Testing Your Policies in a Pilot Project

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Verifying successful IPSec operation is an important, and often neglected, step in deploying IPSec. Incorrectly configuring IPSec and related Windows networking components can cause network traffic to be unintentionally blocked or sent unprotected. The specifics of how to verify successful operation depend on the particulars of your deployment. You might need to engage the Help desk and conduct training in the technology, as well as create FAQs or self-help documents and procedures, so that you can quickly isolate problems.

Testing successful IPSec operations is uniquely different from testing other networking components. You can often test for successful operation of a system by performing tests to see if the applications behave as expected. However, applications in the overall system can perform properly while not protected by IPSec. Testing IPSec involves testing that the applications work, and that IPSec is in fact restricting access and performing protection.

It is also important to test IPSec policy management procedures and key IT operations processes, such as:

• Importing and exporting IPSec policy

• Remotely managing IPSec policy

• Initially assigning IPSec policy to different types of computers

• Changing IPSec policy on each computer

• Backup and restore operations

• Server and network monitoring

• Deploying new domain controllers

• Unassigning IPSec policy

• Adding subnets to the network

• Server scaling

• Cross-platform IPSec policy compatibility

Finally, coordinate with your network operations team to determine how procedures for responding to internal network attacks might impact the use of IPSec in your network.

For more information about planning and rolling out a pilot project, see "Designing a Pilot Project" in Planning, Testing, and Piloting Deployment Projects in this kit.