Testing Your Policies in a Pilot Project
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Verifying successful IPSec operation is an important, and often neglected, step in deploying IPSec. Incorrectly configuring IPSec and related Windows networking components can cause network traffic to be unintentionally blocked or sent unprotected. The specifics of how to verify successful operation depend on the particulars of your deployment. You might need to engage the Help desk and conduct training in the technology, as well as create FAQs or self-help documents and procedures, so that you can quickly isolate problems.
Testing successful IPSec operations is uniquely different from testing other networking components. You can often test for successful operation of a system by performing tests to see if the applications behave as expected. However, applications in the overall system can perform properly while not protected by IPSec. Testing IPSec involves testing that the applications work, and that IPSec is in fact restricting access and performing protection.
It is also important to test IPSec policy management procedures and key IT operations processes, such as:
Importing and exporting IPSec policy
Remotely managing IPSec policy
Initially assigning IPSec policy to different types of computers
Changing IPSec policy on each computer
Backup and restore operations
Server and network monitoring
Deploying new domain controllers
Unassigning IPSec policy
Adding subnets to the network
Server scaling
Cross-platform IPSec policy compatibility
Finally, coordinate with your network operations team to determine how procedures for responding to internal network attacks might impact the use of IPSec in your network.
For more information about planning and rolling out a pilot project, see "Designing a Pilot Project" in Planning, Testing, and Piloting Deployment Projects in this kit.