Options for Creating a Service Profile

Cc939867.chap_14(en-us,TechNet.10).gifCc939867.image(en-us,TechNet.10).gif

Using the CMAK wizard, you can develop multiple service profiles to support a wide variety of connection requirements. The number of options available can make it seem difficult to determine what you need to include in your service profile to best support your needs. This section provides an overview of how to develop service profiles to support two of the most common scenarios:

  • Providing access to an Internet service provider (ISP)

  • Providing corporate access

These scenarios show the differences between two very different types of enterprises and how to customize a Connection Manager service profile to support their requirements. These are only two possible scenarios. You should review these two scenarios and review the Phase 1 information in the CMAK Guide to decide which options are best for your service.

You can make a copy of the planning worksheet and mark it up as you go through the scenarios to clarify how the options are defined. The worksheet is designed to match the structure of the CMAK wizard, so it is a good way to document the information required when running the wizard.

Important The following information provides an overview of methods of structuring Connection Manager service profiles to support the most common scenarios. This information is not sufficient to enable you to build service profiles. The details required to develop custom elements for a service profile and the rules for specifying each option are covered in the CMAK Guide . You should print the CMAK Guide and use it to determine how to set up your service profile. You can access the CMAK Guide by clicking Help from any page of the CMAK wizard.

Scenario 1: Providing Access to an Internet Service Provider

If you are an ISP that provides local access and participates in a consortium that enables your users to access the Internet from remote locations, you can create service profiles that contain multiple phone books - one for your local service and one or more for other access points provided by other members of the consortium. Merging multiple phone books into your service profile enables more effective phone-book maintenance than would be possible if all access numbers were maintained in a single phone book.

The CMAK Guide provides information about how to merge service profiles by using the CMAK wizard. The following information provides insight on how you can use merged phone books to effectively support an ISP account.

Step 1: Create the Phone Books and Dial-Up Networking Entries

Before running the CMAK wizard to create your service profile, create one or more phone books. For example, you could create a separate phone book for each ISP in the consortium to maintain on its own. To simplify the scenario, this example uses only two phone books (one for the local service and one for all of the other ISP access numbers supported by the consortium).

The phone books that you create contain all of the phone numbers that can be used to access the Internet. Each phone number in a phone book is known as a Point of Presence (POP). Microsoft Connection Point Services (available in the Windows NT 4.0 Option Pack) provides a Phone Book Administrator tool that simplifies the creation and maintenance of phone books in the format required by Connection Manager. Connection Point Services also includes Phone Book Service software that can be used to maintain the phone book and automatically update users' phone books when they connect to your service. For more information about creating the phone book, see Connection Point Services Help; also see the topics "Providing phone book support" and "Merging phone books and other features from existing service profiles" in Phase 2, "Developing custom elements," of the CMAK Guide.

For this example, create two phone books, one that contains the POPs for local access to your service and one that contains POPs for all fifty states in the United States. Because the POPs in the second phone book are provided by various remote ISPs, each with their own configuration requirements, each POP can have its own configuration settings. To specify the way in which a POP is handled, label the POP in the phone book with a specific Dial-Up Networking entry. In Step 2 (following), when you use the CMAK wizard to create the service profile, you specify how each Dial-Up Networking entry is handled. Before creating the service profile, determine how each POP is handled:

  • Decide whether it will use preassigned addresses or server-assigned addresses.

  • Specify the script, if any, associated with the entry.

  • Determine additional customization requirements (such as encryption requirements implemented by using advanced customization techniques).

Each phone book (.pbk) file that you create must have a region file (.pbr) with the same file name. For example, the two phone books in this example might have the names LocalISP.pbk and RemISP.pbk, so the region files are named LocalISP.pbr and RemISP.pbr.

Step 2: Create the Connection Manager Service Profile That You Want to Merge

To merge multiple phone books, you must create one service profile for each phone book. For example, using the two-phone-book example, you would create a service profile for the remote ISPs by entering the following information:

  • Service and File Names - In this example use the service name, Remote Internet Service Providers, because a service name is required to build a service profile. However, the service name is not used by Connection Manager when this service profile is merged into another service profile. In that case, you would use the file name, RemISP. The file name is used for the folder and many of the files created when CMAK builds the service profile.

  • Realm Name - If no realm name is specified in the primary service profile (see Step 3 following), Connection Manager uses the realm name specified in the merged service profile for connections that use those phone numbers. In this example, assume that no realm name is required.

  • Dial-Up Networking Entries - Specify the Dial-Up Networking entries associated with the remote ISP access numbers (POPs) that are contained in the RemISP.pbk file.

  • Connect Actions - Click only the Run post-connect actions option.

  • Post-Connect Actions - Click only the Automatically download phone-book updates option. All other connect actions specified for this service profile are ignored when the profile is merged into another service profile.

  • Phone Book - Browse to the RemISP.pbk file to select it as the phone book. (If you do not want to provide the phone book in the service profile, leave this box empty and specify the name in the Phone-Book Updates dialog box instead, in order to download it at a later time.)

  • Phone Book Updates - In the Connection Point Services server box, enter the name of the URL where the phone book for the remote ISPs is maintained and available for downloading.

You can specify other options when running the CMAK wizard to create this service profile, but only the options listed previously are used when a service profile is merged with another service profile.

Step 3: Create the Primary Connection Manager Service Profile

After you create the service profile that you want to merge, create the primary service profile, which is known as the referencing service profile. In this profile, specify the following information:

  • Service and File Names - Specify the names for the referencing service profile. In this example, these might be Internet Service Provider and LocalISP. The service name you specify here is used for all of the connections that your users make, even if they are using POPs from the merged service profile.

  • Realm Name - For this example, do not specify a realm name.

  • Merged Service Profiles - In the Existing Service Profile list, select the file name of the profile you want to merge. In this example, the file is RemISP. To add it to the Service Profiles To Be Merged box, click Add .

  • Other options - Specify all other options as appropriate. The options you specify here are used for all connections, except that the options previously specified in Step 2 will override these options when users connect by using the merged phone book.

Step 4: Implement Your Service Profiles

After you have completed step 3, thoroughly test your service profiles to ensure that they work as you expect. The Connection Manager service profile that you create can be incorporated in an installation package that is created by using the Internet Explorer Customization wizard. You also can distribute the service profile individually on a disk or use a Web server to download it to your users. For information about configuring profiles from your sign-up server, see "Using the Internet Connection Wizard for Sign-up and Setup" later in this chapter.

Scenario 2: Providing Corporate Access

You can create Connection Manager service profiles that provide corporate access to users by using either private dial-up connections to your corporate LAN or by using VPN connections that tunnel through a public network (such as the Internet). If you want to use ISPs to access your corporate account, it is recommended that you specify support for VPN connections to secure the data that you send over the Internet. Although you could set up corporate access without VPN support and use only a single service profile (a single phone book), for this example, assume that the service profile will support VPN connections and that you need two service profiles: one containing the phone book for your private corporate numbers and one containing the ISP phone book.

Step 1: Create the Phone Books and Dial-Up Networking Entries

Similar to the first scenario, create the phone books before creating the service profiles. In this example, create the phone book and region files for the corporate numbers (such as Corp.pbk and Corp.pbr) and the phone book and region files for the ISPs (such as Isp.pbk and Isp.pbr). Determine the requirements for Dial-Up Networking entries for the POPs in both Corp.pbk and Isp.pbk. (For more information about Dial-Up Networking Entries, see step 1 of "Providing Access to an Internet Service Provider," earlier in this chapter.)

When corporate numbers and ISP numbers are both included (by merging service profiles), the users get a single view of the network. If you prefer that some phone numbers for a geographic area are used only as emergency or secondary-access numbers, you can use the Surcharge option in Phone Book Administrator to distinguish them from numbers to be used for routine access.

Step 2: Set Up a VPN Server

To support VPN connections, you must set up a VPN server at the egress point from the Internet to your private network. For more information about setting up a VPN server, visit the Microsoft Windows NT Server Communication Services Web site.

Step 3: Create the Connection Manager Service Profile To Be Merged

Similar to the first scenario, create the merged service profile before creating the referencing service profile. In this example, create a service profile to provide corporate access through ISPs by entering the following information:

  • Service and File Names - In this example use the name, Internet Service Providers, because a service name is required to build a service profile. However, this name is not used by Connection Manager when this service profile is merged into another service profile. In that case, you would use the file name, ISP.

  • Realm Name - Some ISPs allow you to authenticate your users against your own authentication server at the time they connect by using the Remote Authentication Dial-In User Service (RADIUS) protocol. This gives the corporation full control of who is allowed to access the ISP on the corporation's behalf and eliminates the need to administer separate accounts and credentials for each user with the ISP. If your ISP supports this feature, you can use the Microsoft Internet Authentication Services (IAS), which is available in the Windows NT 4.0 Option Pack, to authenticate users against your Windows NT domain controller. When you do this, you normally have to append routing information to each authentication request to the ISP so that the request can be sent to the corporate server. This routing information is specified in Connection Manager as the realm name. If a realm name is specified in the referencing service profile, it will be used in all instances (including all merged service profiles). If no realm name is specified in the referencing service profile, the realm names specified in the merged service profile is used for connections that are made using entries from the merged service profile. In this example, specify a realm name in the merged service profile.

  • Dial-Up Networking Entries - Specify all of the Dial-Up Networking entries associated with the ISP access numbers (POPs) that are contained in the Isp.pbk file. In this example, in the Dial-Up Networking Entry dialog box, click Add , type Pre-Authorization in the Phone book Dial-Up Networking Entry box, click Allow the server to assign addresses , and then browse to the PreAuth.scp file to enter the script name in the Dial-Up Networking Script box.

  • Connect Actions - Click only the Run post-connect actions option.

  • Post-Connect Actions - Click only the Automatically download phone-book updates option. All other connect actions specified for this service profile are ignored when the profile is merged into another service profile.

  • Phone Book - Browse to the Isp.pbk file and select it to be included as the phone book in the service profile. (If you prefer to download the phone book at a later time, leave this box empty and enter the file name in the Phone-Book Updates dialog box instead.)

  • Phone Book Updates - In the Connection Point Services server box, enter the name of the URL where the phone book for the ISPs is maintained and available for downloading.

Other options specified in this service profile will be ignored when it is merged into another service profile.

Step 4: Create the Primary Connection Manager Service Profile

After you have created the service profile that you want to merge, you can create the primary service profile, which is known as the referencing service profile. In this profile, specify the following information:

  • Service and File Names - Specify the names for the referencing service profile. In this example, these might be Corporate Account and CorpAcct. The service name you specify here is used for all connections your users make, even if they are using POPs from the merged service profile.

  • Merged Service Profiles - In the Existing Service Profile list, select the file name of the profile that you want to merge. In our example, this is ISP. Click Add to add it to the Service Profiles To Be Merged box.

  • Realm Name - For this example, do not specify a realm name in this service profile, because it is specified in the merged service profile. If you specify a realm name here, the realm name specified in the merged service profile is ignored.

  • VPN Support - To support VPN connections for the merged service profile, select the Merged service profiles check box.

  • VPN Connection - To send user data (for dial-up connections) with the realm name (when your users log on to your corporate network by using a VPN connection through an ISP POP), select the Use the same user name and password for a VPN connection as for a dial-up connection check box.

  • Phone Book - All numbers designated as surcharge numbers appear in the More Access Numbers box in the Connection Manager Phone Book dialog box. If you have surcharge numbers in your phone books, you might want to specify a line of text to appear next to the More Access Numbers box. Specify the text by typing it in the CMAK wizard Phone Book dialog box in the More Text box.

  • Other options - Specify all other options as appropriate. The options you specify here are used for all connections, except for the options that were specified in step 2, which will override these options when users connect by using the merged phone book.

Step 5: Implement Your Service Profiles

After you have completed step 4, thoroughly test your service profiles on all supported platforms to ensure that they work as you expect. You can then distribute the service profiles to corporate users by posting them to a file or to Web servers.

.