What's New in Windows NT 4.0 RAS

Some of the most exciting changes in Windows NT 4.0 are the enhancements to NT's remote networking services. In NT 3.51, Microsoft referred collectively to the client and server versions of its remote networking services as Remote Access Service (RAS). However, in NT 4.0, Microsoft renamed the client version Dial-Up Networking (DUN) for consistency with its Windows 95 counterpart. However, the server version retains the name RAS, and Remote Access Service still appears on the Services tab of Control Panel's Network applet.

Instead of being just a pretty new face on the same old product, NT 4.0's remote networking services deliver significantly increased functionality that addresses many RAS users' woes. For example, now you can combine multiple RAS devices to increase total available bandwidth, create virtual private networks (VPNs) using the Internet as a WAN backbone, and customize a new AutoDial feature to control how and when to automatically dial a remote connection.

RAS Overview
As a quick overview, RAS is Microsoft's name for its remote-node networking technology. In RAS, a client PC connects to a remote machine or network over an analog, Integrated Services Digital Networking (ISDN), X.25, or null modem connection. Ordinarily, this connection is between an NT, Win95, or Windows for Workgroups (WFW) workstation that runs a client version of RAS (a.k.a. Dial-Up Networking) and an NT Workstation or NT Server PC that runs a server version of RAS. However, Microsoft supports Point-to-Point Protocol (PPP), the industry-standard remote-access protocol, so you can use non-Microsoft PPP-capable products on either side of the connection. Once connected, remote users can access the same network resources that they can access when they connect directly to the LAN.

Both NT 4.0 Workstation and Server include a server version of RAS; the primary difference is that NT Server's RAS supports up to 256 simultaneous inbound connections, and NT Workstation supports only 1. Microsoft provides RAS clients for NT, Win95, WFW, and MS-DOS. RAS connections can use one or more of the big three network protocols: NetBEUI, IPX, and TCP/IP.

Dial-Up Networking
The first and most obvious change you'll notice when you run NT 4.0's new RAS client, DUN, is its appearance. Microsoft modified NT 3.51's RAS client to better use NT 4.0's Explorer interface. To find the icon for DUN, click the Start button, choose Programs, and look in Accessories. As with Win95, you can also find the DUN icon by double-clicking the My Computer icon on the desktop. Double-click the DUN icon to start the program.

The first time you run DUN, the New Phonebook Entry Wizard starts automatically to assist you with creating a new phonebook entry. The Wizard asks some basic configuration questions, but you'll probably also need to edit the entry's properties to provide additional information (such as logon options and protocol settings) about the server you're calling. (To bypass the Wizard and set up the phonebook entry manually, select the check box displayed in the Wizard's first step.)

Accessing the main Dial-Up Networking dialog
Once you've created a phonebook entry with the New Phonebook Entry Wizard, you will then see the dialog shown in Screen 1. A drop-down list box shows all your Phonebook entries, and the More button provides a list of options applicable to the currently selected entry. You can add new phonebook entries from here using the New button, which either starts the New Phonebook Entry Wizard or displays the New Phonebook Entry dialog if you've disabled the Wizard.

Multilink RAS: A Boon to Bandwidth
Microsoft integrated several new technologies into NT 4.0's RAS that greatly enhance and extend its functionality. One new technology is the multilink dialing feature, which lets an NT 4.0 RAS client make multiple physical connections (via multiple RAS devices) and combine them into one logical connection. This feature is a boon to all RAS users because it provides a way to get virtually unlimited bandwidth on a RAS connection. For example, you can use two 28.8Kbps modems in a multilink RAS connection to create an effective bandwidth of 57.6Kbps. Multilink dialing also benefits ISDN users, who can now take advantage of both ISDN B channels to create 128Kbps ISDN connections. You can even combine ISDN and analog modem connections in a multilink RAS connection.

But wait--before you throw extra modems into your system to get faster RAS connections, you need to know an important fact: Both the RAS client and the RAS server must support multilink RAS or multilink PPP (MPPP). For example, if you use RAS to connect to your Internet Service Provider (ISP) but it doesn't support multilink connections, multilink RAS won't work. If you're an ISDN RAS user, you probably can take advantage of the multilink dialing feature because MPPP was originally developed with the ISDN community in mind and most ISP and corporate routers are MPPP capable. Analog modem users face tougher odds, however, because most ISPs don't currently use NT Server 4.0 or have MPPP support for modem-based connections.

Once you find a compatible server to connect with, implementing multilink RAS in NT 4.0 is a simple matter. To use multiple RAS devices to dial a phonebook entry, edit the phonebook entry and go to the Basic tab. In the Dial Using section, choose Multiple Lines. Now when you click the Configure button, you can choose which of your installed RAS devices to use with this connection (as shown in Screen 2).

Select the devices you want and the phone numbers the devices will dial. After you make a multilink RAS connection, NT automatically bundles the lines into one logical connection, and you're off and running.

PPTP Virtual Networks
NT 4.0's RAS includes a beneficial new network protocol, the Point-to-Point Tunneling Protocol (PPTP). Despite all the talk about this new protocol, many users are still unclear about what PPTP is and what it does. In a nutshell, PPTP is a WAN protocol that lets a RAS client and server establish a secure connection over a TCP/IP connection such as the Internet.

Here's how PPTP works: First, a remote user establishes a connection to an IP-based internetwork (e.g., the Internet). Next, the user makes a second connection to an NT 4.0 RAS server running PPTP. The result is what Microsoft calls a VPN that uses PPTP over TCP/IP.

Still confused? Think about PPTP this way: With a regular PPP-based RAS connection (the kind you're probably used to), RAS clients communicate with the RAS server by transmitting LAN protocols such as NetBEUI, IPX, and TCP/IP inside PPP packets over analog, ISDN, or X.25 switched connections. However, rather than using a switched connection, PPTP uses your existing IP network connection (e.g., your connection to the Internet) as its WAN protocol to communicate with a PPTP-enabled RAS server. The "tunneling" part of PPTP's name comes from the fact that any of the LAN protocols can be encapsulated (or tunneled) inside PPTP packets. For example, with PPTP you can create a NetBEUI or an IPX-based connection to a corporate network over the Internet. If you explicitly enable encryption, PPTP encapsulates and encrypts the data in PPP packets and sends them as IP-based packets to the RAS server (as shown in Figure 1). Because the packets are encapsulated and encrypted, they are safe from prying eyes--an obvious concern for organizations that send data over the Internet.

The ramifications of this new technology are astounding. Now for the first time, organizations can leverage the Internet as a WAN backbone for secure remote network connections. This capability can provide substantial savings for businesses, compared to the cost of creating a private WAN over specialized equipment and dedicated lines. PPTP puts WAN connectivity within the reach of many smaller organizations that simply can't afford a private WAN.

Another interesting twist PPTP creates is the ability to physically separate the RAS server from remote access hardware. Organizations can outsource their dial-up network to a communications server or an ISP and maintain on their premises only a RAS server running PPTP. In this scenario, depicted in Figure 2, the service provider supplies dial-up connections to a PPTP-enabled NT RAS server, which in turn connects to the client organization's RAS PPTP server over an Internet-based PPTP tunnel. The client organization benefits because it no longer needs to maintain any remote access equipment. Using a service provider also enables non-PPTP-capable systems (e.g., systems not running NT 4.0) to make secure connections over standard PPP--the service provider's server maintains the secure PPTP connection to the RAS server on the client's behalf. In some cases, this approach also lets remote clients use local phone numbers rather than long distance or expensive 800 numbers to access the RAS server (depending on the access numbers the ISP provides). This facet of PPTP opens up a new outsourcing service opportunity for ISPs.

So what's the bad news? Well none, except that Microsoft currently supports PPTP on only NT 4.0: An NT 4.0 machine must be on each end of the connection. I expect Microsoft will eventually release a PPTP stack for its other operating systems, although I've found no information about expanded support.

PPTP Connection Tips
As significant as PPTP technology is, you'd think Microsoft would have described it more clearly in NT 4.0's documentation. Unfortunately, the documentation on PPTP falls woefully short. The general descriptions of the technology are good, but the step-by-step details on setting up and connecting PPTP sessions are conspicuously absent. With that shortcoming in mind, here are a few tips for configuring and connecting RAS PPTP sessions. (For additional information about PPTP, see Mark Minasi, "Deciphering PPTP," December 1996).

The first step is to install the PPTP protocol via Control Panel's Network applet. In the Protocols tab, choose Add, and then select Point-to-Point Tunneling Protocol. Enter the maximum number of VPNs you want to let PPTP support (each RAS connection over PPTP constitutes one VPN). Because PPTP is implemented as a virtual RAS device, you also need to reconfigure RAS on your machine (in the Network applet's Services tab) and add your new PPTP RAS adapter. When you click Add for a new RAS device, you see a new choice in the RAS Capable Devices list that says RASPPTPM (or something similar); select and install this device.

Then you need to configure a dial entry to use it. First, select the protocols (IP, IPX, and NetBEUI) you want to tunnel over the PPTP connection (all selected protocols must be installed on the RAS PPTP server). Next, you must tell the dial entry how to connect to the PPTP RAS server. Enter the IP address of the PPTP RAS server in the phone number box (in the Basic tab) to enable the PPTP dial entry to find and connect to the server. (The documentation fails to tell you to do this step.)

Now you're ready to make the PPTP connection. First, use a DUN entry to dial the IP-based connection that both your PC and the PPTP RAS server are connected to. When you've made this connection, use your PPTP phonebook entry to dial. You must enter a username, password, and domain name to make the connection. Once these items are authenticated, you're on the network. Furthermore, you're communicating via the network protocols you selected in the PPTP entry's configuration, such as IPX or NetBEUI (not necessarily TCP/IP, unless that's one of the protocols you selected to tunnel; you can tunnel IP within IP using PPTP).

Another important new feature of NT 4.0's DUN is AutoDial, a dial-on-demand feature that lets NT automatically offer to dial a remote network connection via DUN when an application (or the user) attempts to access data on that network. For example, if your Internet mail program tries to access your ISP's mail server and you aren't connected, a dialog similar to the one in Screen 3 appears, and asks whether you want DUN to connect to the remote network. If you don't answer within 15 seconds, AutoDial applies the default answer: No, do not dial. AutoDial is intelligent; it remembers which DUN entries it uses to make which connections. So, if you answer Yes to the do-you-want-to-connect question, AutoDial completes the appropriate connection. This entire process is transparent to the background application that requests the data, and after the connection is made (assuming the program hasn't issued a time-out message), the application can then access the requested data.

Although the AutoDial feature is usually helpful, in some situations it's a nuisance. If an application running in the background continually attempts to connect to a remote machine on a network you don't really want to connect with at that moment, you'll quickly tire of the returning dialog that asks whether to dial the remote network. In this case, you can disable AutoDial for the current session by selecting the appropriate check box in the returning dialog. You also can configure AutoDial via several options: For example, you can disable AutoDial completely, or you can disable its prompt and have it automatically dial the remote connection without asking. You can also permanently disable the RAS AutoDial feature or disable it from only certain dialing locations. You can set up AutoDial to automatically redial on a link failure, an especially handy feature for NT systems that act as RAS routers to the remote networks or the Internet. To find these options, click the More button on the DUN main dialog and choose the User Preferences menu option.

Other New Features
NT 4.0's RAS also presents a few new features that make RAS's configuration and administration much easier than before. DUN now supports the Win95-style Unimodem technology that comes with NT 4.0; consequently, DUN can leverage the same centralized modem configurations that all your other Win32 communications applications use. NT 4.0 includes a powerful new DUN Monitor utility, which provides a wealth of details and statistics about each individual RAS connection (e.g., bytes sent and received, device errors, compression statistics). The DUN Monitor also lets you disconnect RAS connections and view a summary of active and inactive lines. You can run the DUN Monitor from the Control Panel, but you can also configure it to run automatically when connections are made.

Despite its modest appearances, a lot of power lurks under the hood of NT 4.0's DUN. And due to the simplicity of the Windows Explorer interface, this power is easier than ever to access. Whether you use it for increased bandwidth or secure corporate network access over the Internet, NT 4.0 RAS has something for everyone.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.