Nội dung

Teleworker Services Accessing the WAN – Chapter ITE I Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Cisco Thai Nguyen Networking Academy Objectives ƒ In this chapter, you will learn to: – Describe the enterprise requirements for providing teleworker services, including the differences between private and public network infrastructures. – Describe the teleworker requirements and recommended architecture for providing teleworking services. – Explain how broadband services extend enterprise networks using DSL, cable, and wireless technology. – Describe the importance of VPN technology, including its role and benefits for enterprises and teleworkers. – Describe how VPN technology can be used to provide secure teleworker services to an enterprise network. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Cisco Thai Nguyen Networking Academy Business Requirement for Teleworker Services ƒ With advances in broadband and wireless technologies, working away from the office no longer presents the challenges it did in the past. – Organizations can cost-effectively distribute data, voice, video, and real-time applications, across their entire workforce no matter how remote and scattered they might be. ƒ On a broader scale, the ability of businesses to provide service across time zones and international boundaries is greatly enhanced using teleworkers. – Contracting and outsourcing solutions are easier to implement and manage. ƒ From a social perspective, teleworking options increase the employment opportunities for various groups, including parents with small children, the handicapped, and people living in remote areas. – Teleworkers enjoy more quality family time, less travelrelated stress, and in general provide their employers with increased productivity, satisfaction, and retention. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3 Cisco Thai Nguyen Networking Academy Teleworker Solution ƒ With the growing number of teleworkers, enterprises have an increasing need for secure, reliable, and cost-effective ways to connect to people working in small offices and home offices (SOHOs), and other remote locations, with resources on corporate sites. ƒ The figure displays 3 remote connection technologies available to organizations for supporting teleworker: 1. Traditional private WAN Layer 2 technologies, including Frame Relay, ATM, and leased lines, provide many remote connection solutions. 2. IPsec Virtual Private Networks (VPNs) offer flexible and scalable connectivity. • Site-to-site connections can provide a secure, fast, and reliable remote connection to teleworkers. • This is the most common option for teleworkers, combined with remote access over broadband, to establish a secure VPN over the public Internet. (A less reliable means of connectivity using the Internet is a dialup connection.) ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4 Cisco Thai Nguyen Networking Academy Teleworker Solution: Broadband Services 3. The term broadband refers to advanced communications systems capable of providing highspeed transmission of services, such as data, voice, and video, over the Internet and other networks. ƒ Transmission is provided by a wide range of technologies, including –digital subscriber line (DSL) –fiber-optic cable, –coaxial cable, –wireless technology, –satellite. ƒ The broadband service data transmission speeds typically exceed 200 kilobits per second (kb/s), or 200,000 bits per second, in at least one direction: –downstream (from the Internet to the user's computer) –upstream (from the user's computer to the Internet). ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5 Cisco Thai Nguyen Networking Academy Remote Connection Topologies for the Teleworker • Broadband vs. Baseband. – Baseband: only one signal on the wire at once - time-division multiplexing: • Ethernet networks. – Broadband: multiple signals - frequency division multiplexing. ƒ In general, broadband refers to telecommunication in which a wide band of frequencies is available to transmit information. –Broadband is generally defined as any sustained speed of 200K or more. –Broadband options include •digital subscriber line (DSL), •high-speed cable modems, •fast downstream data connections from direct broadcast satellite (DBS) •fixed wireless providers. •3G wireless –The most common problem with broadband access is lack of coverage area. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6 Cisco Thai Nguyen Networking Academy Teleworker Solution ƒ To connect effectively to their organization's networks, teleworkers need two key sets of components: –Home Office Components - The required home office components are a laptop or desktop computer, broadband access (cable or DSL), and a VPN router or VPN client software installed on the computer. • When traveling, teleworkers need an Internet connection and a VPN client to connect to the corporate network over any available dialup, or broadband connection. –Corporate Components - Corporate components are VPN-capable routers, VPN concentrators, multifunction security appliances, authentication, and central management devices for resilient aggregation and termination of the VPN connections. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7 Cisco Thai Nguyen Networking Academy Teleworker Solution ƒ Typically, providing support for VoIP requires upgrades to these components. –Routers need Quality of Service (QoS) functionality. –QoS refers to the capability of a network to provide better service to selected network traffic, as required by voice and video applications. ƒ The figure shows an encrypted VPN tunnel connect the teleworker to the corporate network. –This is the heart of secure and reliable teleworker connections. –A VPN is a private data network that uses the public telecommunication infrastructure. –VPN security maintains privacy using a tunneling protocol and security procedures. –This course presents the IPsec (IP Security) protocol as the favored approach to building secure VPN tunnels. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8 Cisco Thai Nguyen Networking Academy Options for Connecting the Teleworker ƒ Split tunneling: –Split tunneling is a computer networking concept which allows a VPN user to access a public network (e.g., the Internet) and a local LAN or WAN at the same time, •The remote user, for example, then downloads his email from the mail server at 10.10.0.5, and downloads a document from the Archive at 10.2.3.4. Next, without exiting the tunnel, the remote user can print the document through the PC's local network interface 192.19.2.32 to the printer at 192.19.2.33. –Advantages •An advantage of using split tunneling is that it alleviates bottlenecks and conserves bandwidth as Internet traffic does not have to pass through the VPN server. –Disadvantages •A disadvantage of this method is that it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Cisco Thai Nguyen Networking Academy Connecting Teleworker to the WAN ƒ Teleworkers typically use diverse applications (e-mail, web, voice, and videoconferencing) that require a high-bandwidth connection: –Dialup access - Dialup is the slowest option, and is typically used by mobile workers in areas where high speed connection are not available. –DSL - DSL also uses telephone lines. DSL uses a special modem that separates the DSL signal from the telephone signal and provides an Ethernet connection to a host computer or LAN. –Cable modem - The Internet signal is carried on the same coaxial cable that delivers cable TV. A special cable modem separates the Internet signal from the other signals and provides an Ethernet connection to a host computer or LAN. –Satellite - The computer connects to a satellite modem that transmits radio signals to the nearest point of presence within the satellite network. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10