Example: Deploying Remote Access Clients

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

A large company, Contoso Ltd., is redesigning remote access infrastructure. Contoso decides to use the Connection Manager family of products to provide managed remote access to their company network through both dial-up connections and VPN connections. The new VPN server allows both PPTP and L2TP/IPSec VPN connections.

Contoso contracts with an ISP, A. Datum Corporation, to provide bulk dial-up Internet access. Under the arrangement, A. Datum will provide single sign-on for users using their Contoso credentials. This is accomplished by using a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a Contoso RADIUS server using a realm name agreed to by both A. Datum and Contoso. For more information about deploying a RADIUS proxy and RADIUS server, see "Deploying Internet Authentication Service (IAS)" in this book.

Contoso has the following primary objectives for providing a remote access solution to its users:

  • Allow local users to connect to the corporate intranet with direct dial using a local phone number, which dials directly into Contoso’s remote access servers.

  • Reduce costs by eliminating the need for toll free (1-800) dial-up access numbers for users traveling within the United States. The company has a contract with A. Datum to provide dial-up access numbers to the Internet, which will be used to carry VPN connections to the company.

  • Provide all users with automatic phone book updates when dial-up access numbers change.

    Allow users to connect by making a VPN connection to the corporate Intranet over their existing connections to the Internet, such as digital subscriber line (DSL) and cable modem connections.

The company would also like to improve the connection experience for their users in the following ways:

  • Provide a simplified method of setting up all types of connections on a variety of Windows operating systems.

  • Provide a unified phone book for all access numbers.

  • Provide a customized user interface for the connection client, including custom icons and graphics.

  • Provide a single sign-on experience for double-dial VPN users by using a realm name and a RADIUS proxy.

The Connection Manager family of products provides Contoso with solutions to meet all of these goals.