Windows 7 Networking

**Andrew** · 28-09-2010

In Windows 7 and Windows Server 2008 R2, Microsoft introduced several new networking features to improve productivity of mobile users and users working in branch offices. This paper describes these features, as well as other network improvements in Windows 7 and Windows Server 2008 R2. Moving on to the network configuration in Windows 7. Simply go to the Start menu, then Control Panel and select Network and Internet (Network and Internet). In Windows Vista, the entrance to the network settings was carried out just as well. However, when you enter the parameters of the network and the Internet in Windows Vista, you have shown a lot more options. Let's compare these two tabs, opening a window of Windows 7 network and the Internet.

As you can see, this new configuration window in Windows 7 offers you several new options and some old options, but in total, there are not many options. We have become accustomed to the Center of the Network and Sharing Center (Network and Sharing Center) and to the options the Internet (Internet Options), but the option HomeGroup is new. I will return to HomeGroup and new and improved features in the center of the Network and Sharing Center in Windows 7 later.

The first thing that catches your eye, this set of options to choose from in Vista. However, I do not think it's very good, because many of these options are less important than others. For example, I believe that options such as Windows Firewall with or Offline Files (Offline Files) deserve their own section (they are removed from the Windows 7). 99% of Windows 7 or Vista, setting up a network, you'll go to the Control Center Network and Sharing Center. It offers most of the functionality and the most common tasks to be performed by administrators of Windows Vista or 7. So, let's consider the differences between the control center network and sharing in these two operating systems.

One of the main differences is a consequence of the fact that they are two different computers. Vista computer has a lot more network adapters than the machine is Windows 7. If you do not take this into account, the machine of Windows 7 has much fewer options than the machine Vista. Options have been removed from the left navigation bar, and options are shared and detection (Sharing and Discovery) were removed from the main window.

Homegroup is a new feature in Windows 7. Home Party (homegroup) is a simple way to connect computers in your home into a single network to be able to provide access to pictures, music, videos, documents, and printers. Here we use only one password for access to a home group, which makes its creation and the connection to the very simple task. If you click on a selection of options home group and share (Choose Homegroup and Sharing Options) in the center of the Network and Sharing Center in Windows 7. If you change your network location to Home, you'll see the option to create a home group. If you go to the page selection options home group and share, when the network location is set at home, you can choose to create now (Create now) and create a new group home.

Network Sharing Center

All the main settings that affect networking in Windows 7 are collected in the Network and Sharing Center. This window is new to those who have previously worked with Windows XP, but it is well known to users of Windows Vista. With Windows 7, "Network and Sharing Center" has been reworked. First, it was changed to View active networks- now it's more intuitive. Secondly, Windows 7 those parameters that are relevant to the management of the Network and Sharing, were moved into the selected home group and general access to data. In general, the modifications make the window Network and Sharing Center is more understandable for ordinary users who do not have to deal with fine-tuning the network.

If each of these PCs running Windows 7, then work with the data stored on them much easier. In order to gain access to files, folders, shared devices, which are part of the home team does not need to enter passwords every time. Enough to choose a folder on each computer and device, which will be shared and these can be quickly accessed from any computer on your home network. Even during the installation the user is prompted to specify which network you are connected: the office, to the public or to your home. If we choose the third option, then Windows assumes that you are part of the safe home network and allows the use of the home group.

But if the computers are connected to the home LAN, but they do not have Windows 7, for them the function of the group home will not work. Home groups can be created only between computers that are running Windows 7. It should be borne in mind that creating a new group home is only supported on computers that are running versions of Windows 7, Home Premium, Professional and Max. In the editorial Primary Starter Edition and Home Basic is supported only by joining an existing group home.

Homegroup

It is interesting to note that a PC professional can integrate into a home network without conflicting with the configuration (and security) of the professional network of the user, or requiring elevated privileges. However, a PC member of a domain cannot create his own group, he can only join an existing group and access to resources are shared. Creating a HomeGroup will allow the initiator to share files with users and devices of their choice. The HomeGroup can also share resources such as printers. Files (office, photos, video, and music) can be shared or read-only or modified (read and write).

Setup:

HomeGroup functionality can only work on a home network, to check click on the icon representing the network in the taskbar and select Open Network and Sharing Center.
The Network and Sharing Center displays important information about your network including the network type.
If your network is configured in Network office or public network, then you must change the type by clicking on the icon of the active network, then selecting the Home Network type.
You can now configure your home network so that your PC communicate: this is the first PC that you set up to deal with it by setting a password.
In Control Panel, choose Create a group.
Select the items you want to share with other computers on the network: Pictures, Music, Videos, Documents, and Printers by checking or unchecking the boxes available and click Next.
Note then the password that appears on the screen and allowing you to access the shared items from other computers running Windows 7 and connected to your LAN and then click Finish.
Your Home Group is now established. A summary of window appears.

**Andrew** · 28-09-2010

Connecting with the Home Group

When you boot a PC on a network in which there is a home network, simply join this network to access shared resources.
In the Control Panel search for > Home Group and then click on the Group and then click on Join.
You can always change your options in the Network and Sharing Center by clicking Group > Your Home Group.

The window of Control Panel allows you in HomeGroup:

To define the shared libraries,
To determine the level of media sharing (streaming)
View or change the password homegroup
Leaving the group
To set advanced options like network discovery, file sharing and printer sharing and public folder (especially if you have a PC with a Windows version earlier on your home network).
Once you have defined the group created and defined the rights, just place your files or folders in the respective libraries for the PC and other users in your group see them.
In a home group, you can access shared files on the Group account you had created.
Open an Explorer window and click in the navigation pane on the left, the Your Group. Double-click on the icon of the user you want to access files to show the different libraries.

DirectAccess

DirectAccess provides users with transparent access to internal network resources, if they are connected to the Internet. Traditionally, users can connect to internal network resources using a virtual private network (VPN). Nevertheless, the use of VPN for a number of reasons can be inconvenient.

Connecting to a VPN is carried out in several steps and the user must wait for authentication. For organizations that check the condition and health of your computer before allowing the connection, the establishment of a VPN can take several minutes.
Each time a user loses his connection to the Internet, you must reinstall the VPN-connection.
Internet performance slowing, if all traffic is routed through the VPN.
Because of these problems, many users do not connect through a VPN.

Instead, for connection to internal resources they use technologies such as Microsoft Office Outlook Web Access (OWA). With OWA, you can gain access to internal e-mail without establishing a VPN connection. However, if a user tries to open the document on an internal network (a link can be delivered by e-mail), it denies access to internal resources, because that is usually not available from the Internet.

Windows 7 and Windows Server 2008 R2 provides an opportunity DirectAccess, which allows users to work from home or via wireless access points in the network as if they are in office. With DirectAccess, authorized users can use the Windows 7 access to corporate shared folder, view intranet Web sites, as well as work with intranet-based applications without having to install VPN.

DirectAccess also useful for IT professionals, enabling them to manage mobile computers outside the office at any time, any place, even despite the fact that computers are not connected to the VPN. Every time the mobile computer connects to the Internet before the user logs in, DirectAccess creates a bidirectional connection that allows the client computer to use the company's policy and to receive software updates.

DirectAccess provides secure and flexible network infrastructure using technologies such as IPv6 and IPSec. Security features and efficiency include:
Authentication. DirectAccess authenticates the computer before the user logs into the system, allowing IT professionals to manage the computer with an Internet connection. DirectAccess can also authenticate users, supporting multi-factor authentication, such as authentication on smart cards.
IPv 6. DirectAccess uses IPv6 by providing customers with remote access routable IP-address. Organizations that are not yet ready to fully deploy IPv6 can use IPv6 transition technologies, such as ISATAP, 6to4 and Teredo, so customers can connect via IPv4 to IPv4 Internet resources in the enterprise network. These technologies provide IPv6 support for devices and servers that do not have native support for IPv6.
Encryption. DirectAccess uses IPsec to provide authentication and encryption of data transmitted over the Internet. You can use any method of IPsec encryption, including DES, with 56-bit key, or 3DES, with three 56-bit keys.
Access Control. Using DirectAccess, IT professionals can identify internal resources that each user can connect and get unlimited access or allow access only to specific servers or networks.
DirectAccess uses split-tunnel routing, thereby reducing unnecessary network traffic on the corporate network. In this arrangement, only traffic destined for the enterprise network is sent through DirectAccess server. Split-tunnel routing is the default configuration for DirectAccess, IT professionals can disable this feature and to send all traffic through the enterprise network.

VPN Reconnect

DirectAccess may become the preferred way to connect remote clients for many organizations. Nevertheless, some of them will continue to use the VPN in parallel with DirectAccess. Therefore, Microsoft has improved VPN support in Windows 7, including new technology VPN Reconnect. VPN Reconnect uses IKEv2 to ensure a stable and permanent VPN connection is automatically restored in the event of temporary loss of Internet connection. The greatest benefit from this feature, users will be using for the network wireless connection. This feature helps save time for mobile users using the unstable network connections. An example is the employee works during a trip by train.

To achieve its mission, it uses the VPN connection, which is installed on top of wireless Internet access. In the moments when the train enters a tunnel of a wireless signal is lost and restored only at the end of the tunnel. In earlier versions of Windows VPN does not automatically restored and the user was required to undertake several actions to restore the connection to the VPN. This feature helps save time for mobile users using the unstable network connections.

With VPN Reconnect, Windows 7 automatically restores the VPN connection after the return connection to the Internet. Despite the fact that reconnection may take a few seconds, the process is completely transparent to users, who now have more chances to stay connected to internal network resources.

Improve the offline files, and access to shared folders

I T professionals can assess the benefits of Windows 7 due to better access to shared folders in the branches of the company. Windows 7 provides.

Transparent caching shared folders on the client reduces the time required to access a file for the second and subsequent references to the slow channels. This is achieved through improvements to the protocol associated with the elimination of many redundant operations when opening or saving files, which in turn helped improve the performance of applications over slow links. Possibility background synchronization of offline files, simplifies administration and improves the finite.

**Andrew** · 28-09-2010

DNS Security Extensions

DNS clients running Windows 7 or Windows Server 2008 R2 and DNS servers running Windows Server 2008 R2 DNS Security Extensions (DNSSEC) to verify the integrity of DNS records according to RFC 4033, 4034 and 4035. In order to make sure that the record was created authoritative DNS server and has not been changed, computers Windows 7 and Windows Server 2008 R2 can verify the integrity of DNS responses.

When using the DNSSEC authoritative DNS server to Windows Server 2008 R2 provides digital signing DNS zone, and generates a digital signature for each resource record in the zone. Other DNS servers using trust relationships can be sure that the DNS entry was signed by an authoritative DNS-server and has not been changed. Client computers also support DNSSEC can analyze the success of server-side validation to use the returned response from the DNS record.

The circuit in which using IPsec and DNSSEC provides pass-through security in case of transmission of requests and responses through several DNS servers. For example, the client computer is located in the branch and sends a DNS query to a non-authoritative DNS server on Windows Server 2008 R2. This filial DNS server forwards requests to the authoritative DNS server at the main office and using DNSSEC checks the integrity of your internal DNS records. (Even if there are several intermediate servers) Then inform the customer about what DNSSEC was used to check records.

Built on IPv6

IPv6 reasonably responds to the goals enacted. It maintains the best features of IPv4 , exclude or minimize the bad, and adds new ones when they are needed. In general, IPv6 is not compatible with IPv4 , but is compatible with all other Internet protocols, including TCP , UDP , ICMP , IGMP, OSPF , BGP and DNS, sometimes, slight modifications are required (especially to work with long addresses). The main innovation is the use of IPv6 address longest that IPv4 . They are 16 bytes and can solve the problem that put IPv6 agenda: to provide a set of Internet addresses virtually unlimited.

It is necessary to be more explicit on this notation address, but be aware that there are a large number of addresses over 16 bytes. Specifically, it has 2 ^ 128, or approximately 3 x 10 ^ 38. If the whole Earth (land and water combined) was covered with computers, IPv6 could allow 7 x 10 ^ 23 IP addresses per square meter. Another improvement is to offer more flexible options. This change is essential in the new header, because the fields from the old version have now become optional. Furthermore, how options are represented is different: it allows routers to simply ignore the options that are not their destiny. This feature speeds up the processing time datagrams.

On the other hand IPv6 provides greater security. Authentication and confidentiality are the major security features of IPv6. Greater attention than in the past has been given to the types of services. Although the Type field of the datagram service IPv4 is only very rarely used, the expected growth of multimedia traffic in the future require to be interested.

The main objectives of this new protocol were to:

Support for billions of computers, releasing the inefficiency of the current IP address space,
Reduce the size of routing tables,
Simplify the protocol, to allow routers to route datagrams faster
Provide better security (authentication and confidentiality) that the current IP protocol,
Pay more attention to the type of service, including services associated with real time traffic,
Facilitate the dissemination multi-recipient to specify the size,
To afford a computer to move without changing their address,
Allow Protocol a future,
Give the old and new protocol for peaceful coexistence.

The meaning of different fields:

The Version field - is always equal to 4 bits for IPv6. During the transition period of IPv4 to IPv6, routers should examine this field to know what kind they will route the datagram.

The Traffic Class field (8-bit) - is used to distinguish sources that are to receive the flow control of others. Priorities 0-7 are assigned to sources that can slow their speed in case of congestion. Values 8-15 are assigned to real time traffic (video and audio data are part of) the flow rate is constant. This distinction flows enables routers to better react in case of congestion. Within each priority group, the level of lowest priority is less important to datagrams.

The Flow Identifier field - contains a unique number chosen by the source which is intended to facilitate the work of routers and enable the implementation functions of quality services such as RSVP (Resource ReSerVation setup protocol). This indicator can be regarded as a mark for a context in the router. The router can then make a special treatment: Choosing a route processing real time information.

The flow label field may be filled with a random value that will be used to reference the context. The source will keep this value for all packets that it will issue for this application and the destination. Processing is optimized because the router no longer has to see that five fields to determine the membership of a packet. Moreover, if an extension is used for confidentiality, information about port numbers are masked to intermediate routers.

Payload - on two bytes, contains only the size of useful data, without taking into account the length of the header. For packets whose data size is greater than 65536 this field is 0 and the option of extending jumbogramme gradually is used.

The use of separate prefixes for the addresses assigned to a supplier and the addresses assigned to a geographic area is a compromise between two different visions of the future Internet. Each of these providers has reserved a portion of the address space (unicast = 1 / 8 of that space). Each register is free to divide the remaining 15 bytes as it sees fit. Another possibility is to use a byte to indicate the nationality of the supplier and allow full freedom to the bytes following structure to define a specific address.

Broadcast multicast addresses have a flag field (4 bits) and a Scope field (4 bits) following the prefix, then a group identifier field (112 bits). A bit flag distinguishes permanent groups of transient groups. The Scope field allows a limited distribution on an area. In addition to supporting the traditional point to point address (unicast) and multicast address broadcast (multicast) IPv6 supports a new type of broadcast addressing first seen (anycast). This technique is similar to the broadcast multicast in the sense that the destination address is a group of addresses, but rather than trying to deliver the datagram to all group members, it tries to deliver it to one member group, the nearest or most able to receive it.

Windows Server 2008 R2 Required

Windows Server 2008 is offered in 32 or 64 bit Windows Server 2008 R2 is the first operating system available only in 64 bits. It is of course possible to run 32-bit applications in a virtual machine 32 bits. Microsoft has set off since the new version can handle up to 256 microprocessors with hearts. While there was not long ago was the Unix platform choice for critical applications, today Windows Server environment is considered a perfectly adequate. On complementarily between Windows 7 and Windows Server 2000 R2, Microsoft puts forward the two functions and DirectAccess BranchCache. The first is to replace the remote access to company employees who need to open a VPN communication. For the user, while DirectCache is transparent to the administrator, Microsoft it is not easy and it will require some resources for it to be implemented properly.

DirectAccess does not require any change of network equipment (in particular, there is no need to be IPv6). The implementation of this feature requires the installation of a Direct Cache Server server side, the presence of Windows Server 2008 R2 and Windows 7 client side. It supports all modes of tunneling. DirectCache with, the target is Microsoft's desktop managed by ISD and not the positions used occasionally by employees. For companies that do not yet have Windows, there is the possibility of using the Unified Access Gateway module - which is available on all client Windows XP or Vista, but Mac or Linux - which brings the same experience for the DirectCache user.

The second feature concerns highlighted by Microsoft BranchCache which is intended to optimize use of bandwidth. A remote PC that wants to download a document present on a company server will first verify that the document is not available locally on another system (PC or server). In the event that the download is interrupted for example by the PC which it downloads the file is turned off, then proceed BranchCache for download from the central server.

The functional enhancements of Hyper-V R2 :

Live Migration (the most requested feature by customers who participated in various programs of evaluation and adoption)
Storage Quick Migration (with System Center Virtual Machine Manager R2)
Compatibility for Intel & AMD Live Migration
Logical Processors: Support for 64 logical processors on the host machine
Second Level Address Translation
Using processor features to improve performance and reduce the hypervisor
Intel - Extended Page Tables (EPT)
AMD - Nested Page Tables (NPT) / Rapid Virtualization Indexing (RVI)
With these functions, the CPU Hypervisor decreased 2% and there is an increase of 1MB of memory consumed by VM
Add / Remove SCSI hot (Add and remove VHD format discs or direct access (pass-through disks) to a virtual machine running without the need for reboot)
Windows Server 2008 R2 supports the Core Parking permits mothballed (park / sleep) hearts: to optimize the utilization of each processor.

Instead of a separate server version of Windows 7 to publish the updated Microsoft Windows Server 2008 . The new server version is available only for 64-bit systems and supports up to 256 processors. In addition to Windows Server 2008 R2 using the features of the current CPUs fully, Microsoft promises. Core Parking and other improvements to ensure better power management. The hypervisor Hyper-V has also been expanded. It is now up to 32 CPUs exclusively can provide a virtual machine is available and also supports live migration of virtual servers. This allows virtual machines from one physical move to another physical server - ideally, without interruption of ongoing services.

The PowerShell 2.0 will give the administrator more possibilities with over 240 new cmdlets to the hand. The Remote Desktop Services (RDS) will replace the terminal services, and provide a Virtual Desktop Infrastructure (VDI) to host Windows desktop on a server and deliver via the network to the clients. In addition are joined by other new features, such as IIS 7.0, which are better than Windows server platform for Web applications to.

**Andrew** · 28-09-2010

URL-Based QoS

Not always increase the capacity of the network can solve the problem of performance. Any loaded network connection slows down, because the router does not have time to handle outbound traffic. This is especially noticeable in networks consisting of several local high-speed segments connected by slow WAN links. For example, the organization has network and 10 Mbps Internet access, computers can send packets on the LAN to the router with a higher rate than the router can transmit them to the Internet. In this scenario, the router keeps the received packets in the queue and processes them as channel availability. By default, the router processes packets in the queue on a first come - first out ". And in this case is an important traffic can be expected to send at a time as the router handles the less important packets.

When IT professionals configure Quality of Service (QoS), Windows begins to mark the outgoing packets to a special number Differentiated Services Code Point (DSCP). The router checks the DSCP value determines the priority of the packet. If the network is loaded and the router keeps the packets in the queue, packets with higher priority are processed first, despite the order of receipt. Therefore, QoS technology allows controlling the speed of response of an important network applications, even during times of high network load.

In earlier versions of Windows, IT professionals can specify the application, IP-addresses and port numbers to determine the priorities of QoS. With this level of detail, the IT specialists to prioritize traffic (web and E-mail) to improve bandwidth utilization, as well as to determine which server the data should be transmitted first. With the growth of Web services and server consolidation applications came the need for more flexible control priorities. For example one server bears just two applications, one of which is critical. Web services, one server share the same IP address that immediately limits the ability to prioritize.

Windows 7 lets you prioritize traffic based on the WEB URL. Using the QoS settings on the basis of URL, IT professionals can be confident that important WEB traffic will be handled with the highest priority, and this in turn will improve performance on busy networks. Also there is the ability to configure rules for using the Uniform Resource Identifier.

WiFi on Windows 7

Automatic Setup

Windows 7 detects the wireless network and displays the list of available networks and to the installation, we have already informed the type of network, residential system, also called Home Network.
By clicking on the Wireless Network in the notification area, the list of detected networks appears.
Click on Connect
The connection is established
The icon appears WLAN without the yellow star
The WiFi network is functional.

Manual Setup
I

f Windows 7 does not correctly detect the wireless network or if the network is not yet within reach, you can configure it manually.
In the Notification area, make a right-click the wireless network icon and select Open Network and Sharing Center
In the Network and Sharing Center, click Manage wireless networks
In the interface of the management of networks, click Add
The wizard opens, click Create a network profile manually
Fill in the information of the wireless network.

Network Name: This is the SSID (Service Set Identifier) which

identifies the wireless network according to IEEE 802.11
Security Type: select the type of security
WEP (Wired Equivalent Privacy) encryption of the first generation which consists of 26 hexadecimal characters
WPA (Wi-Fi Protected Access) and WPA2 , more secure mechanism for encrypting data, there may be up to 63 characters
Encryption Type: Select the type of encryption
TKIP (Temporal Key Integrity Protocol), allows random generation of keys
AES (Advanced Encryption Standard) encryption, secure.

As a general rule, the grantor of Internet access indicates that
information on the subscription contract, or under the ADSL box.

Check the box Start this connection automatically and click Next.
The assistant proposes to modify the connection settings if necessary. Click Close
The new wireless network was added
By clicking on the Wireless Network in the notification area, click Connect and validating domestic network.

Windows 7 Firewall
The firewall is probably the protection element of a computer more important. I talk about his job is prevent unauthorized network connections, which generally tend to be hackers or attempts to extract information from your computer. Like Vista, Windows 7 equipped with a firewall, but as expected, this is more advanced than that offered by the controversial Microsoft operating system (Vista). Firewalls There are certainly more powerful than the one offered by Windows 7, but it is also true that we must pay for them, therefore, set the firewall in Windows 7 correctly can help prevent unauthorized connections to our team and therefore keep our data and the health of our team intact.

Firewall configuration options of Windows 7

The firewall in Windows 7 has 3 different settings for the 3 types of network:

Network Domain
Public Network
Work or home network (private network)

To access the firewall of Windows 7, we can do it from:

Start> Control Panel> System Security> Windows Firewall
Once inside, we see the basic options to activate the firewall in Windows 7 or off. The system allows us to modify the default settings for each type of connection separately, and can block all incoming connections, disable the firewall in Windows 7, you notify us when you lock a connection, etc.

The limitations of connectivity for the 3 types of networks in Windows 7, provide different security conditions:

Public network in Windows 7: For this type of network, Windows 7 does not allow other computers to locate shared resources.
Home network in Windows 7: For this type of network, Windows 7 enables us to connect us to networks of type home group and can share resources in Windows 7 that will be made public for the rest of the network.
Network in Windows 7: In the latter situation, the firewall in Windows 7 not to connect to a group home, even if they can share resources with other network components.
In networks, the firewall in Windows 7 allows access to the network via a domain that can be set to: Start> Control Panel> System Security> System> Advanced System Settings> Computer Name
Once we are here, click Change, and the domain controller recognized Firewall mode network connection within a domain.
One of the things that the firewall in Windows 7 offers the opportunity to protect 2 types of network at the same time, i.e., we can create two networks on Windows 7 and firewall protection act separately for each network .

Diagnose and repair:

NDF (Network Diagnostics Framework) allows users to diagnose and fix problems, providing assessment and diagnostic information about the sequence of operations that will eliminate the problem. NDF simplifies and automates many of the standard operations for troubleshooting and implementing solutions to resolve network problems. Microsoft now supplies NDF in Windows 7 along with other innovations, such as access to the utility to troubleshoot from the notification area applet Troubleshooting Computer in the control panel and network tracing tools Event Tracing for Windows (ETW). All of them make it easy to view and collect the information necessary to investigate network problems that require fixes - either automatically or through user intervention.

My favorite change in the network settings of Windows 7 is the update function of diagnosis and correction of problems (diagnose and repair) of Vista. With Windows 7, if you want help in correcting network problems, you just click Fix network problems (Fix a network problem). Sounds longitudinally simply and clearly, is not it. In case of failure or problem, Windows 7 has tools to diagnose and troubleshoot Network. Just right click on the network and choose troubleshoot problem.

In the Control Center Network and Sharing Center in Windows 7 when you click Fix network problems, you'll see the following screen with the question of whether you want to fix. Windows 7 will try to fix the network problems that you select. The system even ask you if you want to fix the problem as an administrator Windows. Here is the correction of problems with household groups.

In general, I like the changes to the interface of tools for managing network settings in Windows 7. Simplifying the interface is very good, and the function fix network problems, and a new home groups. I suggest you familiarize themselves with all these changes in Windows 7.