The Network Device Enrollment Service the Network Device Enrollment Service
As you learned in your previous study of Active Directory Certi?cate Services, with Windows Server 2008 Microsoft released its own version of the Simple Certi?cate Enrollment Protocol for network devices and called it the Network Device Enrollment Service. Using this ser- vice, administrators can create a simple method for network devices, such as routers and switches, to attain certi?cates and become part of the PKI. For the 70-647 certification exam, you need to remember that the purpose of ccna certification is to enhance security in your environment. However, it is by no means required. The main reason an organization would want to use it is to secure multiple Windows Server 2008 CAs by using IPsec on routers and switches. From your study in Chapter 2, ?Naming Conventions, Networking, and Access Principles,? you should already be familiar with the fact that virtual private networks use the following ?ve authentication protocols through a VPN server: Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2) Extensible Authentication Protocol (EAP) Furthermore, you should understand that VPNs are refined through the use of either the Layer 2 Tunneling Protocol (L2TP) or the Point-to-Point Tunneling Protocol. These authentication methods and protocols have existed for a long time, and each of them in their own right has become the industry standard. However, with the release of Windows Server 2008, Microsoft has created a new standard protocol for VPNs that is available only for Windows Vista with Service Pack 1 and Windows Server 2008. The name of this pro- tocol is the Secure Sockets Tunneling Protocol (SSTP). And as you might mcitp enterprise administrator imagine from its name, SSTP takes advantage of the SSL channel of the Hypertext Transfer Protocol Secure (HTTPS) protocol. The reason for this technology is that very frequently in the enterprise individual users face the problem of having to authenticate to servers, or navigate to servers, that are behind physical barriers that could cause connectivity problems, such as a ?rewall or any form of Network Address Translation (NAT). The way this is conquered is by combing a series of technologies. Although it isn?t necessary to completely understand the anatomy of SSTP, you should understand that SSTP attaches an IPv4 or IPv6 header to a Point-to-Point protocol frame, and then it encrypts this frame using SSL.
Processing your request, Please wait....
