Service provider takeaway: Value-added resellers (VARs) and networking consultants can help businesses provide remote access to users by setting up a virtual private network with Windows Vista and Windows Server 2008.
A virtual private network (VPN) can be extremely useful to your customers, but setting up a VPN can be somewhat complicated. This is especially true for Windows Server 2008, which offers many more options than Windows Server 2003. This guide will walk you through a step-by-step VPN setup process. VPN setup solutions come in both hardware and software, but for the purposes of this guide, I explain a software approach to setting up a VPN using Microsoft Vista products. In part 1 of this guide we take a step-by-step approach to configuring Windows Server 2008. In
But before we dig into configurations, let's look at the software and hardware requirements for setting up a Vista VPN. You need two separate Windows 2008 servers and at least one remote client running Windows Vista. The first Windows 2008 server is basically an infrastructure server. It must act as a domain controller, DHCP server, DNS server and certificate authority. If your customer already has a Windows 2008 network in place, you don't need to sell them another server to fit this role.
Any Windows 2008 domain will already have at least one domain controller and one server acting as a DNS server. Most Windows 2008 networks are also running DHCP services. If these services are already in place, your only concern is setting up a certificate authority (which I show you how to do in Step 3). For now, you just need to know that the server acting as a certificate authority must be running Windows Server 2003 or Windows Server 2008 Enterprise Edition.
The second server you need is a VPN server. Windows Server 2008 ships with the necessary software, but you do need two network interface cards (NICs): One will connect to the Internet and the other will connect to the private corporate network.
Before we move on to setting up a domain controller, let's consider server placement. Both servers will connect to the private network via a hub or switch. Only the VPN server will have external connectivity. However, it's a security risk to connect the VPN server directly to the Internet. It's best to place a firewall in front of the VPN server so you can filter out everything but VPN traffic.
Vista VPN setup guide, part 1
Set up a domain controller
Install DHCP services
Install Active Directory Certificate Services
Request a machine certificate
Install the Routing and Remote Access Service role
Configure the VPN server
Publish the Certificate Revocation List
Make the CRL accessible
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
This was first published in June 2008