Supporting Multiple VPN Servers

For the management of the VPN server and having a centralized authentication and logging a radius server is needed to be deployed in the main corporate office. The Network Policy Server should be used for the management of the authentication authorization and management of the access control. The request of access of the VPN server is forwarded to the RADIUS server via the Network Policy server and an SQL server is used for storing the username and password of the user and management of the centralized login (Kang, Choi & Choi, 2016). The actions of the users are also recorded in the database of the SQL server. The RADIUS server is used for management of the remote access and communicating with the central server for authorizing the access for the requested system or service. It can be used for improvement of the security and setting the network policy used for tracking the usage and generating the network statistics.

For the implementation of VPN for corporate users highest level of security is needed to be applied and the following recommendations are made for maintain the highest level of security for the VPN connections:

Use of strongest authentication method for accessing the VPN – For a network installed with Microsoft server the secured authentication is applied using “extensible authentication protocol transport level Security” (Darabont, Kiss & Domokos, 2015). It have a public key infrastructure and are distributed using smart card and the “Microsoft Challenge Handshaking Authentication Protocol” and EAP should be used for adding best security in the network.

Using the strongest encryption method for accessing the VPN – The use of layer two tunnelling protocol can be used for secure transmission of data because point to point tunnelling protocol it weak unless strong client password is used (Snover et al., 2016). There are other options such as OpenVPN, SSL that can be used for authenticating the data flowing through the tunnel.

Limiting the access of VPN without a valid reason – The VPN connection is an entry and exit point for the local area network and it should be used only when needed. The employees connected with the organizational network using the VPN should be restricted to use the VPN for all day for checking emails or downloading files multiple times.

Providing access to the selected files using intranet or extranet rather than VPN – A secure HTTPs connection should be used and password should be used for authentication such that the single file is exposed for a single server and it is not available for the whole network.

The network policy server is used for protecting the network when a VPN client connects with the network. The network policy are created for forwarding the authentication and authorization request for the NPS server and the users are approved based on their membership. For getting the solution the windows server should be installed with NPS role service. The NPS role service should be installed using the server manager and configured with different constraints for the determination of the level of access and connecting with the network (Panek, 2015). During the creation of the policy it should be kept in mind that the request of the client should match with the connection policy. Multiple policy cannot be matched at a time and thus the source of the request should be evaluated for determination of the order for evaluation.

Securing VPN Connections

The NPS configuration can be exported with RADIUS clients and servers, connection request policy, logging confirmation from one NPS to another. The Netsh tool can be used for performing the export. The Windows PowerShell can also be used for performing the export and import operation. The backup of the server should be scheduled for keeping data mirrored between the disaster recovery and the primary site (Thomas, 2017). The creation of the replication server increases the reliability of the network and increases the fault tolerance of the network.

During backing up the file server over a network the connection link can cause bottleneck situation and makes it difficult for restoring the metadata and thus a cloud platform is selected for backing up the data. The servers can be virtualized and loaded into the cloud platform for accessing it from remote destination locations. For backing up the data in the cloud server the internet connection of the remote site is used and thus the bottleneck situation is avoided (Schulz, 2017). Another methodology that is backing up the data with the means of locally connected tape drives can also be used for creating a backup of the metadata and uploading the data in the storage network.

There are different security measures that can be applied for the securing the data residing in the file server. The SSH keys can be generated for authentication of the server and generating a private and public key. The user public key should be placed in the server in a special directory and during the establishment of the connection the private key of the user is needed to be inputted for proving the ownership (García-Galán et al., 2016). The firewalls can also be deployed for controlling the service and the restricting the access of the user to reach the server. A virtual private network can also be created for the establishing secure connection between the remote hosts.

For the improvement of the performance when accessing files BranchCache should be introduced for the optimization of the bandwidth. It optimizes the bandwidth of the WAN when the user access the content from the remote server. The BranchCache fetches the content from the main server or the cloud platform and caches the content in the local site for allowing the user to get the content locally without reaching the WAN (De Schepper et al., 2015).  A new server is needed to be implemented in Site 1 and configured such that it can host the cache and if the server cannot be implemented the client computers can also be used for storing the cache content.

References

Darabont, Ö., Kiss, K. J., & Domokos, J. (2015). Performance analysis of remote desktop virtualization based on Hyper-V versus remote desktop services. MACRo 2015, 1(1), 125-134.

De Schepper, K., Tsang, I., Bondarenko, O., & Briscoe, B. (2015). Data Center to the Home. Technical report, RITE Project.

García-Galán, J., Trinidad, P., Rana, O. F., & Ruiz-Cortés, A. (2016). Automated configuration support for infrastructure migration to the cloud. Future Generation Computer Systems, 55, 200-212.

Kang, S., Choi, J., & Choi, J. (2016). A method of Securing Mass Storage for SQL Server by Sharing Network Disks-on the Amazon EC2 Windows Environments. Journal of Internet Computing and Services, 17(2), 1-9.

Panek, W. (2015). MCSA Windows Server 2012 R2 Administration Study Guide: Exam 70-411. John Wiley & Sons.

Schulz, M. S. (2017). MCSA 70-741 Networking with Windows Server 2016 Pearson uCertify Course and Labs and Textbook Bundle.

Snover, J., Home, L., Plans, T. H. F., Day, D. S., Hackathon, M. D. C., Training, R. H., & Floorplan, E. (2016). The Devopsification of Windows Server 2016.

Thomas, O. (2017). Windows Server 2016 Inside Out (includes Current Book Service). Microsoft Press.