something presence. In actuality, there are hundreds of thousands of companies that don't use the Internet to its full potential. Let's take a look at a small company in Minnesota that should be using the Internet, but doesn't.
The worst part of this study is that the owner of this business knows he should be making more use of the Internet. The company is a small, privately held consulting company. The principal travels all over the country plying his trade and has his trips usually scheduled six weeks in advance, but cancellations do occur. He is Web-savvy, though he is not the type to design and implement a Web page. His artistically creative skills are nonexistent. His creativity tends to be more written/verbal than artistic. He does have access to a multitude of resources that could design and maintain the Web page for him, so he cannot even use that as an excuse. Another sort of valid excuse would be that he could not find the registered DNS name he wanted, but that wouldn't fly either, since he has several DNS names registered, and makes use of one of them for e-mail on a regular basis. He even has his very own e-mail server that is accessible from the network. The corporate network is heterogeneous, consisting of Linux, NetWare, NT 4, and Windows 2000, so hardware and OS support can't be used as an excuse either.
In doing an analysis of this company, we come to the conclusion that the customer could be using the Internet to make it easier for his clients to check his schedule and schedule his time. The Web site could also be used to disseminate information on new offerings the company has, as well as to sell some of the adjunct materials the company has produced.
From an information side, the company founder is always whining that he can only get e-mail from his network when he is out of town. He would love to be able to log on to his network and make use of resources in his office from far-flung locations, but he has simply never gotten around to installing a VPN for his office. It is on his list of things to do...and has been for months. What do you think the client should do?
See, Govanus! Get off the dime and get the Web page created and the VPN installed. Enough of this do-as-I-say, not-as-I-do stuff!
Was this article helpful?