What's New in Routing and Remote Access

Longtime readers of Windows 2000 Magazine might remember my January 1997 article "What's New in Windows NT 4.0 RAS," in which I described the new remote access features of Microsoft's just-released NT 4.0. Now that many of us are working with Win2K, the time has come to update that article for the new OS by taking you on a tour of the features and benefits in Win2K's version of RRAS, which is now called Routing and Remote Access. As you'll see, Win2K doesn't simply provide updated versions of existing technologies: The OS introduces a completely new set of technologies that benefit the manageability, security, and usefulness of Win2K's Routing and Remote Access services.

RRAS: Now and Then
Routing and Remote Access is an update of both NT 4.0's basic RAS and the RRAS update, which Microsoft released as a superset of NT 4.0's RAS. Just as NT 4.0's RRAS update provides RAS with a wealth of new features and capabilities, Win2K's Routing and Remote Access adds new functionality to its NT 4.0 RRAS predecessor. However, Routing and Remote Access enhancements amount to more than just new features—Microsoft has also addressed several crucial RAS and RRAS shortcomings.

One such shortcoming is manageability. If you manage NT 4.0 RAS servers, you know that NT 4.0 RRAS's management UI isn't terribly intuitive. For example, although the capability to set up RRAS-based LAN-to-LAN VPN connections is an important and much-touted feature of the RRAS update, inelegant management tools and poor documentation make the setup procedure difficult.

Another major problem is stability, which isn't only an RRAS problem but an NT 4.0 problem. This basic OS stability problem brings the viability of NT RRAS-based VPN or routing solutions into question—especially when you compare those solutions with most hardware-based routing solutions. Feedback from administrators about these and other RRAS short-comings helped drive the development of Win2K's Routing and Remote Access.

Configuration and Management
Microsoft's efforts to streamline and improve RRAS are evident from the first moment you begin working with Routing and Remote Access. Unlike NT, Win2K doesn't install Routing and Remote Access as a separate network service; you don't need to install or manage Routing and Remote Access through the Control Panel Network applet. Instead, Microsoft integrated the service into the base installation of Win2K Server, Win2K Advanced Server, and Win2K Datacenter Server. Therefore, the files that Routing and Remote Access requires for proper operation are already present on any Win2K server. Also, Routing and Remote Access doesn't require a cumbersome three-part installation process (i.e., installing RAS from a CD-ROM, installing the RRAS update, and reinstalling the current service pack), as NT's RAS and RRAS installation does.

Although the Routing and Remote Access service isn't active by default, configuring and enabling it is simple. To configure Routing and Remote Access on a server, launch the Routing and Remote Access management console, which Figure 1 shows. Because this management utility provides full support for administration of remote servers and multiple servers, you can decide whether you want to run the management console from the Routing and Remote Access server, a different server, or even a Win2K Professional system (e.g., your administrative workstation). On any Win2K server, you can find the shortcut to the Routing and Remote Access management console by going to the Start menu and selecting Programs, Administrative Tools. To install the management console on a Win2K Pro system, install the adminpak.msi file, which resides in the \i386 folder of any Win2K server product's installation CD-ROM. (Simply double-click the .msi file to launch the installation.)

The Setup Wizard
Now that you have the Routing and Remote Access management console running, you can configure your server. Highlight the server name in the left pane, and click Configure and Enable Routing and Remote Access from the console's Action menu or from the context menu that appears when you right-click the server's name. Doing so launches the Routing and Remote Access Server Setup Wizard.

In the wizard's second dialog box, which Figure 2 shows, the setup process lets you choose from five standard configuration selections: Internet connection server, Remote access server, Virtual private network (VPN) server, Network router, or Manually configured server. This useful dialog box simplifies the basic configuration of Routing and Remote Access servers, particularly if you plan to use the server primarily for one of the listed functions. However, you might want to usethe server to perform multiple duties (e.g., act as a network router and accept incoming VPN calls from clients). In this case, you can either select one of the configuration choices and manually configure the other element after the wizard finishes or choose the Manually configured server option.

Each of the wizard's standard configuration choices—aside from the Manually configured server option—prompts you for information necessary for initializing the configuration type. For example, the Internet connection server option asks whether you want to use Internet Connection Sharing (ICS) or Network Address Translation (NAT), then asks for additional information necessary to configure the connection-sharing type you choose. The Remote access server option prompts you for the protocols that you want to support for incoming client connections, then asks protocol-specific questions such as whether you want to use DHCP for RAS-client IP addressing or a Remote Authentication Dial-In User Service (RADIUS) server for authentication.

In most cases, after the wizard completes its work, you'll need to perform additional hand-tuning of your RAS server configuration. In general, however, the wizard simplifies the bulk of the Routing and Remote Access server's configuration and ensures that each of the crucial configuration options for a particular wizard choice are set—options that a new administrator might easily forget about.