Perform a Test Deployment in Your Lab

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

By reading the design sections earlier in this chapter, you can develop a good idea about which remote site connectivity features are appropriate for your organization. However, before you deploy any technology in your production network, it is a good practice to perform a test deployment in a lab first. Testing in a lab familiarizes you with how the technology works and gives you the opportunity to experiment with different features when alternatives are available.

When testing how to deploy a remote site connection, evaluate the following key issues in a lab setting before deciding how to deploy the technology in your production environment:

  • Whether to deploy a dial-up connection, a PPTP VPN, or an L2TP/IPSec VPN.

  • Whether to deploy an on-demand connection or a persistent connection.

  • Whether to deploy a one-way initiated connection or a two-way initiated connection.

  • If you plan to deploy a VPN connection, what type of perimeter network you want to use.

  • Whether to use certificate-based EAP-TLS or password-based MS-CHAP v2 for user-level authentication.

  • If you plan to deploy an L2TP/IPSec VPN connection (the only connection type that offers computer-level authentication), whether to use computer certificates or preshared keys.

  • Whether the encryption method, such as a dial-up or PPTP VPN connection using MPPE encryption or an L2TP/IPSec VPN using IPSec for encryption, influences your decision about which connection type to use.

  • Whether to use an Active Directory account (and join your routers to the Active Directory domain) or use a local account for your router user accounts.

  • Which dial-up options to set in the router user account.

  • Whether to use a default remote access policy, a common policy, or a custom policy.

  • Which static IP addresses and which static routes are needed.

  • Which routing protocol or protocols are needed.

  • Whether your demand-dial routers will support Internet traffic.

  • Whether to enable multicast connectivity between your sites.

  • Whether to deploy a DHCP server in each site.

  • Whether to deploy a domain controller in each site.

For a tool to assist you in evaluating some of the remote connectivity features presented in this list, see "Example: Contoso Connects Remote Sites" (DNSREM_1.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Example: Contoso Connects Remote Sites" on the Web at https://www.microsoft.com/reskit). This job aid shows you how to deploy a PPTP VPN and a dial-up connection in a lab environment.

For additional test lab deployment examples, including information about deployments that include certificates and L2TP/VPN connections, see "Routing Scenarios" and "Virtual Private Network Implementation Examples" in Help and Support Center for Windows Server 2003.