Remote Access Service (RAS)

Since version 3.1, NT server contains a service called RAS, short for remote access service. RAS, pronounced "razz", offers mobile workers dial-in functionality from a Wide Area Network (WAN), i.e. it opens your network to the world. Before a remote user can connect to the host or Local Area Network (LAN), the RAS has to be installed and configured on a local NT server. On this computer, there must also be some com-munication equipment(s), e.g. one or more modems if the WAN is an analog telephone network. For other types of networks, other types of communication equipment are necessary. The requirement on the remote client is support for the Point-to-Point Proto-col (PPP), and a modem connected to the computer. The RAS client software gives support for PPP. Furthermore, RAS clients can also provide remote access to NetWare Communication servers. A sample configuration is illustrated in Figure 9.

FIGURE 9. A sample RAS configuration

4.7.1 Remote Client Requirements

As mentioned above, the operating system requirement on the remote machine is sup-port for PPP, which implies that both NT and Windows 95 clients, as well as UNIX cli-ents are able to utilize a RAS server [44]. The maximum number of simultaneously connected clients that a RAS server can handle is 256. However, there exist other third party products that do not have this limitation.

4.7.2 Wide Area Network Connectivity

A client can connect to the RAS server in a number of different ways. The most com-mon way is through a modem connected to a standard analog telephone line, which is also called Public Switching Telephone Network (PSTN) or Plain-Old Telephone Ser-vice (POTS). Instead of a single modem, it is also possible to have a modem pool on either the client or the server side. A PSTN connection gives mobility freedom, due to its worldwide availability.

If faster links are desired, Integrated Services Digital Network (ISDN) can be used.

ISDN provides transmission speeds of 64 kbps (with one B-channel) or 128 kbps (with two B-channels). To be able to use ISDN a phone company must install ISDN lines at

Local

both ends. Moreover, both sides must have an ISDN card in place of modems. The cost for ISDN equipment and lines is still higher than standard modems and phone lines.

Another possibility is connecting clients with a RAS server through the standard X.25 protocol.

Assume a company with two LANs at the same location, but not physically connected.

Then, assume that there is one computer connected to one of the networks, that also need resources on the other. How could this be solved? One simple and cost effective method is to configure a RAS client on the computer that wants access to resources on both networks and then select a computer on the other network, on which a RAS server is installed. Further, connect these two computers with a RS-232C Null modem cable, see Figure 10. Now the RAS client in the figure is able to utilize resources on both net-works.

FIGURE 10. Connecting two LANs using RAS as gateway

4.7.3 Telephone Application Programming Interface (TAPI)

NT 4.0 provides a new interface called TAPI. This interface allows programmers to build programs, which are (more) independent, on how a specific modem works. With TAPI, various behaviors of a modem can be controlled. Modem vendors will be encouraged to write NT modem drivers [34].

4.7.4 Remote Access Protocols

RAS supports several modem protocols, including:

• Point-to-Point Protocol (PPP)

• PPP Multi-Link Protocol (MP)

• Point-to-Point Tunneling Protocol (PPTP)

• RAS protocol

• Serial Line Internet Protocol (SLIP)

Local

PPP is a set of industry-standard framing and authentication protocols [53], [54], [55], [43] that enable remote clients to connect to remote servers over a WAN. PPP supports a number of transport protocols, including TCP/IP, NWLink and NetBEUI.

To understand PPP, we will now describe what will happen when a client tries to set up a connection to a RAS server.

1. Framing rules are established between the client and the server. This allows contin-ued communication to occur.

2. The server then authenticates the remote user using one of PPP's authentication pro-tocols, see the example in appendix A.7.

3. If step 2 succeeds, then the server is configured according to the remote client.

When all these steps are successfully completed, the remote client and RAS server can begin transferring data using for example NetBIOS, WinSocks or RPC.

Note that not all users on the server side are allowed to use RAS. After RAS is installed, all users are denied access to RAS. This is often referred to as default deny in the literature [22]. An administrator has to grant dial-in permissions for each user that is allowed to access the system from a remote site.

MP [57] is a protocol that can be used to increase the communication bandwidth between a remote client and a RAS server. The idea is to combine (or aggregate) a number of communications channels. For example, suppose that two PSTN 14.4 kbps modems are available on both the client and the server side. Then, by using MP a 28.8 kbps line can be provided.

PPTP is new to RAS in NT 4.0. This protocol allows clients to connect to a RAS server via the Internet. The protocol allows Virtual Private Networks (VPNs) to be built on the top of current networks. The problem associated with data transfers over public net-works is maintenance of data confidentiality. In PPTP, this is handled through encryp-tion of the connecencryp-tions. The encrypencryp-tion method is RSA’s RC4, which use a 40-bit key.

To connect to a RAS server with PPTP, two connections must be established. The first one is to the ISP (with PPP) or to a RAS server in order to establish connectivity with the network. The second establishes the tunnel through the Internet (PPTP packets are encapsulated in IP packets), se Figure 11. Indeed, both connections have their own security.

FIGURE 11. A typical PPTP connection Local

Another attractive feature with PPTP is the fact that it enables Internet as a backbone network for other protocols then TCP/IP. For example, both NwLink and NetBEUI can be encapsulated in PPTP packets.

The RAS protocol is an elder protocol used in NT 3.1, which is used in other operating systems’ environments as well. Due to backward compatibility promises, it is still sup-ported in NT 4.0, but we will not describe it further in this report.

SLIP [51], [52] is an old communication protocol used originally on UNIX systems.

This protocol is supported in NT RAS clients, but it cannot be used to connect to a RAS server. However, it can be used to connect to, for example, an Internet Service Provider (ISP), assumed that the ISP supports SLIP. Note, SLIP supports only TCP/IP.