Overview of RRAS

Applies To: Windows 7, Windows Server 2008 R2

The Routing and Remote Access service (RRAS) is named for the two primary networking services that it provides.

Routing

A router is a device that manages the flow of data between network segments, or subnets. A router directs incoming and outgoing packets based on the information about the state of its own network interfaces and a list of possible sources and destinations for network traffic. By projecting network traffic and routing needs based on the number and types of hardware devices and applications used in your environment, you can better decide whether to use a dedicated hardware router, a software-based router, or a combination of both. Generally, dedicated hardware routers handle heavier routing demands best, and less expensive software-based routers handle lighter routing loads.

A software-based routing solution, such as RRAS in this version of Windows, can be ideal on a small, segmented network with relatively light traffic between subnets. Enterprise network environments that have a large number of network segments and a wide range of performance requirements might need a variety of hardware-based routers to perform different roles throughout the network.

Remote access

By configuring RRAS to act as a remote access server, you can connect remote or mobile workers to your organization's networks. Remote users can work as if their computers are directly connected to the network.

All services typically available to a directly connected user (including file and printer sharing, Web server access, and messaging) are enabled by means of the remote access connection. For example, on an RRAS server, clients can use Windows Explorer to make drive connections and to connect to printers. Because drive letters and universal naming convention (UNC) names are fully supported by remote access, most commercial and custom applications work without modification.

An RRAS server provides two different types of remote access connectivity:

  • Virtual private networking. A virtual private network (VPN) is a secured, point-to-point connection across a public network, such as the Internet. A VPN client uses special TCP/IP-based protocols called tunneling protocols to make a connection to a port on a remote VPN server. The VPN server accepts the connection, authenticates the connecting user and computer, and then transfers data between the VPN client and the corporate network. Because the data traverses a public network, you must encrypt data sent over the connection to ensure privacy.

  • Dial-up networking. In dial-up networking, a remote access client makes a dial-up telephone connection to a physical port on a remote access server by using the service of a telecommunications provider, such as analog telephone or ISDN. Dial-up networking over an analog phone or ISDN is a direct physical connection between the dial-up networking client and the dial-up networking server. You can encrypt data sent over the connection, but it is not required because the phone line is typically considered secure.

Additional references