What's New in Windows NT 4.0 RAS

Some of the most exciting changes in Windows NT 4.0 are the enhancementsto NT's remote networking services. In NT 3.51, Microsoft referred collectivelyto the client and server versions of its remote networking services as RemoteAccess Service (RAS). However, in NT 4.0, Microsoft renamed the client versionDial-Up Networking (DUN) for consistency with its Windows 95 counterpart.However, the server version retains the name RAS, and Remote Access Servicestill appears on the Services tab of Control Panel's Network applet.

Instead of being just a pretty new face on the same old product, NT4.0's remote networking services deliver significantly increased functionalitythat addresses many RAS users' woes. For example, now you can combine multipleRAS devices to increase total available bandwidth, create virtual privatenetworks (VPNs) using the Internet as a WAN backbone, and customize a newAutoDial feature to control how and when to automatically dial a remoteconnection.

RAS Overview
As a quick overview, RAS is Microsoft's name for its remote-node networkingtechnology. In RAS, a client PC connects to a remote machine or network over ananalog, Integrated Services Digital Networking (ISDN), X.25, or null modemconnection. Ordinarily, this connection is between an NT, Win95, or Windows forWorkgroups (WFW) workstation that runs a client version of RAS (a.k.a. Dial-UpNetworking) and an NT Workstation or NT Server PC that runs a server version ofRAS. However, Microsoft supports Point-to-Point Protocol (PPP), theindustry-standard remote-access protocol, so you can use non-MicrosoftPPP-capable products on either side of the connection. Once connected, remoteusers can access the same network resources that they can access when theyconnect directly to the LAN.

Both NT 4.0 Workstation and Server include a server version of RAS; theprimary difference is that NT Server's RAS supports up to 256 simultaneousinbound connections, and NT Workstation supports only 1. Microsoft provides RASclients for NT, Win95, WFW, and MS-DOS. RAS connections can use one or more ofthe big three network protocols: NetBEUI, IPX, and TCP/IP.

Dial-Up Networking
The first and most obvious change you'll notice when you run NT 4.0's newRAS client, DUN, is its appearance. Microsoft modified NT 3.51's RAS client tobetter use NT 4.0's Explorer interface. To find the icon for DUN, click theStart button, choose Programs, and look in Accessories. As with Win95, you canalso find the DUN icon by double-clicking the My Computer icon on the desktop.Double-click the DUN icon to start the program.

The first time you run DUN, the New Phonebook Entry Wizard startsautomatically to assist you with creating a new phonebook entry. The Wizard askssome basic configuration questions, but you'll probably also need to edit theentry's properties to provide additional information (such as logon options andprotocol settings) about the server you're calling. (To bypass the Wizard andset up the phonebook entry manually, select the check box displayed in theWizard's first step.)

Accessing the main Dial-Up Networking dialog
Once you've created a phonebook entry with the New Phonebook Entry Wizard,you will then see the dialog shown in Screen 1. A drop-down list box shows allyour Phonebook entries, and the More button provides a list of optionsapplicable to the currently selected entry. You can add new phonebook entriesfrom here using the New button, which either starts the New Phonebook EntryWizard or displays the New Phonebook Entry dialog if you've disabled the Wizard.

Multilink RAS: A Boon to Bandwidth
Microsoft integrated several new technologies into NT 4.0's RAS that greatlyenhance and extend its functionality. One new technology is the multilinkdialing feature, which lets an NT 4.0 RAS client make multiple physicalconnections (via multiple RAS devices) and combine them into one logicalconnection. This feature is a boon to all RAS users because it provides a way toget virtually unlimited bandwidth on a RAS connection. For example, you can usetwo 28.8Kbps modems in a multilink RAS connection to create an effectivebandwidth of 57.6Kbps. Multilink dialing also benefits ISDN users, who can nowtake advantage of both ISDN B channels to create 128Kbps ISDN connections. Youcan even combine ISDN and analog modem connections in a multilink RASconnection.

But wait--before you throw extra modems into your system to get faster RASconnections, you need to know an important fact: Both the RAS client and the RASserver must support multilink RAS or multilink PPP (MPPP). For example, if youuse RAS to connect to your Internet Service Provider (ISP) but it doesn'tsupport multilink connections, multilink RAS won't work. If you're an ISDN RASuser, you probably can take advantage of the multilink dialing feature becauseMPPP was originally developed with the ISDN community in mind and most ISP andcorporate routers are MPPP capable. Analog modem users face tougher odds,however, because most ISPs don't currently use NT Server 4.0 or have MPPPsupport for modem-based connections.

Once you find a compatible server to connect with, implementing multilinkRAS in NT 4.0 is a simple matter. To use multiple RAS devices to dial aphonebook entry, edit the phonebook entry and go to the Basic tab. In the DialUsing section, choose Multiple Lines. Now when you click the Configure button,you can choose which of your installed RAS devices to use with this connection(as shown in Screen 2).

Select the devices you want and the phone numbers the devices will dial.After you make a multilink RAS connection, NT automatically bundles the linesinto one logical connection, and you're off and running.

PPTP Virtual Networks
NT 4.0's RAS includes a beneficial new network protocol, the Point-to-PointTunneling Protocol (PPTP). Despite all the talk about this new protocol, manyusers are still unclear about what PPTP is and what it does. In a nutshell, PPTPis a WAN protocol that lets a RAS client and server establish a secureconnection over a TCP/IP connection such as the Internet.

Here's how PPTP works: First, a remote user establishes a connection to anIP-based internetwork (e.g., the Internet). Next, the user makes a secondconnection to an NT 4.0 RAS server running PPTP. The result is what Microsoftcalls a VPN that uses PPTP over TCP/IP.

Still confused? Think about PPTP this way: With a regular PPP-based RASconnection (the kind you're probably used to), RAS clients communicate with theRAS server by transmitting LAN protocols such as NetBEUI, IPX, and TCP/IP insidePPP packets over analog, ISDN, or X.25 switched connections. However, ratherthan using a switched connection, PPTP uses your existing IP network connection(e.g., your connection to the Internet) as its WAN protocol to communicate witha PPTP-enabled RAS server. The "tunneling" part of PPTP's name comesfrom the fact that any of the LAN protocols can be encapsulated (or tunneled)inside PPTP packets. For example, with PPTP you can create a NetBEUI or anIPX-based connection to a corporate network over the Internet. If you explicitlyenable encryption, PPTP encapsulates and encrypts the data in PPP packets andsends them as IP-based packets to the RAS server (as shown in Figure 1). Becausethe packets are encapsulated and encrypted, they are safe from prying eyes--anobvious concern for organizations that send data over the Internet.

The ramifications of this new technology are astounding. Now for the firsttime, organizations can leverage the Internet as a WAN backbone for secureremote network connections. This capability can provide substantial savings forbusinesses, compared to the cost of creating a private WAN over specializedequipment and dedicated lines. PPTP puts WAN connectivity within the reach ofmany smaller organizations that simply can't afford a private WAN.

Another interesting twist PPTP creates is the ability to physicallyseparate the RAS server from remote access hardware. Organizations can outsourcetheir dial-up network to a communications server or an ISP and maintain on theirpremises only a RAS server running PPTP. In this scenario, depicted in Figure 2,the service provider supplies dial-up connections to a PPTP-enabled NT RASserver, which in turn connects to the client organization's RAS PPTP server overan Internet-based PPTP tunnel. The client organization benefits because it nolonger needs to maintain any remote access equipment. Using a service provideralso enables non-PPTP-capable systems (e.g., systems not running NT 4.0) to makesecure connections over standard PPP--the service provider's server maintainsthe secure PPTP connection to the RAS server on the client's behalf. In somecases, this approach also lets remote clients use local phone numbers ratherthan long distance or expensive 800 numbers to access the RAS server (dependingon the access numbers the ISP provides). This facet of PPTP opens up a newoutsourcing service opportunity for ISPs.

So what's the bad news? Well none, except that Microsoft currently supportsPPTP on only NT 4.0: An NT 4.0 machine must be on each end of the connection. Iexpect Microsoft will eventually release a PPTP stack for its other operatingsystems, although I've found no information about expanded support.

PPTP Connection Tips
As significant as PPTP technology is, you'd think Microsoft would havedescribed it more clearly in NT 4.0's documentation. Unfortunately, thedocumentation on PPTP falls woefully short. The general descriptions of thetechnology are good, but the step-by-step details on setting up and connectingPPTP sessions are conspicuously absent. With that shortcoming in mind, here area few tips for configuring and connecting RAS PPTP sessions. (For additionalinformation about PPTP, see Mark Minasi, "Deciphering PPTP," December1996).

The first step is to install the PPTP protocol via Control Panel's Networkapplet. In the Protocols tab, choose Add, and then select Point-to-PointTunneling Protocol. Enter the maximum number of VPNs you want to let PPTPsupport (each RAS connection over PPTP constitutes one VPN). Because PPTP isimplemented as a virtual RAS device, you also need to reconfigure RAS on yourmachine (in the Network applet's Services tab) and add your new PPTP RASadapter. When you click Add for a new RAS device, you see a new choice in theRAS Capable Devices list that says RASPPTPM (or something similar); select andinstall this device.

Then you need to configure a dial entry to use it. First, select theprotocols (IP, IPX, and NetBEUI) you want to tunnel over the PPTP connection(all selected protocols must be installed on the RAS PPTP server). Next, youmust tell the dial entry how to connect to the PPTP RAS server. Enter the IPaddress of the PPTP RAS server in the phone number box (in the Basic tab) toenable the PPTP dial entry to find and connect to the server. (The documentationfails to tell you to do this step.)

Now you're ready to make the PPTP connection. First, use a DUN entry todial the IP-based connection that both your PC and the PPTP RAS server areconnected to. When you've made this connection, use your PPTP phonebook entry todial. You must enter a username, password, and domain name to make theconnection. Once these items are authenticated, you're on the network.Furthermore, you're communicating via the network protocols you selected in thePPTP entry's configuration, such as IPX or NetBEUI (not necessarily TCP/IP,unless that's one of the protocols you selected to tunnel; you can tunnel IPwithin IP using PPTP).

Another important new feature of NT 4.0's DUN is AutoDial, a dial-on-demandfeature that lets NT automatically offer to dial a remote network connection viaDUN when an application (or the user) attempts to access data on that network.For example, if your Internet mail program tries to access your ISP's mailserver and you aren't connected, a dialog similar to the one in Screen 3appears, and asks whether you want DUN to connect to the remote network. If youdon't answer within 15 seconds, AutoDial applies the default answer: No, do notdial. AutoDial is intelligent; it remembers which DUN entries it uses to makewhich connections. So, if you answer Yes to the do-you-want-to-connect question,AutoDial completes the appropriate connection. This entire process istransparent to the background application that requests the data, and after theconnection is made (assuming the program hasn't issued a time-out message), theapplication can then access the requested data.

Although the AutoDial feature is usually helpful, in some situations it's anuisance. If an application running in the background continually attempts toconnect to a remote machine on a network you don't really want to connect withat that moment, you'll quickly tire of the returning dialog that asks whether todial the remote network. In this case, you can disable AutoDial for the currentsession by selecting the appropriate check box in the returning dialog. You alsocan configure AutoDial via several options: For example, you can disableAutoDial completely, or you can disable its prompt and have it automaticallydial the remote connection without asking. You can also permanently disable theRAS AutoDial feature or disable it from only certain dialing locations. You canset up AutoDial to automatically redial on a link failure, an especially handyfeature for NT systems that act as RAS routers to the remote networks or theInternet. To find these options, click the More button on the DUN main dialogand choose the User Preferences menu option.

Other New Features
NT 4.0's RAS also presents a few new features that make RAS's configurationand administration much easier than before. DUN now supports the Win95-styleUnimodem technology that comes with NT 4.0; consequently, DUN can leverage thesame centralized modem configurations that all your other Win32 communicationsapplications use. NT 4.0 includes a powerful new DUN Monitor utility, whichprovides a wealth of details and statistics about each individual RAS connection(e.g., bytes sent and received, device errors, compression statistics). The DUNMonitor also lets you disconnect RAS connections and view a summary of activeand inactive lines. You can run the DUN Monitor from the Control Panel, but youcan also configure it to run automatically when connections are made.

Despite its modest appearances, a lot of power lurks under the hood of NT4.0's DUN. And due to the simplicity of the Windows Explorer interface, thispower is easier than ever to access. Whether you use it for increased bandwidthor secure corporate network access over the Internet, NT 4.0 RAS has somethingfor everyone.