A Guide to Windows 7 Networking
Whether at home or at the office, networking has gone mainstream. Once upon a time, a computer had value as a stand-alone machine running applications, but that time has passed. Without an ability to access the Internet, retrieve e-mail, chat via instant messaging, and connect with file shares and software, the computer is little more than an expensive paperweight.
Clearly, the trend is toward remote and mobile computing, and it's important for an operating system to provide the tools necessary to remain connected and productive from anywhere. Microsoft is incorporating a variety of new networking features in Windows 7 that simplify connectivity and help users access network resources no matter where they are connecting from. Here we'll take a closer look at some of the innovative networking features to be found in Windows 7 (we may get a little bit technical at times).
Let's start with an enhancement aimed primarily at home users and home businesses: With Windows 7, Microsoft introduces the concept of HomeGroup. The HomeGroup feature serves two primary purposes: (1) to make sharing files and resources between computers on a home network easier, and (2) to protect shared files and resources from guests or wireless-network intruders.
Many homes have multiple computers, and users want to be able to share music and pictures, or network all of the computers so as to print to a single printer. This type of local area networking has been possible in Windows for years, but it has often been easier said than done, leading to many hours of user frustration.
Open HomeGroup from the Control Panel. Click on Create a HomeGroup to begin the process. You can determine the types of files or content that you want to share with the HomeGroup by checking or unchecking the appropriate boxes.
After you click Next to create the HomeGroup, Windows 7 will automatically generate a password that other users will need in order to join the HomeGroup and share the resources. Windows 7 Starter and Windows 7 Home Basic versions cannot create a HomeGroup, but computers running any version of Windows 7 can join a HomeGroup. One significant drawback to the HomeGroup concept is that it works only with Windows 7, so any Windows XP or Windows Vista systems in the home will not be able to participate.
Using a HomeGroup simplifies the process of sharing files, folders, and other network resources with trusted computers on your home network. At the same time, it enables you to allow visiting guests to connect to your wireless network for Internet access without also granting them access to the shared content and resources. It also prevents any unauthorized rogue wireless connections from gaining access to shared resources.
Roaming users rely on VPNs (virtual private networks) to provide a secure connection between their computer and the internal company network. When a user is sitting in a hotel room, or in a conference room at a customer site, and establishes a VPN connection, the user's PC will generally remain connected unless there is some other network issue that interrupts the connection.
However, users who rely on wireless broadband connectivity to establish a VPN connection while on the move are faced with frequent dropped connections and a cumbersome process for reauthenticating and reestablishing the VPN connection each time.
The VPN Reconnect feature allows Windows 7 to automatically reestablish active VPN connections when Internet connectivity is interrupted. As soon as Windows 7 reconnects with the Internet, Windows 7 will also reconnect with the VPN. The VPN will still be unavailable as long as the Internet connection is down, and the process of reconnecting will take a few seconds after Internet access becomes available again, but VPN Reconnect will ensure that users stay connected with the network resources they need access to.
VPN Reconnect is basically an IPSec tunnel using the IKEv2 (Internet Key Exchange) protocol for key negotiation and for transmission of ESP (Encapsulating Security Payload) packets. ESP is part of the IPSec security architecture that provides confidentiality, authentication of data origin, and connectionless integrity.
In situations such as viewing streaming video over a VPN connection while riding on a commuter train, users typically lose all buffered data and have to start the video over every time connectivity is lost. The features of the IKEv2 IPSec tunnel and ESP help ensure a persistent connection even if the IP address changes during the reconnect and allows the streaming video to resume from the point it was at when VPN connectivity was lost.
What's better than a VPN that automatically reconnects and retains its connection state? How about not needing a VPN in the first place? DirectAccess is one of the most compelling and game-changing features of Windows 7, both for users and for administrators faced with a remote and roaming work force.
Aside from the issues mentioned above for users trying to stay connected on a VPN and access internal network resources, roaming users also pose a problem for administrators. Mobile computers that aren't connected to the network miss out on security updates, software patches, and Group Policy updates. They will get the updates when they eventually connect, but days or weeks might go by with those remote systems missing critical updates.
DirectAccess provides a persistent and seamless bidirectional connection between the internal network and the Windows 7 system, as long as that Windows 7 system can connect to the Internet. With DirectAccess, remote and roaming users experience the same access to corporate shares, intranet sites, and internal applications as they would if they were sitting in the office connected directly to the network.
DirectAccess works both ways. Not only can the computer access the network seamlessly across any Internet connection, but the IT administrator can also connect to DirectAccess client computers--even when the user is not logged on. With DirectAccess, IT Administrators can monitor, manage, and deploy updates to DirectAccess client computers as long as they are connected to the Internet.
DirectAccess uses IPsec for authentication and encryption. DirectAccess can also integrate with Network Access Protection (NAP) to require that DirectAccess clients be compliant with system health requirements before being allowed to connect to the network. IT administrators can restrict access through DirectAccess and configure the servers that users and individual applications can access.