Contents

Overview 1

Evaluating the Existing Configuration 2

Identifying the Essential Design Decisions 6

Providing Security 15

Enhancing the Availability and
Performance 19

Lab A: Creating Networking Solutions 28

Review 89


Module 13: Networking
Service Designs


Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only

means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting,
PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media,
Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries/regions.

Project Lead: Don Thompson (Volt Technical)
Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc.
Instructional Design Consultants: Paul Howard, Susan Greenberg
Program Managers: Jack Creasey, Doug Steen (Independent Contractor)
Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies
Graphic Artist: Kirsten Larson (S&T OnSite)
Editing Manager: Lynette Skinner
Editor: Kristen Heller (Wasser)
Copy Editor: Kaarin Dolliver (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T Consulting)
Multimedia Development: Kelly Renner (Entex)
Test Leads: Sid Benevente, Keith Cotton
Test Developer: Greg Stemp (S&T OnSite)
Production Support: Lori Walker (S&T Consulting)

Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Ken Rosen
Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective
owners.



Module 13: Networking Service Designs iii


Instructor Notes
This module provides students with the information needed to design
networking solutions that support applications based on the requirements of an
organization. Students will use the knowledge of networking services (in terms
of features, functions, functionality, security, availability, and performance of
the service) to design networking solutions for given scenarios.
At the end of this module, students will be able to:

Identify the characteristics of the scenario that influence the design
decisions.

Describe the essential design decisions required to provide networking
services.

Describe the design decisions for securing the networking services.


Describe the design decisions for improving the availability and
performance of the networking services.

Upon completion of the design lab, students will be able to design networking
solutions that meet the requirements of a variety of given scenarios.
Course Materials and Preparation
This section provides you with the required materials and preparation tasks that
are needed to teach this module.
Required Materials
To teach this module, you need the following materials:

Microsoft
®
PowerPoint
®
file 1562B_13.ppt

Preparation Tasks
To prepare for this module:

Review the contents of this module.

Read any relevant information in the Windows 2000 Help files, the
Windows 2000 Resource Kit, or documents provided on the Instructor CD.

Review discussion material and be prepared to lead class discussions on the
topics.

Complete the lab and be prepared to elaborate beyond the solutions found
there.


Read the review questions and be prepared to elaborate beyond the answers
provided in the text.

Presentation:
75 Minutes

Labs:
120 Minutes
iv Module 13: Networking Service Designs


Module Strategy
Use the following strategy to present this module:

Evaluating the Existing Configuration
Tell the students that in this module, they will use their knowledge of
Microsoft Windows
®
2000 networking services to design networking
solutions. Point out that they will test their knowledge by working on an
organizational scenario.
In this section:
• Explain that students will design networking solutions for an investment
firm scenario. Tell them that before designing a solution, they must
identify the current status of the design project.
• Explain that the design requirements and limitations must be identified
when making design decisions.

Identifying the Essential Design Decisions

Emphasize that while designing a network, it is essential to identify which
networking services to include in the network design and where to place the
servers to provide essential support for the solution.
In this section:
• Avoid spending too much time explaining the networking services.
Focus on the selection of the appropriate networking service for a given
scenario.
• Point out that the placement of servers running the networking services
is as important as selecting the appropriate service.
• Emphasize that for each of the networking servers placed within any
location, the design options for the service are specified.

Providing Security
If the network is carrying confidential data, then it is the responsibility of
the network designer to ensure that the network is secure. In this section,
brief the students on the potential security risks to networks and how to
prevent those risks from occurring.

Enhancing the Availability and Performance
Point out that in a network design, certain networking services are essential
for the continued operation of mission-critical applications. When these
networking services are unavailable or respond slowly, the applications that
the services support also experience outages and slow performance.
In this section:
• Emphasize that identifying the networking services that require
improved availability and performance is the first step in making the
solution available.
• Explain that depending on the networking service, its availability and
performance can be improved by adding servers, subnets, routers, proxy
servers, and remote access servers.


Module 13: Networking Service Designs v


Lab Strategy
Use the following strategy to present this lab.
Lab A: Creating Network Solutions
In the design lab, students will design a network solution based on specific
requirements outlined in the given scenarios.
Students will review the scenarios and the design requirements and read any
supporting materials. They will use this information, and the knowledge gained
from the module, to develop detailed designs.
To conduct this lab:

Read through the lab carefully, paying close attention to the instructions and
to the details of the scenario.

Consider dividing the class into teams of two or more students.

Present the lab and make sure students understand the instructions and the
purpose of the lab.

Remind students to consider any functionality, security, availability, and
performance criteria provided in the scenario and how they will incorporate
strategies to meet these criteria in their design.

Allow some time to discuss the solutions after the lab is completed. A
solution is provided in your materials to assist you in reviewing the lab
results. Encourage students to critique each other’s solutions and to discuss
any ideas for improving their designs.




Module 13: Networking Service Designs 1


Overview

Evaluating the Existing Configuration

Identifying the Essential Design Decisions

Providing Security

Enhancing the Availability and Performance


The networking services in Microsoft
®
Windows
®
2000 provide the foundation
to solve connectivity and protocol requirements for organizations. You can
integrate the networking services to be able to design networking solutions that
establish a network foundation, provide access to public networks, include
connectivity for remote users and locations, and support network-based
applications and authentication methods.
In this module, you will design a networking solution for an investment firm
and address the basic functionality, security, availability, and performance
features of the solution.

When combined with Microsoft Proxy Server and Internet Information Services
(IIS), the networking services in Windows 2000 can provide complete solutions
for the investment firm.
At the end of this module, you will be able to:

Identify the characteristics of the scenario that influence the design
decisions.

Describe the essential design decisions required to provide networking
services.

Describe the design decisions for securing the networking services.

Describe the design decisions for improving the availability and
performance of the networking services.

Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will
examine an investment firm
scenario and the design that
provides a solution to the
business requirements of
the firm.
2 Module 13: Networking Service Designs





 Evaluating the Existing Configuration

Current Project Status

Design Requirements and Limitations


To design a solution for the investment firm, you must identify the information
that influences the design. Based on that information, you make decisions about
which networking services to include, along with which specifications to select
for each service.
To identify the information that influences the design, you must:

Examine the current project status.

Examine the design requirements and limitations.

Slide Objective
To describe the information
that influences the design.
Lead-in
To design a solution for the
investment firm, you must
first identify the information
that influences the design.
Module 13: Networking Service Designs 3



Current Project Status
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 Hosts


Many investment firms are increasing their presence on the Internet because of
electronic trading and online investments. These firms also connect branch
offices by using public networks such as the Internet. In addition, many of the
brokers and agents within investment firms require remote access to their
confidential client information.
A well-established investment firm is expanding operations to include a larger
online presence, and to provide remote access to broker and client information.
The existing connectivity between the New York, Tokyo, and London locations
is provided by:

Dedicated routers at each location.

56 kilobits per second (Kbps) dedicated lease-lines between locations.


The following table lists the project milestones completed to date, and the
reason these milestones were completed.
Activity So that the

Upgrading the physical network Private network can support additional traffic
generated by the broker and trading applications.
Replacing Routers 1 and 3 with
higher-performance routers
Routers can support the additional traffic
generated by the broker and trading applications.
Upgrading Internet connections
to T1 connections
Internet connections can support the traffic
between the locations.
Testing for the approved
computer hardware architecture
Compatibility and performance of the approved
computer hardware architecture is confirmed.
Recording performance statistics
for the approved computer
hardware architecture.
Number of computers required to support the
networking services can be determined.
Slide Objective
To describe the current
status of the investment
firm.
Lead-in
To design a solution for the

investment firm, you must
first identify the current
status of the design project.
Delivery Tip
Ask the students to study
the slide and to list the
important points to be
considered for designing a
solution.
4 Module 13: Networking Service Designs


Design Requirements and Limitations
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 Hosts


An investigation of the current network, user traffic patterns, and future

network requirements reveals the following additional information that you
consider when making your design decisions.
Applications
The investment firm uses a number of applications to conduct the day-to-day
operations. To create a solution for the investment firm, your design must
provide:

Support for a mission-critical Web-based application that manages
investment firm customers and their stock portfolios.

Support for a mission-critical Web-based application that allows customers
to check their stock portfolios and to perform investment trading over the
Internet.

Private network access to all shared folders and Web-based applications
from the New York, Tokyo, and London offices.

Performance response times to allow a stock trade transaction to occur
within three seconds.

Administration of private network resources by using a directory services
infrastructure.

Authentication of users by using a directory services infrastructure.

Support for all mission-critical applications to be available 24-hours-a-day,
7-days-a-week.

Slide Objective
To describe the

requirements and limitations
of the investment firm that
influence the design
decisions.
Lead-in
To design a solution for the
investment firm, you must
first identify the design
requirements and
limitations.
Module 13: Networking Service Designs 5


Connectivity
The applications used by the investment firm require connectivity between the
offices. When creating the design for the investment firm, remember that your
design must provide:

Simultaneous access to private network resources for approximately 200
brokers connecting through the Internet by using a variety of operating
systems.

Simultaneous access to Web-based applications for approximately 1,500
brokers and customers who are connecting through the Internet by using a
variety of operating systems.

Access to management aspects of the Web-based applications that are
restricted to brokers and administrative staff.

Access to the Internet from all locations for all private network users.


Control of Internet access through a single path of connectivity through the
New York headquarters.

Isolation of the firm’s network from the Internet.

6 Module 13: Networking Service Designs






Identifying the Essential Design Decisions

Identifying the Appropriate Networking Services

Providing Networking Services at the New York
Location

Providing Networking Services at the Tokyo Location

Providing Networking Services at the London Location


As you begin designing the networking solution for the investment firm, you
must identify which networking services to include in the network design.
Based on the networking services, you must identify where to place servers to
provide essential support for the solution.
You can select the networking services for your network design based on the

types of clients, applications, connectivity between locations, and connectivity
for remote users. You must place the servers within the organization based on
the number of clients, the geographic locations, and the amount of traffic
between network segments.
To provide the essential networking services for the investment firm, you must:

Identify the networking services that are required at each location.

Determine the networking server placement and design options for New
York.

Determine the networking server placement and design options for Tokyo.

Determine the networking server placement and design options for London.

Slide Objective
To describe the decisions
that are essential to
providing the investment
firm solution.
Lead-in
You must identify which
networking services to
include and where to place
servers to provide essential
support for the investment
firm.
Module 13: Networking Service Designs 7



Identifying the Appropriate Networking Services
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 Hosts


You must identify the networking services for a network design to ensure that
the appropriate foundation exists for supporting the users and applications. In
addition, you must also identify any networking services that can provide the
capabilities for future growth.
The following table lists the networking services that you need to include in the
network design, and the reason you must include them.
Include this service To provide

Transmission
Control Protocol/
Internet Protocol
(TCP/IP)
A common protocol between clients and Internet connectivity.

DHCP Automatic IP configuration for clients.
DNS Name resolution for Web-based applications.
Support for the Active Directory
™
directory service.
WINS Name resolution for Microsoft Windows 95, Microsoft
Windows 98, and Microsoft Windows NT
®
version 4.0 clients.
Microsoft Proxy
Server
Isolation between the private network and the Internet.
Different levels of security by creating screened subnets.
Caching of Internet requests.
Routing and Remote
Access
Connectivity between the various geographic locations within
the organization.
Connectivity for the brokers who connect to private network
resources through a virtual private network (VPN) connection
over the Internet.
Isolation between the private network and the Internet.

Slide Objective
To describe the decisions
involved in identifying the
appropriate networking
services to include in the
solution.
Lead-in

You must identify the
networking services to
include so that the
appropriate foundation for
supporting the users and
applications exists within the
network.
Point out in the diagram that
Routers 2, 4, and 5 are
replaced with Routing and
Remote Access–based
routers. Also note that the
connections to the Internet
are now established through
these new routers.

Avoid spending too much
time explaining the
networking services here.
Focus on selection of the
appropriate networking
service for a given scenario.

Ask the students to list the
networking services that are
required for the scenario.
8 Module 13: Networking Service Designs


Providing Networking Services at the New York Location

Router 1
Router 3
WINS
DHCP
DNS
Proxy
Server
Router 2
Internet
Internet
Subnet A
175 Hosts
Subnet C
250 Hosts
Subnet E
3 Hosts
Subnet B
7 Hosts
Firewall
VPN Remote
Access
Subnet D
2 Hosts


For the New York location, determine where to place the servers and the
options necessary to support your design.
Placing Servers That Run the Networking Services
The following table lists the placement criteria for servers at the New York
location.

Place On Subnet(s) So that

DHCP B DHCP traffic travels across the minimum
number of network segments while
protecting the server.
DNS B DNS traffic travels across the minimum
number of network segments while
protecting the server.
WINS B DNS traffic travels across the minimum
number of network segments while
protecting the server.
Router B, E Packets are routed between the screened
subnet and the private network while
protecting private network resources.
VPN remote access D Remote access is provided while protecting
private network resources.
Proxy Server B, E HTML and FTP traffic is filtered through the
Proxy Server while protecting private
network resources.

Slide Objective
To describe the decisions
involved in placing the
appropriate servers within
the New York location.
Lead-in
You must determine the
networking services design
options to place the servers
within the New York

location.
Point out that all servers not
running networking services
and all client computers
have been removed from
the slide for clarity
purposes.
Module 13: Networking Service Designs 9


Specifying Networking Services Design Options
The following tables outline the options that you need to specify in your
network design for each of the servers in the New York location.
DHCP
Specify To

DHCP scope for Subnets A and C Provide automatic IP configuration for the
DHCP clients on Subnets A and C.
Bootstrap Protocol (BOOTP) forwarding
on Router 1 and Router 2
Enable the forwarding of DHCP packets
between Subnets A, B, and C.
DNS updates Register new DHCP clients with DNS.

DNS
Specify To

Active Directory integrated zone Use the existing Active Directory
infrastructure, and to act as the repository
for the DNS zone information.

Dynamic updates from the DHCP server Authorize the DHCP server to perform
updates within the DNS zone.

WINS
Specify To

Burst handling Respond to a large number of
simultaneous WINS registration requests.
Replication with the Tokyo and London
servers
Ensure WINS resolution and registration
between locations.

Router
Specify To

Static Routing Provide routing between locations.
Open Shortest Path First (OSPF) Automatically update the routing table
with existing routers.
Internet Protocol Security (IPSec) tunnel Encrypt data between locations, and to
authenticate the router.

VPN Remote Access
Specify To

Point-to-Point Tunneling Protocol (PPTP)
ports
Provide remote access connections for
each remote access client.
Remote access policy Force encryption of all data between the

remote access clients and the VPN remote
access server.
Microsoft Challenge Authentication
Protocol (MS-CHAP) authentication
Provide encrypted authentication and
support encryption by using MPPE.

10 Module 13: Networking Service Designs


Proxy Server
Specify To

All users on the private network are
authorized
Enable Internet access through the proxy
server to users on the private network.
Reverse hosting for Web servers that host
the broker and trading applications
Enable access to the broker and trading
applications from users on the Internet.

Module 13: Networking Service Designs 11


Providing Networking Services at the Tokyo Location
Subnet F
100 Hosts
Internet
Internet

WINS
DHCP
DNS
Subnet G
75 Hosts
Firewall
Router 4


After the New York location design is completed, you need to decide where to
place the servers within the Tokyo location. For each networking service that
you place in the Tokyo location, you must determine the networking service
design options to include in your design.
Placing Servers That Run the Networking Services
The following table lists the servers that are placed within the Tokyo location,
the subnets on which the servers are placed, and why the servers are placed on
the respective subnet within your design.


Place On Subnet(s) So that

DHCP F DHCP traffic travels across the minimum number of
network segments while protecting the server.
DNS F DNS traffic travels across the minimum number of
network segments while protecting the server.
WINS F DNS traffic travels across the minimum number of
network segments while protecting the server.
Router F, G Packets are routed between the screened subnet and the
private network while protecting private network
resources.



The DHCP, DNS, and WINS servers were placed on Subnet F because
Subnet F contains the majority of client computers at the Tokyo location.

Slide Objective
To describe the decisions
involved in placing the
appropriate servers within
the Tokyo location.
Lead-in
The Tokyo location is a
branch office consisting of
fewer computers than New
York and London; therefore,
it has different networking
services requirements.
Delivery Tip
Check the students’
understanding of content by
asking them why all of the
computers have been
placed on Subnet F.

Point out that all servers not
running networking services
and all client computers
have been removed from
the slide for clarity
purposes.

Note
12 Module 13: Networking Service Designs


Specifying Networking Services Design Options
For each of the networking services servers that you place within the Tokyo
location, you must specify the design options for the service.
The following tables list the related design options by networking service, and
the reason for specifying the options in your design.
DHCP
Specify To

DHCP scope for Subnets F and G Provide automatic IP configuration for the
DHCP clients on Subnets F and G.
DHCP Relay Agent on Router 4 Enable the forwarding of DHCP packets
between Subnets F and G.
DNS updates Register new DHCP clients with DNS.

DNS
Specify To

Active Directory integrated zone Use the existing Active Directory
infrastructure, and to act as the repository
for the DNS zone information.
Dynamic updates from the DHCP server Authorize the DHCP server to perform
updates within the DNS zone.

WINS
Specify To


Burst handling Respond to a large number of
simultaneous WINS registration requests.
Replication with the New York server Ensure WINS resolution and registration
between locations.

Router
Specify To

Static Routing Provide routing between locations.
OSPF Automatically update routing table
information with existing routers.
IPSec tunnel Encrypt data between locations and to
authenticate the router.

Module 13: Networking Service Designs 13


Providing Networking Services at the London Location
Subnet H
200 Hosts
Internet
Internet
WINS
DHCP
DNS
Subnet I
150 Hosts
Firewall
Router 5



After the designs for the New York and Tokyo locations are completed, you
need to decide where to place the servers within the London location. For each
networking service that you place in the London location, you must determine
the networking service design options to include in your design.
Placing Servers That Run the Networking Services
The following table lists the servers that are placed within the London location,
the subnets on which the servers are placed, and why the servers are placed on
the respective subnet within your design.
Place On Subnet(s) So that

DHCP H DHCP traffic travels across the minimum number of
network segments while protecting the server.
DNS H DNS traffic travels across the minimum number of
network segments while protecting the server.
WINS H DNS traffic travels across the minimum number of
network segments while protecting the server.
Router H, I Packets are routed between the screened subnet and the
private network while protecting private network
resources.


The DHCP, DNS, and WINS servers were placed on Subnet H because
Subnet H contains the majority of client computers at the London location.

Specifying Networking Services Design Options
For each of the networking services servers that you place within the London
location, you must specify the design options for the service.
Slide Objective
To describe the decisions

involved in placing the
appropriate servers within
the London location.
Lead-in
The London location is a
larger branch office
consisting of fewer
computers than New York;
therefore, it has different
networking services
requirements.
Point out that all servers not
running networking services
and all client computers
have been removed from
the slide for clarity
purposes.
Note
14 Module 13: Networking Service Designs


The following tables list the related design options by networking service, and
the reason for specifying the options in your design.
DHCP
Specify To

DHCP scope for Subnets H and I Provide automatic IP configuration for the
DHCP clients on Subnets H and I.
DHCP Relay Agent on Router 5 Enable the forwarding of DHCP packets
between Subnets H and I.

DNS updates Register new DHCP clients with DNS.

DNS
Specify To

Active Directory integrated zone Use the existing Active Directory
infrastructure, and to act as the repository
for the DNS zone information.
Dynamic updates from the DHCP server Authorize the DHCP server to perform
updates within the DNS zone.

WINS
Specify To

Burst handling Respond to a large number of
simultaneous WINS registration requests.
Replication with the New York server Ensure WINS resolution and registration
between locations.

Router
Specify To

Static Routing Provide routing between locations.
OSPF Automatically update routing table
information with existing routers.
IPSec tunnel Encrypt data between locations and to
authenticate the router.

Module 13: Networking Service Designs 15







Providing Security

Identifying Potential Security Risks

Preventing Potential Security Risks


To secure the networking solution, you must identify the potential security risks
and how to prevent those risks from occurring. You identify the security risks
based on the confidentiality of the data and the number of users that have access
to the data. You prevent unauthorized access to confidential data by encrypting
the data, and authenticating users or devices that transmit the data.
To provide security for the investment firm solution, you must:

Identify the potential security risks for the confidential data.

Identify the strategies for preventing the potential security risks at each
location.

Slide Objective
To describe the decisions to
secure the investment firm
solution.
Lead-in
To secure the investment

firm solution, you need to
identify the potential security
risks and how to prevent
these risks from occurring.
16 Module 13: Networking Service Designs


Identifying Potential Security Risks
Internet
Internet
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 Hosts


When your network design includes confidential data that is transmitted on a
private network or over public networks, the data is at risk. Therefore, your
network design must ensure that each user who requires access to the
confidential data is authenticated.

The following table lists the security risks and why the data is at risk.
Data is at risk Because there is a possibility that

Within each location Brokers can access other brokers’ clients.
Customers may connect to the network while in the
branch office and access others’ accounts.
Network administrative staff can access any of the
firm’s accounts and records.
Between locations Confidential data is transmitted between locations over
public networks.
From the Web-based
application
Brokers and customers can transmit confidential data
over the Internet.
Servers that host the Web-based applications are
accessible from the Internet.
From brokers accessing the
private network remotely
Brokers can transmit confidential data over public
networks.

Slide Objective
To describe how to identify
the potential security risks in
the investment firm solution.
Lead-in
If your network transmits
confidential data on a
private network or over
public networks, the data

can be at risk.
Module 13: Networking Service Designs 17


Preventing Potential Security Risks
Internet
Internet
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 Hosts


After you identify the security risks, you need to decide how to prevent the
security risks from occurring at any location. For each location where there is a
security risk, you must prescribe a response that prevents access to the
confidential data.
Within Each Location
You can prevent the security risks within each location by:


Encrypting (by using IPSec) all confidential data transmitted within the
private network.

Authenticating all brokers by using Active Directory authentication.

Authenticating all customers when they access the Web-based application
while connecting to the network within each location.

Requiring HyperText Transmission Protocol Secure (HTTPS) for all
transactions on the Web-based application.

Between Locations
You can prevent the security risks between locations by:

Requiring the routers that connect locations transmit all data through a VPN
tunnel.

Encrypting the data by using 56-bit Data Encryption Standard (DES), which
is the strongest level of encryption that can be exported outside the U.S. and
Canada.

Authenticating the routers by using MS-CHAP v2 and IPSec.

Slide Objective
To describe the decisions
involved in preventing the
security risks for the
investment firm solution.
Lead-in
After identifying the security

risks, you need to decide
how to prevent the security
risks from occurring in any
location.
18 Module 13: Networking Service Designs


Web-based Application
You can prevent the security risks for the Web-based application by:

Authenticating all customers when they access the Web-based application.

Requiring HTTPS for all transactions on the Web-based application.

Placing the Web-based application servers on screened subnets within the
location.

Remote Access by Brokers
You can prevent the security risks when the brokers remotely access the private
network by:

Encrypting all confidential data transmitted within the private network by
using VPN tunnels with Microsoft Point-to-Point Encryption (MPPE).

Authenticating all brokers by using Active Directory authentication.

Module 13: Networking Service Designs 19







Enhancing the Availability and Performance

Identifying the Essential Networking Services

Enhancing the Availability and Performance at the New
York Location

Enhancing the Availability and Performance at the Tokyo
Location

Enhancing the Availability and Performance at the
London Location


Within the design, certain networking services are essential to the continued
operation of mission-critical applications. When these networking services are
unavailable or respond slowly, the applications that the services support will
also experience outages and slow performance.
You can enhance the availability and performance of the investment firm
solution by:

Identifying the essential networking services that require improved
availability and performance.

Identifying strategies for enhancing the availability and performance of the
networking services at the New York location.


Identifying strategies for enhancing the availability and performance of the
networking services at the Tokyo location.

Identifying strategies for enhancing the availability and performance of the
networking services at the London location.

Slide Objective
To describe the decisions
for enhancing the availability
and performance of the
investment firm solution.
Lead-in
Any mission-critical
application that is
dependent upon networking
services requires these
services to be highly
available and to prevent
outage.