Internet Authentication Service and Centralized Management

  • Article

In large corporate networks, managing policies on more than one remote access server can be task intensive. IAS can assist network administrators in managing geographically dispersed remote access servers from a central location.

IAS provides:

Centralized user authentication    IAS supports the ability to centrally manage user policy by authenticating users who are in Windows NT 4.0 and Windows 2000 domains. For authenticating users, IAS supports a variety of authentication protocols. They are:

  • Password Authentication Protocol (PAP)

  • Challenge Handshake Protocol (CHAP)

  • Microsoft Challenge Handshake Protocol (MS-CHAP)

  • Extensible Authentication Protocol (EAP)

Outsourcing remote access    This allows you to use a local ISP's network to allow employees to connect to the corporate network through a VPN tunnel. IAS allows you to track expenses and users who connect to the ISP, which then permits you to pay the ISP for the services used. This approach results in monetary savings for the organization.

Centralized administration of remote access servers    IAS enables network administrators to configure remote access policies on just one remote access server, then the rest of the remote access servers can act as RADIUS clients, getting policy from the IAS server.

Scalability    Small- and medium-sized networks in large corporations and ISPs can use IAS.

Remote monitoring    A network administrator can monitor IAS servers from anywhere on the network by using Event Viewer or Network Monitor, or by installing the Simple Network Management Protocol.

Import/Export IAS configuration    A network administrator can important or export IAS configuration by using a command-line utility. For more information about IAS, see "Internet Authentication Service" in the Microsoft Windows   2000 Server Internetworking Guide .

A computer that is configured with more than one IP address is referred to as a multihomed system. You can implement a multihomed system in several ways, depending on your needs. You can multihome DHCP servers to provide service to more than one subnet. DNS can also benefit from multihoming because the DNS service can be enabled on individual interfaces and can be bound only to IP addresses that are specified. By default, DNS binds to all individual interfaces configured on the computer.

Multihoming is supported in several different ways:

  • Multiple IP addresses for each network adapter

  • Multiple network adapters