LI NI UNgy nay, cng ngh vin thng ang pht trin rt nhanh, trong cng ngh mng ng vai tr ht sc quan trng trong vic thng tin d liu. Ch xt v gc kinh doanh, nhu cu truyn thng ca cc cng ty, t chc l rt ln. Mt cng ty c mt mng ring cho php chia s ti nguyn gia cc my tnh ni b. Nhng cng mun cc chi nhnh, vn phng, nhn vin di ng hay cc i tc t xa c th truy cp vo mng cng ty. C nhiu dch v c cung cp nh Modem quay s, ISDN server hay cc ng WAN thu ring t tin. Nhng vi s pht trin rng ri ca Internet, mt s cng ty c th kt ni vi nhn vin, i tc t xa bt c u, thm ch trn ton th gii m khng cn s dng cc dch v t tin trn. Nhng c mt vn l mng ni b cng ty cha ti nguyn, d liu quan trng m ch cho php ngi dng c quyn hn, c cp php mi c truy cp vo mng trong khi Internet l mng cng cng v khng bo mt. Do , Internet c th l mi nguy him cho h thng mng, c s d liu quan trng ca cng ty. S thng tin qua mi trng Internet c th b lm sai lch hoc b nh cp. V y chnh l ch mng o (VPN - Virtual Private Network) chng t kh nng. VPN cung cp gii php thng tin d liu ring t an ton thng qua mi trng mng Internet cng cng vi chi ph thp, hiu qu m vn rt bo mt. Sau thi gian c hc trng vi s dy d v nh hng ca cc thy c gio trong khoa, chng em chn ti H thng mng o VPN lm n tt nghip cng nh hc hi thm kin thc sau ny p dng vo thc t cng vic ca chng em. Do thi gian v kin thc cn hn ch nn quyn n ny ca chng em s cn nhiu thiu st. Knh mong s hng dn, gp thm ca thy c v bn b. Chng em xin chn thnh cm n!

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

LI CM NLi u tin chng em mun gi li cm n chn thnh ti thy Nguyn Tin Li - Khoa Cng ngh thng tin - Trng i hc Cng nghip H Ni tn tnh hng dn chng em v to iu kin tt nht chng em hon thnh ti tt nghip ny. Chng em cng xin cm n cc thy c gio trong khoa Cng ngh thng tin - Trng i hc Cng nghip H Ni gip chng em trong sut kha hc ti trng i hc cng nghip H Ni. Cng nh s ng gp qu bu ca cc thy c i vi ti tt nghip ny ca chng em. Li cm n sau cng chng em xin gi ti ton th cc bn b, ng nghip lm vic trong lnh vc cng ngh thng tin ng gp cho chng em nhng kinh nghim qu bu v b ch.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

MC LCL I NI U................................................................................................................................ 1 L I C M N.................................................................................................................................2 M C L C....................................................................................................................................... 3 DANH M C HNH V ................................................................................................................. 5 THU T NG VI T T T............................................................................................................ 8 PH N M U.........................................................................................................................12 CH NG 1 T NG QUAN TI.....................................................................................141.1 Tnh c p thi t c a ti.................................................................................................................14 1.2 Tnh hnh nghin c u th c t ...........................................................................................................15 1.3 V n t ra c a ti..................................................................................................................15 1.4 - M c ch v ngha........................................................................................................................16 1.4.1 Mc ch...................................................................................................................................................16 1.4.2 ngha......................................................................................................................................................17 1.5 - H ng ti p c n, ph m vi v k t qu th c hi n.............................................................................18 1.5.1 Hng tip cn.........................................................................................................................................18 1.5.2 Phm vi.....................................................................................................................................................18 1.5.3 Kt qu thc hin.....................................................................................................................................18 1.6. So snh u nh c i m v nh ng sai thi u v i nh ng ti khc.................................................18

CH NG 2 - C S L THUY T......................................................................................... 212.1 - T ng quan v m ng cn b n, qu n tr m ng, Windows Server 2008, Domain, AD, VPN v m t s d ch v m ng [1][2]...............................................................................................................................21 2.1.1 Tng quan v mng cn bn....................................................................................................................21 2.1.2 Tng quan v qun tr mng...................................................................................................................22 2.1.3 Tng quan v Windows Server 2008........................................................................................................23 2.1.4 Tng quan v Domain..............................................................................................................................27 2.1.5 Tng quan v AD......................................................................................................................................28 2.1.6 Tng quan v VPN [3],[7],[8],[9],[10]...................................................................................................29 2.1.7 Mt s dch v mng khc........................................................................................................................33 2.2 - Pht tri n ti.............................................................................................................................36

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

CH NG 3 - CC GIAO TH C NG H M VPN.........................................................383.1 Giao th c nh h ng l p 2 L2F [4],[6],[12]...................................................................................38 3.1.1 Cu trc gi ca L2F...............................................................................................................................38 3.1.2 u nhc im ca L2F.........................................................................................................................39 3.1.3 Thc hin L2F .......................................................................................................................................39 3.2 Giao th c ng h m i m-i m PPTP [4],[6],[12],[8]....................................................................41 3.2.1 Kin trc ca PPTP.................................................................................................................................42 3.2.2 S dng PPTP.........................................................................................................................................50 3.2.3 Kh nng p dng trong thc t ca PPTP.............................................................................................52 3.3 Giao th c ng h m l p 2 - L2TP [4],[6],[12].................................................................................52 3.3.1 Dng thc ca L2TP................................................................................................................................53 3.3.2 S dng L2TP...........................................................................................................................................59 3.3.3 Kh nng p dng trong thc t ca L2TP..............................................................................................61 3.4 Giao th c b o m t IP IPSEC [4],[6],[12]..........................................................................................62 3.4.1 Khung giao thc IPSec.............................................................................................................................62 3.4.2 Hoat ng ca IPSec................................................................................................................................70 3.4.3 V d v hot ng ca IPSec...................................................................................................................79

CH NG 4 - B O M T TRONG VPN.................................................................................824.1 Qu trnh xc th c [2],[4],[8]............................................................................................................82 4.1.1 Xc thc ngun gc d liu......................................................................................................................82 4.1.2 Xc thc tnh ton vn d liu ...............................................................................................................87 4.2 M ho [2],[4],[6],[8].......................................................................................................................91 4.2.1 Thut ton m ho kho b mt (hay i xng).......................................................................................92 4.2.2 Thut ton m ho kho cng cng ........................................................................................................96

CH NG 5 - NG D NG, CI T H TH NG M NG O......................................1005.1 - Ci t v tri n khai h th ng lab o b ng VMWARE [1]............................................................100 5.1.1 - VPN client to site................................................................................................................................100 5.1.2 VPN Site to Site......................................................................................................................................120 5.2 nh gi k t qu th c hi n............................................................................................................130

K T LU N V H NG PHT TRI N..............................................................................132 TI LI U THAM KH O........................................................................................................134

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

DANH MC HNH VHNH 2.1: VPN= NG H M + M HO........................................................................29 HNH 2.2: M HNH H TH NG M NG O.....................................................................30 HNH 2.3: VPN REMOTE ACCESS..........................................................................................32 HNH 2.4: VPN SITE TO SITE................................................................................................33 HNH 3.1: KHUN D NG GI C A L2F..............................................................................38 HNH 3.2: M HNH C TR NG L2F................................................................................40 HNH 3.3: KI N TRC C A PPTP........................................................................................42 HNH 3.4: CC GIAO TH C S D NG TRONG M T K T N I PPTP.......................44 HNH 3.5 : B C GI PPTP/ GRE...........................................................................................44 HNH 3.6: C U TRC GI D LI U TRONG NG H M PPTP..............................45 HNH 3.7: S NG GI PPTP......................................................................................46 HNH 3.8 : NG H M B T BU C V NG H M T NGUY N....................47 HNH 3.9: M HO GI TRONG PPTP................................................................................49 HNH 3.10 : NG H M K T N I LAN-LAN................................................................50 HNH 3.11: CC THNH PH N C B N C A M T VPN S D NG PPTP...............50 HNH 3.12: KI N TRC C A L2TP......................................................................................53 HNH 3.13: CC GIAO TH C S D NG TRONG M T K T N I L2TP.....................54 HNH 3.14: B C GI L2TP.....................................................................................................54 HNH 3.15: C U TRC GI D LI U TRONG NG H M L2TP............................55 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

HNH 3.16: S NG GI L2TP...................................................................................56 HNH 3.17: CC NG H M T NGUY N V B T BU C.......................................57 HNH 3.18: NG H M K T N I LAN-LAN.................................................................59 HNH 3.19: CC THNH PH N C B N C A L2TP.......................................................60 HNH 3.20: KHUNG GIAO TH C C S D NG TRONG IPSEC.............................63 HNH 3.21: KHUN D NG GI AH.....................................................................................64 HNH 3.22: KHUN D NG GI ESP.....................................................................................66 HNH 3.23: KHUN D NG GI TIN IPV4 TR C V SAU KHI X L AH...............68 HNH 3.24: KHUN D NG GI TIN IPV6 TR C V SAU KHI X L AH...............69 HNH 3.25: KHUN D NG GI TIN IPV4 TR C V SAU KHI X L ESP.............69 HNH 3.26: KHUN D NG GI TIN IPV6 TR C V SAU KHI X L ESP.............70 HNH 3.27: 5 B C HO T NG C A IPSEC.................................................................71 HNH 3.28 : IKE PHASE 1...................................................................72 HNH 3.29: T P CHNH SCH IKE.......................................................................................73 HNH 3.30: XC TH C CC I TC.................................................................................75 HNH 3.31: THO THU N CC THNG S B O M T IPSEC......................................75 HNH 3.32: T P CHUY N I IPSEC............................................................76 HNH 3.33 : CC K T H P AN NINH..................................................................................77 HNH 3.34: NG H M IPSEC C THI T L P..............................78 HNH 3.35: K T THC NG H M .............................................79 HNH 3.36: QU TRNH TRAO I THNG TIN.............................................................79 HNH 4.1: H TH NG P NG THCH NG I DNG.......................................83 1 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

HNH 4.2: HM BM THNG D NG MD5, SHA-1...........................................................88 HNH 4.4: XC TH C TNH TON V N D LI U D A TRN XC TH C B N TIN MAC..............................................................................................................................................90 HNH 4.5: CH K S.............................................................................................................91 HNH 4.6: M HO KHO B M T HAY I X NG.......................................................92 HNH 4.7: S THU T TON DES.................................................................................94 HNH 4.8: M NG FIESEL.........................................................................................................95 HNH 4.9: THU T TON M HO KHO CNG C NG..................................................96

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

THUT NG VIT TTT vit tt 3DES AD ADSL AES AH API ATM ARIN BGP BICC B-ISDN CA CIR CHAP CR CSU DCE DES DHCP DNS DSL T y Triple Data Encryption Standard Analog to Digital Asymmetric Digital Subscriber Line Advanced Encryption Standard Authentication Header Application Programming Interface Asynchronous Tranfer Mode American Registry for Internet Number ngha Thut ton mt m 3DES Chuyn i tng t sang s Cng ngh truy nhp ng dy thu bao s bt i xng Chun mt m cao cp Giao thc tiu xc thc Giao din chng trnh ng dng Cng ngh truyn ti khng ng b Tiu chun M cho a ch Internet

Border Gateway Protocol Giao thc nh tuyn cng min Bearer Independent Call Control Giao thc iu khin cuc gi c Protocol lp vi knh mang Broadband Integrated Service Digital Network Certificate Authority Committed Information Rate Challenge Handshake .Authentication Protocol Cell Relay Channel Service Unit Data Communication Equipment Data Encryption Standard Dynamic Host Configuration Protocol Domain Name System Digital Subcriber Line Mng s a dch v bng rng Nh phn phi chng thc s Tc thng tin cam kt Giao thc xc thc yu cu bt tay Cng ngh chuyn tip t bo n v dch v knh Thit b truyn thng d liu Thut ton mt m DES Giao thc cu hnh host ng h thng tn min ng dy thu bao s1 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

DSP DSU EAP ESP FCS FR GVPNS ICMP IETF IKE IGP IN IP IP-Sec ISAKMP ISDN ISO ISP L2F L2TP LAC LAN LCP LNS MAC MD5 MG

Digital Signal Processors Data Service Unit Extensible Authentication Protocol Encapsulating Security Payload Frame Check Sequence Frame Relay Global VPN Service Internet Control Message Protocol Internet Engineering Task Force Internet Key Exchange Interior Gateway Protocol Intelligent Network Internet Protocol Internet Protocol Security Internet Security Asociasion and Key Management Protocol Integrated Service Digital Network International Standard Organization Internet Service Provider Layer 2 Forwarding Layer 2 Tunneling Protocol L2TP Access Concentrator Local Area Network Link Control Protocol L2TP Network Server Message Authentication Code Message Digest 5 Media Gateway

B x l tn hiu s n v dch v d liu Giao thc xc thc m rng Giao thc ti an ninh ng gi Chui kim tra khung Chuyn tip khung d liu Dch v VPN ton cu Giao thc bn tin iu khin Internet C quan chun Internet Giao thc trao i kho Internet Giao thc nh tuyn trong min Mng thng minh Giao thc Internet Giao thc an ninh Internet Giao thc qun l kho v kt hp an ninh Internet Mng s a dch v T chc chun quc t Nh cung cp dch v internet Giao thc chuyn tip lp 2 Giao thc ng ngm lp 2 B tp trung truy cp L2TP Mng cc b Giao thc iu khin lin kt My ch mng L2TP M xc thc bn tin Thut ton MD5 Cng kt ni phng tinNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

MGC MGCP MIB MPLS MPPE MTU NAS NCP NDIS NGN NSA PAP PDU PKI POP PPP PPTP PVC QoS RAS RADIUS RRAS SA SDH SG SIG

Media Gateway Controller Media Gateway Control Protocol Management Information Base Multi Protocol Laber Switching Microsoft Point-to-Point Encryption Maximum Transfer Unit Network Access Server Network Control Protocol Network Driver Interface Specification Next Generation Network National Security Agency Passwork Authentication Protocol Protocol Data Unit Public Key Infrastructure Point of presence Point to Point Protocol Point to Point Tunneling Protocol Permanrnent Virtual Circuit Quality of Service Remote Access Service Remote Authentication Dial-In User Service Routing and Remote Access Server Securty Association Synchronous Digital Hierachy Signling Gateway Session Initiation Protocol

Thit b iu khin truy nhp Giao thc iu khin cng kt ni phng tin C s d liu thng tin qun l B nh tuyn chuyn mch nhn M ho im-im ca Microsoft n v truyn ti ln nht My ch truy nhp mng Giao thc iu khin mng Xc nh giao din mng Mng th h sau C quan an ninh quc gia M .Giao thc xc thc mt khu n v d liu giao thc C s h tng kho cng khai .im truy cp truyn thng Giao thc im ti im Giao thc ng ngm im ti im Mng o c nh Cht lng dch v Dch v truy nhp t xa Xc thc ngi dng quay s t xa My ch truy cp nh hng v .truy vp t xa Kt hp an ninh Phn cp s ng b Cng kt ni bo hiu Giao thc khi to phin1 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

SONET SPI RTP SVC TCP TE UNI UDP VC VCI VNS VPI VPN WAN

Synchronous Optical Network Sercurity Parameter Index Real Time Protocol Switched Virtual Circuit Transmission Control Protocol Terminal Equipment User Network Interface User Datagram Protocol Virtual Circuit Virtual Circuit Identifier Virtual Network Service Virtual Path Identifier Virtual Private Network Wide Area Network

Mng quang ng b Ch s thng s an ninh Giao thc thi gian thc Mch o chuyn mch Giao thc iu khin ng truyn Thit b u cui Giao din mng ngi s dng Giao thc UDP Knh o Nhn dng knh o Dch v mng o Nhn dng ng o Mng ring o Mng din rng

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

PHN M UNgy nay, vi s pht trin nhanh chng ca khoa hc k thut c bit l Cng ngh thng tin v Vin thng gp phn quan trng vo s pht trin kinh t th gii. Cc t chc, doanh nghip c nhiu chi nhnh, cc cng ty a quc gia trong qu trnh hot ng lun phi trao i thng tin vi khch hng, i tc, nhn vin ca h. Chnh v vy i hi phi lun nm bt c thng tin mi nht, chnh xc nht, ng thi phi m bo tin cy cao gia cc chi nhnh ca mnh trn khp th gii, cng nh vi cc i tc v khch hng. p ng c nhng yu cu trong qu kh c hai loi hnh dch v Vin thng m cc t chc, doanh nghip c th chn la s dng cho kt ni l: - Th nht, thu cc ng Leased-line ca cc nh cung cp dch v kt ni tt c cc mng con ca cng ty li vi nhau. Phng php ny rt tn km cho vic xy dng ban u cng nh trong qu trnh vn hnh, bo dng hay m rng sau ny. - Th hai, h c th s dng Internet lin lc vi nhau, tuy nhin phng php ny li khng p ng c tnh bo mt cao. S ra i ca k thut mng ring o VPN dung ho hai loi hnh dch v trn, n c th xy dng trn c s h tng sn c ca mng Internet nhng li c c cc tnh cht ca mt mng cc b nh khi s dng cc ng Leased-line. V vy, c th ni VPN chnh l s la chn ti u cho cc doanh nghip kinh t. Vi chi ph hp l, VPN c th gip doanh nghip tip xc ton cu nhanh chng v hiu qu hn so vi cc gii php mng din rng WAN. Vi VPN, ta c th gim chi ph xy dng do tn dng c c s h tng cng cng sn c, gim chi ph thng xuyn, mm do trong xy dng. Vit Nam, khi nn kinh t cng ang trong thi k pht trin v hi nhp quc t th nhu cu s dng VPN va p ng c cc yu cu v thng tin, va gii quyt c nhng kh khn v kinh t. Vi ti: "H thng mng o VPN trong n Tt nghip, chng em hy vng n c th gp phn tm hiu Cng ngh VPN, ng thi gp phn ph bin rng ri k thut VPN. Ni dung tm hiu ca n gm 5 chng s ln lt trnh by cc vn c bn nht ca mng VPN.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Chng 1: Nu mt s khi nim tng quan, tnh cp thit ca ti, hng tip cn ti, ngha ca vic s dng H thng mng o VPN trong thc tin. T lm c s pht trin ti, a ra cc thun li v kh khn khi s dng cc loi hnh VPN . Chng 2: y l chng gii thiu v cc dch v mng, nh ngha nhng ng dng trong qun tr mng, a ra cc khi nim v VPN v cc loi hnh VPN, phn loi mng VPN. Chng 3: y l chng trng tm gii thiu v cc giao thc, cc c im v hot ng ca cc giao thc ng hm L2F, PPTP, L2TP, v IPSec c s dng trong VPN. Chng 4: Nu vn bo mt trong VPN, y l mt phn quan trng trong VPN. Bo mt trong VPN bao gm: qu trnh mt m v xc thc. Trong chng ny s gii thiu cc gii php, thut ton m ho v xc thc trong VPN. Chng 5: Da vo nhng kin thc tm hiu cc chng trc xy dng cc dng mng o VPN trn lab o a vo ng dng thc t ti cc doanh nghip, cng ty. Do nhiu mt cn hn ch nn ni dung ca ti khng trnh khi nhng sai st. Chng em rt mong nhn c kin ng gp ca cc thy c v bn c.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Chng 1 TNG QUAN TINgy nay vic ng dng h thng cng ngh thng tin vo cuc sng c trin khai, ng dng v pht trin mnh m, vi nhng tin b vt bc. Vic pht trin nghnh cng ngh thng tin cng ch ra rng t nc ang pht trn ti mc no. Khi h thng mng my tnh pht trin v c a vo ng dng th km theo sau n l hng lot cc dch v ng dng cng pht trin theo nhm phc v cho nhu cu cng vic ca con ngi, lm cho cng vic ngy mt thun tin hn v nhanh chng hn. Trong nhng cng ngh ko theo c H thng mng o VPN. H thng mng o VPN c a ra nhm gip cho nhng cng ty, doanh nghip, hay nhng i tc ca nhau nhng xa nhau v mt a l c th lin kt li c vi nhau thng qua h thng mng Internet m vn m bo c v mt bo mt, an ton d liu. 1.1 Tnh cp thit ca ti Cng vi s ra i ca h thng mng my tnh th cng ngh mng pht trin mt cch vt bc. Cch y mt thi gian th mng mng my tnh cn l mt khi nim xa vi. Nhng by gi n tr thnh hin thc v l mt trong nhng nhu cu ln ca cc h thng cng ty v nhng doanh nghip. Vic xy dng v pht trin h thng mng c ngha sng cn i vi mi n v. Vic p dng h thng mng vo cng vic mang li nhiu li ch to ln. Nhng li ch m h thng mng mang li khng ai c th ph nhn l vic h tr trong cng vic, vic truyn ti thng tin d liu mt cch nhanh chng thun tin. Tuy nhin vic ra i h thng mng Internet cng ko theo nhiu h ly ca chng l vic ph hoi h thng ca mt s i tng xu. Vic giao tip v truyn ti d liu trn mng c th b can thip, nh cp ca mt s phn t xu li dng h thng mng Internet. V vy m bo vic kt ni v truyn ti d liu cc n v c th la chn mt trong hai dch v vin thng cho kt ni l: Thu mt ng truyn ring Leased Line ca nh cung cp kt ni cc mng con ca cng ty li vi nhau. Tuy nhin vic thu ng truyn ring s rt t v tn km chi ph. Vy kt ni h thng gia cc cng ty cha v con l bt kh thi? Hay s dng mng internet lin lc vi nhau, tuy nhin phng php ny khng mang tnh bo mt cao, d b nghe trm v nh cp thng tin.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

V Microsoft cho ra i mt khi nim hon ton mi l thit lp mt h thng mng o Virtual and Private Network (VPN). Vic xy dng h thng mng o VPN c ngha ht sc to ln trong cng cuc cch mng mng. VPN ra i dung ha c hai khi nim trn, n c xy dng trn nn tng c sn ca mng Internet, nhng li c c nhng tnh cht ca ca mt mng cc b nh khi s dng cc ng Leased line. VPN cho php thit lp mt knh kt ni hay mt ng hm ring gia h thng cc cng ty cha v con. Gip cho vic truyn ti d liu v trao i thng tin din ra mt cch an ton v hiu qu. V vy, c th ni VPN chnh l s la chn ti u cho cc doanh nghip kinh t. Vi chi ph hp l, VPN c th gip doanh nghip tip xc ton cu nhanh chng v hiu qu hn so vi cc gii php mng din rng WAN. Vi VPN, ta c th gim chi ph xy dng do tn dng c c s h tng cng cng sn c, gim chi ph thng xuyn, mm do trong xy dng. 1.2 Tnh hnh nghin cu thc t Vi s h tr to ln v mt kin thc ca cc thy c gio trong khoa Khoa hc my tnh - Trng i hc Cng nghip H Ni v ngun tri thc v hn t h thng mng Internet. Vic nghin cu v pht trin ti l thc s c h tr v pht huy hiu qu, ton din. Thng qua vic tm hiu cc ti v H thng mng o VPN khc c nghin cu v xy dng. T rt ra c nhng im mnh v hn ch nhng khuyt im trong qu trnh nghin cu thc t. Tuy nhin bn cnh nhng mt thun li l nhng kh khn ln. Mc d h thng mng o c pht trin v xy dng t lu, song vi lng kin thc cn h ch nn vic nghin cu ti cn l mt vn ln. Vic xy dng ti lm sao c th pht huy ht c ngun tri thc ca nhn loi v pht huy ht kh nng ca h thng mng o (VPN) vo thc t cng vic cn ph thuc vo rt nhiu yu t khc na. 1.3 Vn t ra ca ti Xy dng mt h thng mng o c th p dng vo thc t hin nay. Vic xy dng H thng mng o VPN c ngha sng cn trong cc doanh nghip ln, n gip tit kim chi ph v m bo an ninh d liu. Vit Nam, khi nn kinh t cng ang trong thi k pht trin v hi nhp quc t th nhu cu s dng VPN va p ng c cc yu cu v thng tin, va gii quyt c nhng kh khn v kinh t.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

1.4 - Mc ch v ngha 1.4.1 Mc ch VPN l mt mng ring s dng h thng mng cng cng (Thng l Internet) kt ni cc a im hoc ngi s dng t xa vi mt mng LAN tr s trung tm. Thay v dng kt ni tht kh phc tp nh ng dy thu bao s, VPN to ra cc lin kt o c truyn qua Internet gia mng ring ca mt t chc vi a im hoc ngi s dng xa. Gii php VPN (Virtual Private Network) c thit k cho nhng t chc c xu hng tng cng thng tin t xa v a bn hot ng rng (trn ton quc hay ton cu). Ti nguyn trung tm c th kt ni ti t nhiu ngun nn tit kim c chi ph v thi gian. Mc ch ca VPN l vic s dng Internet v tnh ph cp ca n. Tuy nhin, do Internet l ngun thng tin cng cng nn c th c truy cp bi bt k ai, bt k lc no, bt k ni u v vic trao i thng tin trn mng c th b nghe trm, nh cp. S trao i d liu v truy cp bt hp php ca tin tc. Mc ch ca VPN l cung cp tnh nng bo mt d liu, tnh hiu qu v tin cy trong mng trong khi vn m bo tnh cn bng v gi thnh cho ton b qu trnh xy dng mng. VPN c hiu l m rng ca mt mng Intranet c kt ni thng qua mng cng cng nhm m bo an ton v tng hiu qu gi thnh kt ni gia hai u ni. C ch v gii hn bo mt tinh vi cng c s dng m bo tnh an ton cho vic trao i d liu d b nh cp thng qua mt mi trng khng an ton. C ch an ton bao gm nhng khi nim sau y: * Encryption (M ha): M ha d liu l mt qu trnh x l thay i d liu theo mt chun nht nh v d liu ch c th c c bi ngi dng mong mun. c c d liu ngi nhn bt buc phi c chnh xc mt m kha gii m d liu. Theo phng php truyn thng, ngi nhn v gi d liu s c cng mt kha c th gii m v m ha d liu. Lc public-key s dng hai kha, mt kha c xem nh mt public-key (kha cng cng) m bt c ai cng c th dng m ha v gii m d liu. * Authentication (Chng thc): L mt qu trnh x l m bo chc chn d liu s c chuyn n ngi nhn ng thi cng m bo thng tin c nguyn vn. hnh thc c bn Authentication i hi t nht phi tun th vic phi nhp vo Username v Password c th truy cp vo ti nguyn. Trong mt s tnh hung phc tp, s c thm secret-key hoc public-key m ha d liu.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

* Authorization (y quyn): y l qu trnh x l cp quyn truy cp hoc ngn cm vo ti nguyn trn mng sau khi thc hin Authentication. 1.4.2 ngha Vic xy dng h thng mng o VPN da trn h thng mng Internet thc s mang li ngha v kt qu to ln. l vic thit lp dng mng ring trn nn mng cng cng sn c bng c ch m ha, to ra cc ng hm o thng sut v bo mt. Mng ring o ra i p ng nhu cu ca cc doanh nghip mun duy tr mt mng ring kt ni gia cc tr s chi nhnh v cc nhn vin hot ng ngoi cng ty vi mc chi ph thp hot ng n nh v bo mt cao. V c thit lp mt knh ring nn mang tnh bo mt cao v thun tin cho vic trin khai v m rng. - VPN lm gim chi ph thng xuyn: VPN cho php tit kim chi ph thu ng truyn v gim chi ph pht sinh cho nhn vin xa nh vo vic h truy cp vo h thng mng ni b thng qua cc im cung cp dch v a phng POP (Point of Presence), hn ch thu ng truy cp ca nh cung cp dn n gi thnh cho vic kt ni Lan to Lan gim i ng k so vi vic thu ng Leased-Line. - Gim chi ph qun l v h tr: Vi vic s dng dch v ca nh cung cp, chng ta ch phi qun l cc kt ni u cui ti cc chi nhnh mng khng phi qun l cc thit b chuyn mch trn mng. ng thi tn dng c s h tng ca mng Internet v i ng k thut ca nh cung cp dch v t cng ty c th tp trung vo cc i tng kinh doanh. - VPN m bo an ton thng tin, tnh ton vn v xc thc: D liu truyn trn mng c m ho bng cc thut ton, ng thi c truyn trong cc ng hm (Tunnel) nn thng tin c an ton cao. - VPN d dng kt ni cc chi nhnh thnh mt mng cc b: Vi xu th ton cu ho, mt cng ty c th c nhiu chi nhnh ti nhiu quc gia khc nhau. Vic tp trung qun l thng tin ti tt c cc chi nhnh l cn thit. VPN c th d dng kt ni h thng mng gia cc chi nhnh v vn phng trung tm thnh mt mng LAN vi chi ph thp. - VPN h tr cc giao thc mng thng dng nht hin nay nh TCP/IPNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Bo mt a ch IP : thng tin c gi i trn VPN c m ha do cc a ch trn mng ring c che giu v ch s dng cc a ch bn ngoi Internet. 1.5 - Hng tip cn, phm vi v kt qu thc hin 1.5.1 Hng tip cn Tip cn theo cch quy np, i t nhng kin thc c bn rng v su vo tng qut. S dng phng php t nghin cu kt hp vi vic hc hi v trau di t thy c gio thng qua nhng bui gp mt hng dn t xy dng h thng my o hon chnh c th p dng vo thc tin. Tm hiu nhng thng tin v ti trn mng Internet v sch bo c lin quan ti ti thc tp H thng mng o VPN. 1.5.2 Phm vi ti ny c xy dng da trn vic nghin cu ng dng ca cng ngh mng ring o VPN trn nn h iu hnh Windows Server 2008, p dng cho h thng mng ca tr s BHXH tnh Lai Chu. ti i su vo vic lm sao c th xy dng c h thng mng o VPN trn nn my o VMWare, c th p dng vo thc tin cng vic. 1.5.3 Kt qu thc hin Xy dng h thng my o hon chnh, vi cc site v h thng my ch s dng Windows Server 2008 v cc my trm s dng h iu hnh Windows 7 v Windows XP. Sau khi bo v ti ra trng c th s dng ti ny p dng ngay cho thc t cng vic ti n v. 1.6. So snh u nhc im v nhng sai thiu vi nhng ti khc Trong qu trnh tm hiu v xy dng bo co ny chng em c tham kho t nhng trang web, sch bo, t cc thy c gio v vi 2 ti khc cng ni v h thng mng ring o VPN. ti ca tc gi on Thanh Bnh vi ti l n tt nghip i hc v Cng ngh mng ring o VPN, cc giao thc ng hm v bo mt. ti th hai l ca nhm tc gi Phan B Tu, Nguyn Minh Tm, Nguyn Thanh Hng SV trng i hc Quc gia thnh ph H Ch Minh vi ti Virtual Private Network. Qua tm hiu nhng ti trn chng em nhn thy: * u im:1 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

- C 2 ti u rt chi tit v c th, trong ti a ra c cho ngi c nhng khi nim tng quan nht v h thng mng ring o VPN. - Nhng nh ngha v khi nim, cc phng thc bo mt trong qu trnh xy dng mng ring o VPN. * Nhc im: i vi ti ca tc gi on Thanh Bnh th li qu i su vo l thuyt m khng ni ti thc hnh, lm sao c th xy dng c mt h thng mng ring o VPN n gin p dng vo thc t da trn nhng l thuyt c sn. Cn i vi ti ca nhm tc gi trng i hc Quc gia Thnh ph H Ch Minh th c hng dn nhng cha c th. T nhng im trn chng em c gng thu nhn nhng thnh tu ca 2 ti gp phn hon thin quyn n H thng mng o VPN. T chng em a ra nhng u v nhc im trong ti m chng em thc hin. * V u im: - Trong bi bo co chng em c kt c mt s khi nim lin quan ti ti v mt s dch v ng dng trong qun tr mng. - Ngn gn d hiu, trnh bi theo hng ngi s dng v nghin cu. - C hnh nh v hng dn thc hin c th, chi tit. Thng qua bo co ngi c c th t mnh tm hiu v H thng mng o VPN v xy dng c mt s m hnh ng dng. - Vn dng c nhng kin thc trong cc bi bo co khc vo bi ca chng em. * Song bn cnh vn cn mt s khuyt im: - Vic nghin cu ti cn cha thc s su sc. - Vn cn thiu st nhiu v kin thc. - Do lng kin thc cn hn ch nn trong quyn n tt nghip ny chng em vn cha th a ra ht c nhng im hay v d ca h thng mng o VPN. Knh mong thy v cc bn b xung gp . Kt lun chng 1: Qua ni dung ca chng 1 chng ta c th thy c tm quan trng, tnh cp thit ca h thng mng o VPN trong vic sng cn ca cc cng ty, doanh nghip hin nay, n p ng c hu ht nhu cu v vic trao i lin lc v mt hnh chnh, chuyn d liu gia cc chi nhnh cng ty vi nhau.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Tuy nhin bn cnh vic ng dng thc t trin khai h thng mng o VPN vo thc t vn cn kh khn do cn thiu nhn lc cht lng cao trong lnh vc qun tr mng ti cc cng ty, doanh nghip.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Chng 2 - C S L THUYTCm t Virtual Private Network (mng ring o) thng c gi tt l VPN l mt k thut xut hin t lu, tuy nhin n thc s bng n v tr nn cnh tranh khi xut hin cng ngh mng thng minh vi pht trin mnh m ca Internet. Thng qua h thng mng m H thng mng ring o VPN c xy dng v pht trin nhm phc v cho cng vic. Trong chng 2 ny s cp ti nhng c s l thuyt v h thng mng, h tng mng, h iu hnh v nhng dch v mng i km, l nh ngha, nn tng c th xy dng mt h thng mng o VPN hon chnh, p ng c nhu cu cng vic. 2.1 - Tng quan v mng cn bn, qun tr mng, Windows Server 2008, Domain, AD, VPN v mt s dch v mng [1][2] 2.1.1 Tng quan v mng cn bn * nh ngha mng my tnh Mng my tnh l mt tp hp cc my tnh c ni vi nhau bi ng truyn theo mt cu trc no v thng qua cc my tnh trao i thng tin qua li cho nhau. ng truyn l h thng cc thit b truyn dn c dy hay khng dy dng chuyn cc tn hiu in t t my tnh ny n my tnh khc. Cc tn hiu in t biu th cc gi tr d liu di dng cc xung nh phn (on - off). Tt c cc tn hiu c truyn gia cc my tnh u thuc mt dng sng in t. Ty theo tn s ca sng in t c th dng cc ng truyn vt l khc nhau truyn cc tn hiu. y ng truyn c kt ni c th l dy cp ng trc, cp xon, cp quang, dy in thoi, sng v tuyn ... Cc ng truyn d liu to nn cu trc ca mng. Hai khi nim ng truyn v cu trc l nhng c trng c bn ca mng my tnh. * Phn loi mng my tnh Do hin nay mng my tnh c pht trin khp ni vi nhng ng dng ngy cng a dng cho nn vic phn loi mng my tnh l mt vic rt phc tp. Ngi ta c th chia cc mng my tnh theo khong cch a l ra lm hai loi: Mng din rng v Mng cc b. Mng cc b (Local Area Networks - LAN) l mng c thit lp lin kt cc my tnh trong mt khu vc nh trong mt to nh, mt khu nh.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Mng din rng (Wide Area Networks - WAN) l mng c thit lp lin kt cc my tnh ca hai hay nhiu khu vc khc nhau nh gia cc thnh ph hay cc tnh. S phn bit trn ch c tnh cht c l, cc phn bit trn cng tr nn kh xc nh vi vic pht trin ca khoa hc v k thut cng nh cc phng tin truyn dn. Tuy nhin vi s phn bit trn phng din a l a ti vic phn bit trong nhiu c tnh khc nhau ca hai loi mng trn, vic nghin cu cc phn bit cho ta hiu r hn v cc loi mng. 2.1.2 Tng quan v qun tr mng Ngy nay, mng my tnh l mt khi nim tr nn quen thuc vi hu ht tt c mi ngi c bit chim v tr ht sc quan trng vi cc doanh nghip. Vi xu th pht trin mnh m ca h thng mng nh: Mng Internet, h thng thng mi in t, h thng thng tin trong cc c quan, doanh nghip, ... vn qun tr v an ninh mng tr nn ht sc cn thit. Lm th no thit k mt mng my tnh ti u cho tng t chc, doanh nghip v lm th no mng my tnh hot ng tt vi tnh bo mt cao? hng n mt x hi thng tin an ton v c tin cy cao, c th trin khai c cc dch v, tin ch qua mng phc v i sng x hi, chnh tr, qun s, ... th vn qun tr v an ninh mng phi c cn nhc v nh gi ng tm quan trng ca n. * Qun tr mng li (Network Administration) c nh ngha l cc cng vic qun l mng li bao gm cung cp cc dch v h tr, m bo mng li hot ng hiu qu, m bo cht lng mng li cung cp ng nh ch tiu nh ra. * Qun tr h thng (System Administration) c nh ngha l cc cng vic cung cp cc dch v h tr, m bo s tin cy, nng cao hiu qu hot ng ca h thng v m bo cht lng dch v cung cp trn h thng ng nh ch tiu nh ra. Mt nh ngha khi qut v cng tc qun tr mng l rt kh v tnh bao hm rng ca n. Qun tr mng theo ngha mng my tnh c th c hiu khi qut l tp bao gm ca cc cng tc qun tr mng li v qun tr h thng. C th khi qut cng tc qun tr mng bao gm cc cng vic sau: * Qun tr cu hnh, ti nguyn mng: Bao gm cc cng tc qun l kim sot cu hnh, qun l cc ti nguyn cp pht cho cc i tng s dng khc nhau.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

* Qun tr ngi dng, dch v mng: Bao gm cc cng tc qun l ngi s dng trn h thng, trn mng li v m bo dch v cung cp c tin cy cao, cht lng m bo theo ng cc ch tiu ra. * Qun tr hiu nng, hot ng mng: Bao gm cc cng tc qun l, gim st hot ng mng li, m bo cc thit b, h thng, dch v trn mng hot ng hiu qu, n nh. Cc cng tc qun l, gim st hot ng ca mng li cho php ngi qun tr tng hp, d bo s pht trin mng li, dch v, cc im yu, im mnh ca ton mng, cc h thng v dch v ng thi gip khai thc ton b h thng mng vi hiu sut cao nht. * Qun tr an ninh, an ton mng: Bao gm cc cng tc qun l, gim st mng li, cc h thng m bo phng trnh cc truy nhp tri php, c tnh ph hoi h thng, dch v, hoc mc tiu nh cp thng tin quan trng ca cc t chc, cng ty hay thay i ni dung cung cp ln mng vi dng xu. Vic phng chng, ngn chn s ly lan ca cc loi virus my tnh, cc phng thc tn cng DoS lm t lit hot ng mng hay dch v cng l mt phn cc k quan trng ca cng tc qun tr an ninh, an ton mng. c bit hin nay khi nhu cu kt ni ra mng Internet tr nn thit yu th cc cng tc m bo an ninh, an ton c t ln hng u, c bit l vi cc c quan cn bo mt ni dung thng tin cao (ngn hng, cc c quan lu tr, cc bo co in t, tp on kinh t mi nhn, ...). 2.1.3 Tng quan v Windows Server 2008 Microsoft Windows Server 2008 l th h tip theo ca HH Windows Server gip cc chuyn gia CNTT kim sot c c s h tng ti u nht m vn m bo kh nng qun l, tnh sn sng, mi trng my phc v mnh m, n nh v bo mt hn nhiu so vi trc y. Windows Server 2008 mang li gi tr mi cho t chc v mi ngi d ang bt c u cng nhn c y mi dch v ca mng. Windows Server 2008 cng gip hiu bit su sc hn v h iu hnh cng kh nng chn on s c cc nh qun tr mng c nhiu thi gian tp trung to thm gi tr nghip v. Windows Server 2008 da trn s thnh cng v sc mnh ca h iu hnh Windows Server 2003 c khen ngi v trn cc ci tin trong Service Pack 1 v Windows Server 2003 R2. Tuy vy, Windows Server 2008 khng ch ci tin cc h iu hnh trc m c thit k mang li cho t chc mt nn tng c nng sut cao nht phc v cc ng dng, mng v cc dch v Web t nhm lm vic n trung tm d liu, bng tnh nng mi, gi tr v hp dn cng nhng ci tin ln trong h iu hnh c s. * Cc ci tin trong h iu hnh Windows ServerNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Ngoi tnh nng mi, Windows Server 2008 cn c nhiu ci tin ln trong h iu hnh c s so vi Windows Server 2003. Cc ci tin ng ch gm c nhng ci tin v mng, cc tnh nng bo mt nng cao, truy cp ng dng t xa, qun l cc vai tr ca my phc v trung tm, cc cng c gim st tin cy v vn hnh, kt ni server d phng s c/kt ni chuyn dch server khi c s c, trin khai v h thng tp tin. Nhng ci tin ny v nhiu ci tin khc na s gip t chc ti u ho mc linh hot, tnh sn sng v kh nng kim sot cc my phc v ca mnh. * Cc li ch ca Windows Server 2008 Windows Server 2008 mang li li ch trong bn lnh vc chnh:Li ch Web Miu t

Windows Server 2008 mang li kh nng chuyn giao kinh nghim v web phong ph mt cch hiu qu v thc t, nh kh nng qun tr v chn on s c trn mng tt hn, cng c lp trnh v pht trin ng dng tt hn v chi ph b ra .cho c s h tng thp hn n gin ho vic qun l my phc v Web nh c Internet Information Services 7.0, l nn tng lm Web mnh cho ng dng v dch v. Nn tng kiu module ny c giao din qun l theo tc v v n gin, c kh nng kim tra cho mnh hn, ci tin v bo mt v qun l hot ng thng nht .cho mi Web service Cc giao din theo tc v gip n gin ho vic qun l chung cc tc v ca my phc v Web Kh nng sao chp lin site gip bn sao chp thit lp ca trang Web qua nhiu my phc v Web m khng cn cu .hnh thm Qun tr ng dng v site chuyn bit nn bn c th giao quyn kim sot cc phn khc nhau ca my phc v Web .cho ngi cn giao Chuyn giao cc ng dng ton din v linh hot gip ni kt cc ngi dng v d liu li vi nhau, lm cho h c .th o ho, chia s v tc ng ln thng tinNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

o ho

Vi cng ngh o ho my phc v c sn, Windows Server 2008 gip ta gim chi ph, tng tn sut s dng phn cng, ti u ho c s h tng v nng cao tnh sn sng ca .my phc v Nh kh nng o ho c sn trong h iu hnh v chnh sch cp php uyn chuyn hn, n gin hn, nn tn dng c li ch v tit kim chi ph. Tnh nng o ho c sn s o ho nhiu h iu hnh - Windows, Linux v cc h iu .hnh khc trn mt my phc v Truy cp ng dng tp trung v tch hp lin mch cc ng dng phn b t xa. Cc ci tin cn gip kt ni ng dng t xa qua cc tng la khng dng VPN, v th bn c th p .ng yu cu ca ngi dng nhanh chng, d h ang u Cc ty chn trin khai mi c cc phng php trin .khai thch hp cho mi trng ca bn nht .Tng tc vi mi trng sn c Cng ng k thut gii v mnh m h tr kinh .nghim phong ph trong sut vng i sn phm

Bo mt

Windows Server 2008 l my phc v Windows bo mt nht t trc n nay. Nhng ci tin v bo mt v h iu hnh qua ti luyn, gm Network Access Protection, Federated Rights Management v Read-Only Domain Controller c nhiu .cp bo v mng, bo v d liu v cng ty cha tng c Bo v my phc v bng nhng ci tin bo mt lm gim tn cng b mt ca trung tm h iu hnh, nn mi .trng phc v cng bo mt hn v mnh hn Bo v truy cp mng bng Network Access Protection nn c th cch ly cc my tnh khng tun th chnh sch bo mt nh. Kh nng bt buc tun th cc yu cu v bo mt l cng c mnh bo v mng Cc gii php to chnh sch v quy tc thng minh mi gip tng kh nng kim sot v bo v khi ni mng, cho taNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

.mt mng hot ng theo chnh sch Bo v d liu m bo ch ngi dng no c mt m ng mi c truy cp v lun sn sng khi phn cng b hng .hc Chng li cc phn mm c hi bng User Account .Control vi cch xc thc ngi dng mi Tng cng kim sot thit lp ca ngi dng bng Expanded Group PolicySolid Foundation for Business Workloads

Windows Server 2008 l h iu hnh Windows Server mnh nht v linh hot nht t trc ti nay. Vi cc cng ngh v tnh nng mi nh Server Core, PowerShell, Windows Deployment Services, cng ngh ni mng v kt cm my phc v ci tin, Windows Server 2008 mang li nn tng Windows ng tin cy v a nng nht cho mi ng dng v .khi lng cng vic Tng tin cy bng cc ci tin v tin cy tt hn nhm gim thiu tn tht v truy cp, cng vic, thi gian, d .liu v kim sot Qun l c s h tng CNTT n gin ho bng nhng cng c mi c chung mt giao din tp trung mt u mi cu hnh my phc v v gim st, cng nh t ng ho cc tc .v thng ngy Ci t v qun l Windows Server 2008 hp l hn bng cch ch ci t nhng tnh nng v vai tr cn thit m thi. Chuyn bit ho cu hnh my phc v theo nhu cu gip n gin ho vic bo tr v t b tn cng b mt hn v t phi .cp nht phn mm hn Xc nh chnh xc v gii quyt s c hiu qu bng nhng cng c chn on mnh gip nhn thy mi vic ang .xy ra trn my phc v, c o ln trn thc t Tng cng kim sot cc my phc v xa, nh cc chi nhnh chng hn. Vi kh nng qun l my phc v v sao chp d liu ti u, ngi dng c dch v tt hn m nh qun .tr mng cn au u v mt qun lNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

2.1.4 Tng quan v Domain Mt trong nhng khi nim quan trng nht ca mng Windows l domain (tc min hay vng). Mt domain l tp hp cc ti khon ngi dng v ti khon my tnh c nhm li vi nhau qun l mt cch tp trung. V cng vic qun l l dnh cho cc domain controller (B iu khin min) nhm gip ti nguyn c khai thc d dng hn. Domain controller thc s rt quan trng. Trong mng, bt k my trm (workstattion) no ang chy h iu hnh Windows XP cng c mt nhm ti khon ngi dng to sn no . Windows XP thm ch cn cho php bn to mt s ti khon b xung nu thy cn thit. Nu my trm c chc nng nh mt h thng c lp hoc mt phn ca mng ngang hng th ti khon ngi dng mc my trm (c gi l ti khon ngi dng cc b) khng th iu khin truy cp ti nguyn trn mng. Chng ch c dng iu chnh truy cp my cc b v hot ng nh vi chc nng m bo cho qun tr vin c th thc hin cng vic bo dng, duy tr my trm, khng cho php ngi dng cui kh nng can thip vo cc thit lp trn my trm. Ti khon ngi dng cc b trn mt my trm nht nh khng c php iu khin truy cp ti nguyn nm ngoi my trm l n tng thm gnh nng qun l rt ln. Ti khon ngi dng cc b ch nm trn cc my trm ring r. Nu mt ti khon l c chc nng bo mt chnh trong mng, qun tr vin s phi di chuyn vt l ti my tnh c ti khon bt k khi no phi thc hin thay i quyn hn cho ti khon. Vn ny khng gy ra tc ng g ln trong mng nh, nhng s tr nn cc k nng n vi mt mng ln hay khi cn p dng thay i rng cho tt c mi ti khon. Mt l do khc l khng ai mun phi chuyn ti khon ngi dng t my ny sang my khc. Chng hn nu my tnh ca mt ngi dng b ph hoi, ngi khng th ng nhp vo my tnh khc lm vic. V ti khon ca h ch c tc dng trn my c. Nu mun lm c vic ngi phi to ti khon mi trn my khc. Ch l mt trong s rt nhiu l do khin vic s dng ti khon ngi dng cc b cho vic truy cp an ton ti nguyn mng l khng thc t. Thm ch nu bn mun trin khai bo mt ny, Windows cng khng cho php. Ti khon ngi dng cc b ch c th dng ti nguyn cc b trn mt my trm nht nh. Domain c nhim v gii quyt cc vn va nu v mt s vn khc na. Chng s tp trung ha ti khon ngi dng (hay cu hnh khc, cc i tng lin quan n bo mt). iu ny gip vic qun tr d dng hn v cho phpNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

ngi dng ng nhp t bt k my tnh no c trn mng (tr khi bn gii hn quyn truy cp ngi dng). V mt nguyn l, khi mt ngi dng no mun truy cp ti nguyn nm trn 1 my ch (server), ti khon ngi dng mc server s c dng iu khin truy cp. Tuy nhin cn nhiu vn m Domain cung cp cho ngi dng hn na. Mi mt Domain l duy nht, hot ng c lp khng bao gi lp li nhng nguyn tc hot ng ging nhau. Trong domain tch hp thm thnh phn Active Directory (AD) cy th mc qun l v thm nh ngi dng trong Domain. AD hot ng nh mt ni lu tr cc i tng th mc (directory), trong c ti khon ngi dng (user account). V mt trong cc cng vic chnh ca b iu khin tn min l cung cp dch v thm nh. (iu ny s c nghin cu su hn phn sau ca bo co ny). Domain controller cung cp dch v thm nh (Authetication) ch khng phi l dich v cp php (Athoriztion). Tc l, khi mt ngi dng no ng nhp vo mng, mt b iu khin s kim tra tnh hp l ca Username v password h nhp vo c chnh xc v khp vi d liu lu trong my ch hay khng. Nhng domain controller khng ni vi ngi dng h c quyn truy cp ti nguyn no. Ti nguyn trn mng Windows c bo v bi cc danh sch iu khin truy cp (ACL - Acscess Control List). Mt ACL l danh sch ch r ai c quyn lm g. Khi ngi dng c gng truy cp ti nguyn, h a ra nhn dng ca mnh cho my ch cha ti nguyn . My ch s kim tra chc chn rng nhn dng ngi dng ny c thm nh. Sau tham chiu cho n ACL xem ngi dng c quyn lm g. Domain Controller ng vai tr ht sc quan trng trong Windows Server. 2.1.5 Tng quan v AD Active Director l mt dch v th mc (directory service) c ng k bn quyn bi Microsoft, n l mt phn khng th thiu trong kin trc Windows. Ging nh cc dch v th mc khc, chng hn nh Novell Directory Services (NDS), Active Directory l mt h thng chun v tp trung, dng t ng ha vic qun l d liu ngi dng, bo mt v cc ngun ti nguyn c phn phi, cho php tng tc vi cc th mc khc. Thm vo , Active Directory c thit k c bit cho cc mi trng kt ni mng c phn b theo mt kiu no .Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Active Directory c th c coi l mt im pht trin mi so vi Windows 2000 Server v c nng cao, hon thin tt hn trong Windows Server 2003, tr thnh mt phn quan trng ca h iu hnh. Windows Server 2003 Active Directory cung cp mt tham chiu, c gi l directory service, n tt c cc i tng trong mt mng, gm c user, groups, computer, printer, pocicy v permission. Vi ngi dng hoc qun tr vin, Active Directory cung cp mt khung hnh mang tnh cu trc t d dng truy cp v qun l tt c cc ti nguyn trong mng. 2.1.6 Tng quan v VPN [3],[7],[8],[9],[10] a) VPN l g? Mng ring o hay cn c bit n vi t vit tt VPN, y khng phi l mt khi nim mi trong cng ngh mng. VPN c th c nh ngha nh l mt dch v mng o c trin khai trn c s h tng ca h thng mng cng cng vi mc ch tit kim chi ph cho cc kt ni im-im. Mt cuc in thoi gia hai c nhn l v d n gin nht m t mt kt ni ring o trn mng in thoi cng cng. Hai c im quan trng ca cng ngh VPN l ''ring'' v ''o" tng ng vi hai thut ng ting anh (Virtual and Private). VPN c th xut hin ti bt c lp no trong m hnh OSI, VPN l s ci tin c s h tng mng WAN, lm thay i v lm tng thm tch cht ca mng cc b cho mng WAN.

Hnh 2.1: VPN=ng hm + M ho

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Hnh 2.2: M hnh h thng mng o b) Li ch ca VPN em li : * VPN lm gim chi ph thng xuyn: VPN cho php tit kim chi ph thu ng truyn v gim chi ph pht sinh cho nhn vin xa nh vo vic h truy cp vo h thng mng ni b thng qua cc im cung cp dch v a phng POP(Point of Presence), hn ch thu ng truy cp ca nh cung cp dn n gi thnh cho vic kt ni Lan to Lan gim i ng k so vi vic thu ng Leased-Line Gim chi ph qun l v h tr: Vi vic s dng dch v ca nh cung cp, chng ta ch phi qun l cc kt ni u cui ti cc chi nhnh mng khng phi qun l cc thit b chuyn mch trn mng. ng thi tn dng c s h tng ca mng Internet v i ng k thut ca nh cung cp dch v t cng ty c th tp trung vo cc i tng kinh doanh. * VPN m bo an ton thng tin, tnh ton vn v xc thc D liu truyn trn mng c m ho bng cc thut ton, ng thi c truyn trong cc ng hm(Tunnel) nn thng tin c an ton cao. * VPN d dng kt ni cc chi nhnh thnh mt mng cc b Vi xu th ton cu ho, mt cng ty c th c nhiu chi nhnh ti nhiu quc gia khc nhau. Vic tp trung qun l thng tin ti tt c cc chi nhnh l cnNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

thit. VPN c th d dng kt ni h thng mng gia cc chi nhnh v vn phng trung tm thnh mt mng LAN vi chi ph thp. * VPN h tr cc giao thc mng thng dng nht hin nay nh TCP/IP Bo mt a ch IP : thng tin c gi i trn VPN c m ha do cc a ch trn mng ring c che giu v ch s dng cc a ch bn ngoi Internet c) Cc thnh phn cn thit to nn kt ni VPN: User authentication : cung cp c ch chng thc ngi dng, ch cho php ngi dng hp l kt ni vo h thng VPN Address management : cung cp a ch IP hp l cho ngi dng sau khi gia nhp h thng VPN c th truy cp ti nguyn trn mng ni b Data Encryption : cung cp gii php m ha d liu trong qu trnh truyn nhm bo m tnh ring t v ton vn d liu. Key Management: cung cp gii php qun l cc kha dng cho qu trnh m ha v gii m d liu . d) Cc loi VPN: * VPN c chia thnh 2 loi : * VPN Remote Accesss * VPN Site to Site + VPN Intranet + VPN Extranet

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Hnh 2.3: VPN Remote Access * VPN Remote Access VPN Remote Access : Cung cp kt ni truy cp t xa n mt mng Intranet hoc Extranet da trn h tng c chia s. VPN Remote Access s dng ng truyn Analog, Dial, ISDN, DSL, Mobile IP v Cable thit lp kt ni n cc Mobile user. Mt c im quan trng ca VPN Remote Access l: Cho php ngi dng di ng truy cp t xa vo h thng mng ni b trong cng ty lm vic. thc hin c VPN Remote Access cn: C 01 VPN Getway(c 01 IP Public). y l im tp trung x l khi VPN Client quay s truy cp vo h thng VPN ni b. Cc VPN Client kt ni vo mng Internet

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Hnh 2.4: VPN Site to Site * VPN Site - to - Site: VPN Site - to - Site c chia lm hai loi nh l VPN Intranet v VPN Extranet + Intranet VPN : Kt ni vn phng trung tm, cc chi nhnh v vn phng xa vo mng ni b ca cng ty da trn h tng mng c chia s. Intranet VPN khc vi Extranet VPN ch n ch cho php cc nhn vin ni b trong cng ty truy cp vo h thng mng ni b ca cng ty. + Extranet VPN : Kt ni b phn khch hng ca cng ty, b phn t vn, hoc cc i tc ca cng ty thnh mt h thng mng da trn h tng c chia s. Extranet VPN khc vi Intranet VPN ch cho php cc user ngoi cng ty truy cp vo h thng. thc hin c VPN Site - to Site cn C 02 VPN Getway(Mi VPN Getway c 01 IP Public). y l im tp trung x l khi VPN Getway pha bn kia quay s truy cp vo. Cc Client kt ni vo h thng mng ni b. 2.1.7 Mt s dch v mng khc Cng nh cc h iu hnh khc Windows NT cng c nhng u, khuyt im ca n, tuy nhin Windows NT hin nay chinh phc c nhiu ngi dng vi nhng u im khng th chi ci. L h iu hnh mng cho php t chc qun l mt cch ch ng theo nhiu m hnh khc nhau: peer-to-peer, clien/server. N thch hp vi tt c cc kin trc mng hin nay nh: hnh saoNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

(start), ng thng (bus), vng (ring) v phc hp. N c mt s c tnh u vit bo m thc hin cng lc nhiu chng trnh m khng b li. Bn thn Windows NT p ng c hu ht cc giao thc ph bin nht trn mng v cng h tr c rt nhiu nhng dch v truyn thng trn mng. N va p ng c cho mng cc b (LAN) v cho c mng din rng (WAN). Windows NT cho php dng giao thc Windows NT TCP/IP, vn l mt giao thc c s dng rt ph bin trn hu ht cc mng din rng v trn Internet. Giao thc TCP/IP dng tt cho nhiu dch v mng trn mi trng Windows NT. a) Internet Information Server (IIS) Internet Information Server l mt ng dng chy trn Windows NT, tch hp cht vi Windows NT, khi ci t IIS, IIS c a thm vo tin ch mn hnh kim sot (Performance monitor) mt s mc nh thng k s lng truy cp, s trang truy cp. Vic kim tra ngi dng truy cp cng da trn c ch qun l ngi s dng ca Windows NT. Sau khi ci t IIS, trong th mc InetSrv s c cc th mc gc tng ng cho tng dch v chn ci t. IIS bao gm 3 dch v: World Wide Web (WWW), chuyn file (FTP - File Transfer Protocol) v Gopher. C 3 dch v ny u s dng kt ni theo giao thc TCP/IP. * Cc dch v trong IIS +) WWW (World Wide Web) : L mt trong nhng dch v chnh trn Internet cho php ngi s dng xem thng tin mt cch d dng, sinh ng. D liu chuyn gia Web Server v Web Client thng qua nghi thc HTTP (Hypertext Transfer Protocol). Ngi qun tr c th xem cc thng tin nh cc ngi dng truy cp, cc trang c truy cp, cc yu cu c chp nhn, cc yu cu b t chi. thng qua cc file c th c lu di dng c s d liu. +) FTP (File Transfer Protocol) S dng giao thc TCP chuyn file gia 2 my v cng hot ng theo m hnh Client/Server, khi nhn c yu cu t client, u tin FTP Server s kim tra tnh hp l ca ngi dng thng qua tn v mt m. Nu hp l, FTP Server s kim tra quyn ngi dng trn tp tin hay th mc c xc nh trn FTP Server. Nu hp l v h thng file l NTFS th s c thm kim tra mc thNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

mc, tp tin theo NTFS. Sau khi tt c hp l, ngi dng s c quyn tng ng trn tp tin, th mc . +) Gopher L mt dch v s dng giao din menu Gopher Client tm v chuyn bt k thng tin no m Gopher Server c cu hnh. Gopher cng s dng kt ni theo giao thc TCP/IP. b) Dynamic Host Configuration Protocol (DHCP) : Trong mt mng my tnh, vic cp cc a ch IP tnh c nh cho cc host s dn n tnh trng lng ph a ch IP, v trong cng mt lc khng phi cc host hot ng ng thi vi nhau, do vy s c mt s a ch IP b tha. khc phc tnh trng , dch v DHCP a ra cp pht cc a ch IP ng trong mng. Trong mng my tnh NT khi mt my pht ra yu cu v cc thng tin ca TCPIP th gi l DHCP client, cn cc my cung cp thng tin ca TCPIP gi l DHCP server. Cc my DHCP server bt buc phi l Windows NT server. Cch cp pht a ch IP trong DHCP: Mt user khi log on vo mng, n cn xin cp 1 a ch IP, theo 4 bc sau : - Gi thng bo n tt c cc DHCP server yu cu c cp a ch. - Tt c cc DHCP server gi tr li a ch s cp n cho user . - User chn 1 a ch trong s cc a ch, gi thng bo n server c a ch c chn. - Server c chn gi thng bo khng nh n user m n cp a ch. c) Dch v Domain Name Service (DNS) Hin nay trong mng Internet s lng cc nt (host) ln ti hng triu nn chng ta khng th nh ht a ch IP c, Mi host ngoi a ch IP cn c mt ci tn phn bit, DNS l 1 c s d liu phn tn cung cp nh x t tn host n a ch IP. Khi a ra 1 tn host, DNS server s tr v a ch IP hay 1 s thng tin ca host . iu ny cho php ngi qun l mng d dng trong vic chn tn cho host ca mnh DNS server c dng trong cc trng hp sau : Chng ta mun c 1 tn domain ring trn Interner c th to, tch ri cc domain con bn trong n.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Chng ta cn 1 dch v DNS iu khin cc b nhm tng tnh linh hot cho domain cc b ca bn. Chng ta cn mt bc tng la bo v khng cho ngi ngoi thm nhp vo h thng mng ni b ca mnh C th qun l trc tip bng cc trnh son tho text to v sa i cc file hoc dng DNS manager to v qun l cc i tng ca DNS nh: Servers, Zone, Cc mu tin, cc Domains, Tch hp vi Win, . d) Remote Access Service (RAS) Ngoi nhng lin kt ti ch vi mng cc b (LAN) cc ni kt t xa vo mng LAN hin ang l nhng yu cu cn thit ca ngi s dng. Vic lin kt cho php mt my t xa nh ca mt ngi s dng ti nh c th qua ng dy in thoi thm nhp vo mt mng LAN v s dng ti nguyn ca n. Cch thng dng nht hin nay l dng modem c th truyn trn ng dy in thoi. Windows NT cung cp Dch v Remote access Service cho php cc my trm c th ni vi ti nguyn ca Windows NT server thng qua ng dy in thoi. RAS cho php truyn ni vi cc server, iu hnh cc user v cc server, thc hin cc chng trnh khai thc s liu, thit lp s an ton trn mng. Vi nhng kh nng to ln ca mnh trong cc dch v mng, h iu hnh Windows NT l mt trong nhng h iu hnh mng tt nht hin nay. H iu hnh Windows NT va cho php giao lu gia cc my trong mng, va cho php truy nhp t xa, cho php truyn file, va p ng cho mng cc b (LAN) va p ng cho mng din rng (WAN) nh Intranet, Internet. Vi nhng kh nng nh vy hin nay h iu hnh Windows NT c nhng v tr vng chc trong vic cung cp cc gii php mng trn th gii. 2.2 - Pht trin ti Vi qu trnh tm hiu v thc tp v vn mng ring o, th chng ta thy rng vic ng dng n vo pht trin h thng h tng cng ngh thng tin hon ton ph hp vi xu hng v mang tnh sng cn. H thng gip tit kim chi ph, ct gim cc th tc hnh chnh rm r khng cn thit. Vic xy dng ti trong bi thc tp mi ch c ng dng trn h thng my o nn vn cn nhiu tn ti v khc so vi thc t nu a vo trin khai. Tuy nhin ti ny l tin ng dng vo thc t ti nhng c quan, cng s hnh chnh nh nc m ngy nay ang hng ti vn tin hc ha hNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

thng. Cng vi s gip ca cc thy c gio v ngun tri thc t cng ng ng dng cng ngh thng tin trong i sng. ti ny s c tip tc nghin cu v trin khai ti tr s BHXH tnh Lai Chu v Bo him x hi cc huyn th x trong tnh Lai Chu. Kt lun chng 2: Qua chng 2 a ra cho chng ta c nhng nh ngha, khi nim tng quan v vic qun tr mng cng nh nhng ng dng ca chng trong vic trin khai v qun tr h thng mng. Qua chng ta cng c mt ci nhn tng quan v khi nim v h thng mng o VPN, phn loi h thng mng o VPN. t p dng vo thc t.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Chng 3 - CC GIAO THC NG HM VPNHin nay c nhiu gii php gii quyt hai vn v ng gi d liu v an ton d liu trong VPN, da trn nn tng l cc giao thc ng hm. Mt giao thc ng hm s thc hin ng gi d liu vi phn Header (v c th c Trailer) tng ng truyn qua Internet. Giao thc ng hm l ct li ca gii php VPN. C 4 giao thc ng hm c s dng trong VPN l: - Giao thc nh hng lp 2 - L2F (Layer 2 Forwarding) - Giao thc ng hm im-im-PPTP (Point to Point Tunneling protocol) - Giao thc ng hm lp 2 - L2TP (Layer 2 tunneling protocol) - Giao thc bo mt IP - IPSec (Internet Protocol Security) 3.1 Giao thc nh hng lp 2 L2F [4],[6],[12] Giao thc nh hng lp 2 L2F do Cisco pht trin c lp v c pht trin da trn giao thc PPP (Point-to-Point Protocol). L2F cung cp gii php cho dch v quay s o bng cch thit lp mt ng hm bo mt thng qua c s h tng cng cng nh Internet. L2F l giao thc c pht trin sm nht, l phng php truyn thng cho nhng ngi s dng xa truy cp vo mt mng cng ty qua thit b truy cp t xa. L2F cho php ng gi cc gi PPP trong L2F, nh ng hm lp lin kt d liu. 3.1.1 Cu trc gi ca L2F 1bit F 1bi t K 1bit 1bit P 8bit 1bit 3bit 8bit Protocol 8bit Sequence Client ID Offset Key Data

S Reserved

C Version Multiplex ID Length

Ckecksums Hnh 3.1: Khun dng gi ca L2F Trong : F: Trng Offset c mt nu bit ny c thit lp.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

K: Trng Key c mt nu bit ny c thit lp. P_ priority: Gi ny l mt gi u tin nu bit ny c thit lp. S: Trng Sequence c mt nu bit ny c thit lp. Reserved: Lun c t l: 00000000. Version : Phin bn chnh ca L2F dng to gi. 3 bit ny lun l 111. Protocol : Xc nh giao thc ng gi L2F. Sequence: S chui c a ra nu trong L2F Header bit S=1. Multiplex ID: Nhn dng mt kt ni ring trong mt ng hm (tunnel). Client ID: Gip tch ng hm ti nhng im cui. Length: Chiu di ca gi (tnh bng Byte) khng bao gm phn checksum. Offset: Xc nh s Byte trc L2F Header, ti d liu ti tin c bt u. Trng ny c khi bit F=1. Key: Trng ny c trnh by nu bit K c thit lp. y l mt phn ca qu trnh nhn thc. Checksum: Kim tra tng ca gi. Trng checksum c nu bit C=1. 3.1.2 u nhc im ca L2F * u im: - Cho php thit lp ng hm a giao thc. - c cung cp bi nhiu nh cung cp. * Nhc im: - Khng c m ho. - Yu trong vic xc thc ngi dng. - Khng c iu khin lung cho ng hm. 3.1.3 Thc hin L2F L2F ng gi nhng gi lp 2 v trong trng hp ny l ng gi PPP, truyn xuyn qua mt mng. L2F s dng cc thit b: NAS: Hng lu lng n v i t my khch xa (remote client) v gateway home. H thng ERX hot ng nh NAS.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Tunne:l nh hng ng i gia NAS v home gateway. Mt ng hm gm mt s kt ni. Home gateway: Ngang hng vi NAS. Kt ni (connection): L mt kt ni PPP trong ng hm. Trong CLI, mt kt ni L2F c xem nh l mt phin. im ch (Destination): L im kt thc u xa ca ng hm. Trong trng hp ny th Home gateway l im ch.

R A D IU S S e rv e r

T unnel D a ta NAS R e m o te U se r M n g c a IS P H ome g ate w a y M n g ri n g

Hnh 3.2: M hnh c trng L2F 3.1.4 Hot ng ca L2F Hot ng L2F bao gm cc hot ng: thit lp kt ni, ng hm v phin lm vic. Ta xem xt v d minh ho hot ng ca L2F: * Mt ngi s dng xa quay s ti h thng NAS v khi u mt kt ni PPP ti ISP. * H thng NAS v my khch trao i cc gi giao thc iu khin lin kt LCP (Link Control Protocol). * NAS s dng c s d liu cc b lin quan ti tn vng (domain name) hay nhn thc RADIUS quyt nh c hay khng ngi s dng yu cu dch v L2F. * Nu ngi s dng yu cu L2F th qu trnh tip tc: NAS thu nhn a ch ca gateway ch (home gateway).

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

* Mt ng hm c thit lp t NAS ti gateway ch nu gia chng cha c ng hm no. S thnh lp ng hm bao gm giai on nhn thc t ISP ti gateway ch chng li tn cng bi nhng k th ba. * Mt kt ni PPP mi c to ra trong ng hm, iu ny tc ng ko di phin PPP t ngi s dng xa ti home gateway. Kt ni ny c thit lp nh sau: Home gateway tip nhn cc la chn v tt c thng tin nhn thc PAP/CHAP, nh tho thun bi u cui ngi s dng v NAS. Home gateway chp nhn kt ni hay n tho thun li LCP v nhn thc li ngi s dng. * Khi NAS tip nhn lu lng d liu t ngi s dng, n ly gi v ng gi lu lng vo trong mt khung L2F v hng n vo trong ng hm. * Ti home gateway, khung L2F c tch b, v d liu ng gi c hng ti mng cng ty. 3.1.5 Qun l L2F Khi h thng thit lp nhng im ch, nhng ng hm tunnel, v nhng phin kt ni ta phi iu khin v qun l lu lng L2F nh sau: * Ngn cn to nhng im ch, nhng ng hm tunnel, nhng phin mi. * ng v m li tt c hay chn la nhng im ch, nhng ng hm tunnel, nhng phin lm vic. * C kh nng kim tra tng UDP. * Thit lp thi gian ri cho h thng v lu gi c s d liu vo ca nhng ng hm v nhng kt ni. S thay i mt im ch lm nh hng ti tt c nhng ng hm v phin ti im ch ; S thay i mt ng hm lm nh hng ti tt c cc phin trong ng hm . 3.2 Giao thc ng hm im-im PPTP [4],[6],[12],[8] Giao thc ng hm imim PPTP c a ra u tin bi mt nhm cc cng ty c gi l PPTP Forum. Nhm ny bao gm 3 cng ty: Ascend, Microsoft, ECI Telematicsunication v US Robotic. tng c s ca giao thc ny l tch cc chc nng chung v ring ca truy cp t xa, li dng c s h tng Internet sn c to kt ni bo mt gia ngi dng xa (client) v mng ring. Ngi dng xa ch vic quay s ti nh cung cp dch v Internet a phng l c th to ng hm bo mt ti mng ring ca h.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Giao thc PPTP c xy dng da trn chc nng ca PPP, cung cp kh nng quay s truy cp to ra mt ng hm bo mt thng qua Internet n site ch. PPTP s dng giao thc bc gi nh tuyn chung GRE (Generic Routing Encapsulation) c m t li ng gi v tch gi PPP, giao thc ny cho php PPTP mm do x l cc giao thc khc khng phi IP nh: IPX, NETBEUI. Do PPTP da trn PPP nn n cng s dng PAP, CHAP xc thc. PPTP c th s dng PPP m ho d liu nhng Microsoft a ra phng thc m ho khc mnh hn l m ho im im MPPE (Microsoft Point- to- Point Encryption) s dng cho PPTP. Mt u im ca PPTP l c thit k hot ng lp 2 (lp lin kt d liu) trong khi IPSec chy lp 3 ca m hnh OSI. Bng cch h tr vic truyn d liu lp th 2, PPTP c th truyn trong ng hm bng cc giao thc khc IP trong khi IPSec ch c th truyn cc gi IP trong ng hm. 3.2.1 Kin trc ca PPTP

PP P

PP P

G i th m i u t ha

G i th x c i u t th c

Bcg i h n tu c u g y n hn

Hnh 3.3: Kin trc ca PPTP a) PPP v PPTP PPP tr thnh giao thc quay s truy cp vo Internet v cc mng TCP/IP rt ph bin hin nay. Lm vic lp lin kt d liu trong m hnh OSI, PPP bao gm cc phng thc ng, tch gi cho cc loi gi d liu khc nhau truyn ni tip. c bit, PPP nh ngha hai b giao thc: giao thc iu khin lin kt LCP (Link Control Protocol) cho vic thit lp, cu hnh v kim tra kt ni; Giao thc iu khin mng NCP (Network Control Protocol) cho vic thit lp v cu hnh cc giao thc lp mng khc nhau.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

PPP c th ng cc gi IP, IPX, NETBEUI v truyn i trn kt ni imim t my gi n my nhn. vic truyn d liu c th din ra th mi PPP phi gi gi LCP kim tra cu hnh v kim tra lin kt d liu. Khi mt kt ni PPP c thit lp th ngi dng thng c xc thc. y l giai on tu chn trong PPP, tuy nhin n lun lun c cung cp bi cc ISP. Vic xc thc c thc hin bi PAP hay CHAP. Vi PAP mt khu c gi qua kt ni di dng vn bn n gin v khng c bo mt trnh khi b tn cng th v li. CHAP l mt phng thc xc thc mnh hn, CHAP s dng phng thc bt tay 3 chiu. CHAP chng li cc v tn cng quay li bng cch s dng cc gi tr thch (challenge value) duy nht v khng th on trc c. CHAP pht ra gi tr thch trong sut v sau khi thit lp xong kt ni, lp li cc thch c th gii hn s ln b t vo tnh th b tn cng. PPTP c thit k da trn PPP to ra kt ni quay s gia khch 43ung v my ch truy cp mng. PPTP s dng PPP thc hin cc chc nng: - Thit lp v kt thc kt ni vt l. - Xc thc ngi dng. - To cc gi d liu PPP. PPP thit lp kt ni, PPTP s dng cc quy lut ng gi ca PPP ng cc gi truyn trong ng hm. tn dng u im ca kt ni to ra bi PPP, PPTP nh ngha hai loi gi: Gi iu khin; Gi d liu v gn chng v 2 knh ring l knh iu khin v knh d liu. Sau PPTP phn tch cc knh iu khin v knh v knh d liu thnh lung iu khin vi giao thc TCP v lung d liu vi giao thc IP. Kt ni TCP c to gia client PPTP v my ch PPTP c s dng tryn thng bo iu khin. Cc gi d liu l d liu thng ca ngi dng. Cc gi iu khin c gi theo chu k ly thng tin v trng thi kt ni v qun l bo hiu gia client PPTP v my ch PPTP. Cc gi iu khin cng c dng gi cc thng tin qun l thit b, thng tin cu hnh gia hai u ng hm. Knh iu khin c yu cu cho vic thit lp mt ng hm gia client PPTP v my ch PPTP. Phn mm client c th nm my ngi dng t xa hay nm ti my ch ca ISP.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

M n g ri n g o V P N

M n g ri n g o c b o v

C lie n t

C o m p u te r

C o m p ute r

In te rne tT ru y c p t x a c a IS PC lie n t

M y chC o m p u te r

T i u p h n p h i m i tr n g T iu IP T i u m i tr n g k h u n g T iu G R E G i ti P P P G i d li u,IP X N E T B E U I IP , K h u n g E th e rn et

Hnh 3.4: Cc giao thc s dng trong mt kt ni PPTP ng hm c thit lp th d liu ngi dng c truyn gia client v my ch PPTP. Cc gi PPTP cha cc gi d liu IP. Cc gi d liu c ng gi bi tiu GRE, s dng s ID ca Host cho iu khin truy cp, ACK cho gim st tc d liu truyn trong ng hm. PPTP hot ng lp lin kt d liu, nn cn phi c tiu mi trng truyn trong gi bit gi d liu truyn trong ng hm theo phng thc no? Ethernet, Frame Relay hay kt ni PPP?

M i tr n g

IP

GRE

PPP

T i P P P

Hnh 3.5 : bc gi PPTP/ GRE PPTP cng c c ch iu khin tc nhm gii hn s lng d liu truyn i. C ch ny lm gim ti thiu d liu phi truyn li do mt gi. b) Cu trc gi ca PPTP *ng gi d liu ng hm PPTP D liu ng hm PPTP c ng gi thng qua nhiu mc: ng gi khung PPP, ng gi cc gi GRE, ng gi lp lin kt d liu. Cu trc gi d liu c ng gi

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

T i PP P c T i u T i u T i u T i u P hn ui m ho li n k t d liIP u G R E P P P (IP, IP X N E T B E U I n k t d li u , ) li

Hnh 3.6: Cu trc gi d liu trong ng hm PPTP + ng gi khung PPP Phn ti PPP ban u c mt m v ng gi vi phn tiu PPP to ra khung PPP. Sau , khung PPP c ng gi vi phn tiu ca phin bn sa i giao thc GRE. i vi PPTP, phn tiu ca GRE c s i mt s im sau: Mt bit xc nhn c s dng khng nh s c mt ca trng xc nhn 32 bit. Trng Key c thay th bng trng di Payload 16bit v trng nhn dng cuc gi 16 bit. Trng nhn dng cuc goi Call ID c thit lp bi PPTP client trong qu trnh khi to ng hm PPTP.-

Mt trng xc nhn di 32 bit c a vo.

GRE l giao thc cung cp c ch chung cho php ng gi d liu gi qua mng IP. + ng gi cc gi GRE Tip , phn ti PPP c m ho v phn tiu GRE c ng gi vi mt tiu IP cha thng tin a ch ngun v ch cho PPTP client v PPTP server. + ng gi lp lin kt d liu Do ng hm ca PPTP hot ng lp 2 Lp lin kt d liu trong m hnh OSI nn lc d liu IP s c ng gi vi phn tiu (Header) v phn kt thc (Trailer) ca lp lin kt d liu. V d: Nu IP datagram c gi qua giao din Ethernet th s c ng gi vi phn Header v Trailer Ethernet. Nu IP datagram c gi thng qua ng truyn WAN im ti im th s c ng gi vi phn Header v Trailer ca giao thc PPP. * X l d liu ng hm PPTP Khi nhn c d liu ng hm PPTP, PPTP client hay PPTP server s thc hin cc bc x l:-

X l v loi b phn Header v Trailer ca lp lin kt d liu.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

-

X l v loi b IP Header. X l v loi b GRE Header v PPP Header. Gii m hoc/v gii nn phn PPP payload nu cn thit. X l phn payload nhn hoc chuyn tip.

* S ng gi PPTP

IP

IP X

N e tB E U I

N D IS N D IS W A N

PPTP

L2T P

A sy n c

X.2 5

IS D N

T i u T i P P P cP h n u i T i u T li n k tT i u i u m ho li n k t IP G R E P P P (IP, IP X N E T B E)U I d li u , d li u

Hnh 3.7: S ng gi PPTP

c) ng hm PPTP cho php ngi dng v ISP c th to ra nhiu loi ung hm khc nhau. Ngi dng c th ch nh im kt thc ca ng hm ngay ti my tnh ca mnh nu c ci PPTP, hay ti my ch ca ISP (my tnh ca ISP phi h tr PPTP). C hai lp ng hm: ng hm t nguyn v ng hm bt buc. ng hm t nguyn: c to ra theo yu cu ca ngi dng. Khi s dng ng hm t nguyn, ngi dng c th ng thi m mt ng hm bo mt thng qua Internet v c th truy cp n mt Host trn Internet bi giao thc TCP/IP bnh thng. ng hm t nguyn thng c s dng cung cp tnh ring t v ton vn d liu cho lu lng Intranet c gi thng qua Internet. ng hm bt buc c to ra khng thng qua ngi dng nn n trong sut i vi ngi dng. im kt thc ca ng hm bt buc nm my chNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

truy cp t xa. Tt c d liu truyn i t ngi dng qua ng hm PPTP u phi thng qua RAS. Do ng hm bt buc nh trc im kt thc v ngi dng khng th truy cp phn cn li ca Internet nn n iu khin truy nhp tt hn so vi ng hm t nguyn. Nu v tnh bo mt m khng cho ngi dng truy cp Internet cng cng th ng hm bt buc ngn khng cho h truy cp Internet cng cng nhng vn cho php h thng qua Internet truy cp VPN (ngha l ch cho truy cp v c cc site trong VPN m thi). Mt u im na ca ng hm bt buc l mt ung hm c nhiu im kt ni. c tnh ny lm gim yu cu bng thng cho cc ng dng a phin lm vic. Mt khuyt im ca ng hm bt buc l kt ni t RAS n ngi dng nm ngoi ng hm nn d b tn cng.M n g ri n g

C lie n t

C om p u te r

C o m p ute r

In te rn e tC lie n t

M y chC o m p u te r

n g h m t n g u y n

C o m p u ter

C o m p uter

C o m p u te r

C o m pu te r

In te rn e tM y chC o m p uter

M y ch ng hm bt bucC o m pu te r

M n g ri n g c bo v

Hnh 3.8 : ng hm bt buc v ng hm t nguyn

M n g ri n g c bo v

S dng RADIUS cung cp ng hm bt buc c mt vi u im l: Cc ng hm c th c nh ngha v kim tra da trn xc thc ngi dng v tnh cc da vo s in thoi, cc phng thc xc thc khc nh th bi (token) hay th thng minh (smart card). d) Xc thc ngi dng quay s t xa (RADIUS)1 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

RADIUS (Remote Authentication Dial-In User Service) s dng kiu client/ server chng nhn mt cch bo mt v qun tr cc kt ni mng t xa ca cc ngi dng trong cc phin lm vic. RADIUS client/server s dng my ch truy cp mng NAS qun l kt ni ngi dng. Ngoi chc nng ca my ch truy cp mng n cn c mt s chc nng cho RADIUS client. NAS s nhn dng ngi dng, thng tin v mt khu ri chuyn n my ch RADIUS. My ch RADIUS s tr li trng thi xc thc l chp nhn hay t chi d liu cu hnh cho NAS cung cp dch v cho ngi dng. RADIUS to mt c s d liu tp trung v ngi dng, cc loi dch v sn c, mt di modem a chng loi. Trong RADIUS thng tin ngi dng c lu trong my ch RADIUS. RADIUS h tr cho my ch Proxy, l ni lu gi thng tin ngi dng cho mc ch xc thc, cp quyn v tnh cc, nhng n khng cho php thay i d liu ngi dng. My ch Proxy s nh k cp nht c s d liu ngi dng t my ch RADIUS. RADIUS c th iu khin vic thit lp mt ng hm, n cn phi lu cc thuc tnh ca ng hm. Cc thuc tnh ny bao gm: giao thc ng hm c s dng (PPTP hay L2TP), a ch ca my ch v mi trng truyn dn trong ng hm c s dng. Khi kt hp ng hm vi RADIUS, c t nht 3 tu chn cho xc thc v cp quyn: - Xc thc v nhn cp quyn mt ln ti RAS t ti cui ng hm. - Xc thc v nhn cp quyn mt ln ti RAS t ti cui ng hm v c gng chuyn p ng ca RADIUS n u xa ca ng hm. - Xc thc ti hai u ca ng hm. Tu chn th nht c tin cy rt km do ch yu cu mt mnh ISP iu khin tin trnh truy cp mng. Tu chn th hai c tin cy trung bnh, n ph thuc cch RADIUS tr li xc thc. Tu chn th ba c tin cy cao v lm vic tt nu nh s dng my ch Proxy RADIUS. e) Xc thc v m ho Cc client PPTP c xc thc cng tng t nh cc client RAS c xc thc t my ch PPP. Microsoft h tr xc thc CHAP, PAP, MS-CHAP. MSCHAP s dng hm bm MD4 to th bi thch t mt khu ca ngi dng. PAP v CHAP c nhc im l c hai da trn mt khu lu ti my u xa v ti my cc b. Nu nh my tnh b iu khin bi k tn cng t mng th mt khu s thay i. Vi PAP v CHAP khng th gn cc c quyn truy cp mng khc nhau cho nhng ngi dng khc nhau ti cng mt my tnh xa. Bi v khi cpNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

quyn c gn cho mt my tnh th mi ngi dng ti my tnh u c c quyn truy cp mng nh nhau. Vi PPTP th d liu c m ho theo m ha im-im ca Microsoft MPPE (Microsoft point-to-Point Encryption). Phng thc ny da trn chun RSA RC4, giao thc iu khin nn CCP (Compression Control Protocol) c s dng bi PPP tho hip vic m ho. MS-CHAP c dng kim tra tnh hp l ngi dng u cui ti tn min Windows NT.M n g rin g c b o v

C om puter

C om puter

InternetM y ch M y ch tru y cp m n gC lie n t

C om puter

LANPPP GRE PPP IP, IP X, N E T B E U I IP, IP X, N E T B E U I GRE PPP IP, IP X, N E T B E U I

D liu

Hnh 3.9: M ho gi trong PPTP

D liu

D liu

f) ng hm kt ni LAN-LAN Giao thc PPTP nguyn thu ch tp trung h tr cho vic quay s kt ni vo mt mng ring thng qua mng Internet, nhng ng hm kt ni LAN-LAN khng c h tr. Mi n khi Microsoft gii thiu my ch nh hng v truy cp t xa (Routing and Remote Access Server) cho NT server 4.0 th mi h tr ng hm kt ni LAN-LAN. K t cc nh cung cp khc cng cung cp cc my ch tng thch vi PPTP c h tr ng hm kt ni LAN-LAN. ng hm kt ni LAN-LAN din ra gia hai my ch PPTP, ging nh IPSec dng 2 cng ni bo mt kt ni 2 mng LAN. Tuy nhin, do kin trc PPTP khng c h thng qun l kho nn vic cp quyn v xc thc c iu khin bi CHAP hoc thng qua MS-CHAP. to ng hm gia hai site, my ch PPTP ti mi site s c xc thc bi PPTP site kia. Khi my ch PPTP tr thnh client PPTP ca my ch PPTP u bn kia v ngc li, do mt ng hm t nguyn c to ra gia hai site.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

M n g ri n g c bo v

M n g ri n g oc bo v

C o m p u te r C o m p u te r C o m p u te r

C o m p u te r

I n te r n e tM y ch PPTP M y ch PPTPC o m p u te r

C o m p u te r

LAN

LAN

Hnh 3.10 : ng hm kt ni LAN-LAN Do ng hm PPTP c th c ng gi bi bt k giao thc mng no c h tr (IP, IPX, NETBEUI), ngi dng ti mt site c th truy cp vo ti nguyn ti site kia da trn quyn truy cp ca h. iu ny c ngha l cn phi c site qun l m bo ngi dng ti mt site c quyn truy cp vo site kia. Trong Windows NT mi site s c min bo mt ring v cc site phi thit lp mt mi quan h tin cy gia cc min cho php ngi dng truy cp vo ti nguyn ca cc site. 3.2.2 S dng PPTP Tng qut mt PPTP VPN yu cu phi c: mt my ch truy cp mng dng cho phng thc quay s truy cp bo mt vo VPN, mt my ch PPTP, v PPTP client.C lient PPT P C lient PPT P

K t ni C lient-L A N

N AS

C om puter

C om puter

C om puter

Com puter

InternetM y ch M y ch mngPPT P mng PPT P K t ni B tp trung L A N A N truy cp mng P PTP -LC om puter

Com puter

M ng ring c bo v

M ng ring c bo v

C lient PPT P

Hnh 3.11: Cc thnh phn c bn ca mt VPN s dng PPTP Cc my ch PPTP c th t ti mng ca cng ty v do mt nhm ngi ca cng ty qun l nhng NAS phi do ISP h tr. a) My ch PPTPNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

My ch PPTP thc hin hai chc nng chnh l: ng vai tr l im kt ni ca ng hm PPTP v chuyn cc gi n t ng hm ti mng LAN ring. My ch PPTP chuyn cc gi n my ch bng cch x l gi PPTP c a ch mng ca my tnh ch. My ch PPTP cng c kh nng lc gi bng cch s dng lc gi PPTP. Lc gi PPTP c th cho php my ch ngn cm, ch cho php truy cp vo Internet , mng ring hay c hai. Thit lp mt my ch PPTP ti site mng gy nn mt gii hn nu nh my ch PPTP nm sau tng la. PPTP c thit k sau cho ch c mt cng TCP/IP (1723) c s dng chuyn d liu i. S khim khuyt ca cu hnh cng ny c th lm cho tng la d b tn cng hn. Nu nh tng la c cu hnh lc gi th phi thit lp n cho php GRE i qua. Mt thit b khc c khi xng nm 1998 bi hng 3Com c chc nng tng t my ch PPTP c gi l chuyn mch ng hm. Mc ch ca chuyn mch ng hm l m rng ng hm t mt mng n mt mng khc, tri rng ng hm t mng ca ISP n mng ring. Chuyn mch ng hm c th c s dng ti tng la lm tng kh nng qun l truy cp t xa vo ti nguyn ca mng ni b, n c th kim tra cc gi n v v, giao thc ca cc khung PPP hoc tn ca ngi dng t xa. b) Phn mm client PPTP Nu nh cc thit b ca ISP h tr PPTP th khng cn phn cng hay phn mm no cho cc client, ch cn mt kt ni PPP chun. Nu nh cc thit b ca ISP khng h tr PPTP th mt client Win NT (hoc phn mm tng t) vn c th to kt ni bo mt bng cch: u tin quay s kt ni ti ISP bng PPP, sau quay s mt ln na thng qua cng PPTP o c thit lp client. Client PPTP c sn Win NT, Win 9x v cc h iu hnh sau ny. Khi chn client PPTP cn phi so snh cc chc nng ca n vi my ch PPTP c. Khng phi tt c cc phn mm client PPTP u h tr MS-CHAP, nu thiu cng c ny th khng th tn dng c u im m ho trong RRAS. c) My ch truy cp mng RAS My ch truy cp mng NAS cn c tn gi khc l My ch truy cp t xa (Remote Access Services) hay b tp trung truy cp (Access Concentrator). NAS cung cp kh nng truy cp ng dy da trn phn mm v c kh nng tnh cc v c kh nng chu ng li ti ISP POP. NAS ca ISP c thit k cho php mt s lng ln ngi dng c th quay s truy cp vo cng mt lc.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Nu mt ISP cung cp dch v PPTP th cn phi ci mt NAS cho php PPTP, h tr cc client chy trn cc nn khc nhau nh Unix, Windows, Macintosh. Trong trung hp ny, my ch ISP ng vai tr nh mt client PPTP kt ni vi my ch PPTP ti mng ring v my ch ISP tr thnh mt im cui ca ng hm, im kt thc cn li l my ch ti u mng ring. 3.2.3 Kh nng p dng trong thc t ca PPTP PPTP l mt gii php tm thi v hu ht cc nh cung cp u c k hoch thay th PPTP bng L2TP khi m giao thc ny c chun ho. PPTP thch hp cho quay s truy cp vi s lng ngi dung gii hn hn l cho VPN kt ni LANLAN. Mt vn ca PPTP l x l xc thc quyn ngi dng thng qua Windows NT hay thng qua RADIUS. My ch PPTP cng qua ti vi mt s lng ngi dng quay s truy cp hay mt lu lng ln d liu tryn qua, m iu ny l mt yu cu ca kt ni LAN LAN. Khi s dng VPN PPTP m c h tr thit b ca ISP th mt s quyn qun l phi chia s cho ISP. Tnh bo mt ca PPTP khng mnh bng IPSec. Tuy nhin, qun bo mt trong PPTP li n gin hn. 3.3 Giao thc ng hm lp 2 - L2TP [4],[6],[12] Giao thc ng hm lp 2 L2TP l s kt hp gia hai giao thc PPTP v L2F- chuyn tip lp 2. PPTP do Microsoft a ra cn L2F do Cisco khi xng. Hai cng ty ny hp tc cng kt hp 2 giao thc li v ng k chun ho ti IETF. Ging nh PPTP, L2TP l giao thc ng hm, n s dng tiu ng gi ring cho vic truyn cc gi lp 2. Mt im khc bit chnh gia L2F v PPTP l L2F khng ph thuc vo IP v GRE, cho php n c th lm vic mi trng vt l khc. Bi v GRE khng s dng nh giao thc ng gi, nn L2F nh ngha ring cch thc cc gi c iu khin trong mi trng khc. Nhng n cng h tr TACACS+ v RADIUS cho vic xc thc. C hai mc xc thc ngi dng: u tin ISP trc khi thit lp ng hm, Sau l cng ni ca mng ring sau khi kt ni c thit lp. L2TP mang c tnh ca PPTP v L2F. Tuy nhin, L2TP nh ngha ring mt giao thc ng hm da trn hot ng ca L2F. N cho php L2TP truyn thng qua nhiu mi trng gi khc nhau nh X.25, Frame Relay, ATM. Mc d nhiu cng c ch yu ca L2TP tp trung cho UDP ca mng IP, nhng c th thit lp mt h thng L2TP m khng cn phi s dng IP lm giao thc ng hm. Mt mng ATM hay frame Relay c th p dng cho ng hm L2TP.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

Do L2TP l giao thc lp 2 nn n cho php ngi dng s dng cc giao thc iu khin mt cch mm do khng ch l IP m c th l IPX hoc NETBEUI. Cng ging nh PPTP, L2TP cng c c ch xc thc PAP, CHAP hay RADIUS. Mc d Microsoft lm cho PPTP tr nn cch chn la ph bin khi xy dng VPN bng cch h tr giao thc ny sn c trong h iu hnh Windows nhng cng ty cng c k hoch h tr thm L2TP trong Windows NT 4.0 v Windows 98. 3.3.1 Dng thc ca L2TP Cc thnh phn chc nng ca L2TP bao gm: giao thc im-im, ng hm, h thng xc thc v m ho. L2TP c th s dng qun l kho tng thm bo mt. Kin trc ca L2TP nh hnh v:PP P L2T P

G oth cE P ia S

G oth cA ia H

G i th i u t m h o

G i th i u t x cth c

DI O

Q lk o un h

Hnh 3.12: kin trc ca L2TP a) PPP v L2TP L2TP da trn PPP to kt ni quay s gia client v my ch truy cp mng NAS. L2TP s dng PPP to kt ni vt l, tin hnh giai on xc thc ban u, to gi d liu PPP v ng kt ni khi kt thc phin lm vic. Sau khi PPP to kt ni xong, L2TP s cc nh NAS ti site chnh c chp nhn ngi dng v sn sng ng vai tr l im kt thc ca ng hm cho ngi dng . Sau khi ng hm c thit lp, L2TP s ng cc gi PPP ri truyn ln mi trng m ISP gn cho ng hm . L2TP c th to nhiu ng hm gia NAS ca ISP v my ch mng, gn nhiu phin lm vic cho ng hm. L2TP to ra cc s nhn dng cuc gi (Call ID) cho mi phin lm vic v chn vo tiu L2TP ca mi gi ch ra n thuc phin lm vic no?1 Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

Ta c th thc hin chn v gn mt phin lm vic ca ngi dng vo mt ng hm thay v ghp nhiu phin lm vic vo mt ng hm, vi cch ny cho php gn cc ngi dng khc nhau vo cc mi trung ng hm tu theo cht lng dch v.M n g rin g o V P N M n g ri n g oc bo v

C lie n t

C o m pu ter

C om puter

Intern etT ru y c p t x a c a IS PC lie n t

M y chC om puter

T i u p h n p h i m i tr n g (IP, A T MX.2 5) , T iu m i tr n g k h u n g T i u IP G i t i P P P K h u n g E th e rn e t

G i d li u, IP X, N E T B E U I IP

Hnh 3.13: cc giao thc s dng trong mt kt ni L2TP Ging nh PPTP, L2TP cng nh ngha hai loi thng bo l thng bo iu khin v thng bo d liu. Thng bo iu khin c chc nng iu khin vic thit lp, qun l v gii phng phin lm vic trn ng hm. Thng bo iu khin cng cho ta bit tc truyn v tham s ca b m iu khin lung cc gi PPP trong mt phin lm vic. Tuy nhin, L2TP truyn c hai loi thng bo ny trn cng gi d liu UDP v chung trn mt lung. Do L2TP lm vic lp th hai- lp lin kt d liu trong m hnh OSI nn trong thng bo d liu L2TP bao gm tiu mi trng ch ra ng hm lm vic trong mi trng no? Tu thuc vo ISP m mi trng c th l Ethernet, X.25, Frame Relay, ATM, hay lin kt PPP.

M i tr n g

L2T P

PPP

T i PPP

Hnh 3.14: Bc gi L2TP L2TP cung cp c ch iu khin lung gia NAS (hay b tp trung truy cp L2TP_ LAC (L2TP Access Concentrator)) v my ch ca mng ring (hay my ch mng L2TP _LNS ( L2TP network Server) ). b) Cu trc gi d liu L2TPNhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

*ng gi d liu ng hm L2TP ng hm d liu L2TP c thc hin thng qua nhiu mc ng gi. Hnh v ch ra cu trc cui cng ca d liu ng hm L2TP trn nn IPSec.T i u T i P P PP h n u P h n u Pi h n u i T i u i T i u E S P T i u T i u T i u IP X (IP, , E S P n h n th c EliPn k t li n k t S d li u IP IP S e c U D P L2T P P P P N e tB E) U I IP S e c IP S e c d li u c m ho c x c th c

Hnh 3.15: Cu trc gi d liu trong ng hm L2TP Do ng hm L2TP hot ng lp 2 ca m hnh OSI- lp lin kt d liu nn cc IP datagram cui cng s c ng gi vi phn header v trailer tng ng vi k thut lp ng truyn d liu ca giao din vt l u ra. V d, khi cc IP datagram c gi vo mt giao din Ethernet th Ipdatagram ny s c ng gi vi Ethernet header v Ethernet Trailer. Khi cc IP datagram c gi trn ng truyn WAN im-ti-im (chng hn ng dy in thoi hay ISDN, ) th IPdatagram c ng gi vi PPP header v PPP trailer. * X l d liu ng hm L2TP trn nn IPSec Khi nhn c d liu ng hm L2TP trn nn IPSec, L2TP client hay L2TP server s thc hin cc bc sau: - X l v loi b header v trailer ca lp ng truyn d liu. - X l v loi b IP header. - Dng IPSec ESP Authentication xc thc IP payload v IPSec ESP header. - Dng IPSec ESP header gii m phn gi mt m. - X l UDP header v gi gi L2TP ti lp L2TP.- L2TP x l Tunnel ID v Call ID trong L2TP header xc nh

ng hm L2TP c th. - Dng PPP header xc nh PPP payload v chuyn tip n ti dng giao thc x l. * S ng gi L2TP trn nn IPSec S ng gi L2TP qua kin trc mng t mt VPN client thng qua mt kt ni VPN truy cp t xa s dng mt modem tng t nh hnh v:Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

IP S e c

IP

IP X

N e tB E U I

N D IS N D IS W A N

PPTP

L2T P

A s y n c X.2 5

IS D N

T i u T i P P PP h n u P h n u Pi h n u i T i u i Tt i u E S P T i u T i u T i u IP X (IP, , E S P n h n th c E liPn k t li n k S IP IP S e c U D P L2T P P P P N e tB E)U I IP S e c d li u d li u IP S e c c m ho c x c th c

Hnh 3.16: S ng gi L2TP

c) ng hm L2TP L2TP s dng nhng lp ng hm tng t nh PPTP, tu theo ngi s dng l client PPP hay client L2TP m s dng ng hm l t nguyn hay bt buc. ng hm t nguyn c to ra theo yu cu ca ngi dng cho mc ch c th. Khi s dng ng hm t nguyn th ngi dng c th ng thi m ng hm bo mt thng qua Internet, va c th truy cp vo mt host bt k trn Internet theo giao thc TCP/IP bnh thng. im kt thc ca ng hm t nguyn nm my tnh ngi dng. ng hm t nguyn thng c s dng cung cp tnh ring t v ton vn d liu cho lu lng Intranet gi thng qua Internet.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

M n g ri n g

C lie n t2T P L

C o m p uter

C om puter

In te rn e tC lie n t2T P L

M y ch m n g 2T P L

C om puter

ng hm t n g u y n P (L2T )

C om pute r

C om puter

C om pute r

C om puter

In tern e tM y ch m n g 2T P LC om puter

M y ch m n g 2T P L n g h m b t b(L2T P uc )C om pu ter

M n g ri n g c bo v

Hnh 3.17: Cc ng hm t nguyn v bt buc

M n g ri n g c b o v

ng hm bt buc c to t ng khng cn bt k hnh ng no t pha ngui dng v khng cho php ngi dng chn la. Do ng hm bt buc c to ra khng thng qua ngi dng nn n trong sut i vi ngi dng u cui. ng hm bt buc nh trc im kt thc, nm LAC ca ISP v nn kiu ng hm ny iu khin truy cp tt hn so vi ng hm t nguyn. Nu nh v tnh bo mt m khng cho ngi dng truy cp vo Internet cng cng nhng vn cho php s dng Internet truy nhp VPN. Mt u im ca ng hm bt buc l mt ng hm c th ti nhiu kt ni, iu ny lm gim bng thng mng cho cc ng dng a phin lm vic. Mt khuyt im ca ng hm bt buc l kt ni t LAC n ngi s dng nm ngoi ng hm nn b tn cng. Mc d ISP c th chn cch thit lp tnh nh ngha ng hm cho ngi dng, nhng iu ny gy lng ph ti nguyn mng. C cch khc cho php s dng ti nguyn hiu qu hn bng cch thit lp ng hm ng. Nhng ng hm ng ny c thit lp trong L2TP bng cch kt ni vi my ch RADIUS.

1

Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

RADIUS c th iu khin vic thit lp mt ng hm th n cn phi lu cc thuc tnh ca ng hm. Cc thuc tnh ny bao gm: giao thc ng hm c s dng (PPTP hay L2TP), a ch ca my ch v mi trng truyn dn trong ng hm c s dng. S dng my ch RADIUS thit lp ng hm bt buc c mt s u im nh:-

Cc ng hm c th c nh ngha v kim tra da trn xc thc Tnh cc th da trn s in thoi hoc cc phng thc xc thc

ngi dng. khc. d) Xc thc v m ha trong L2TP Qu trnh xc thc ngi dng trong L2TP in ra trong 3 giai on: giai on 1 din ra ti ISP, giai on 2 v giai on 3 (tu chn) in ra my ch ca mng ring. Trong giai on u, ISP s dng s in thoi ca ngi dng hoc tn ngi dng xc nh dch v L2TP c yu cu v khi to kt ni ng hm n my ch mng ring. Khi ng hm c thit lp, LAC ca ISP ch nh mt s nhn dng cuc gi (Call ID) mi nh danh cho kt ni trong ng hm v khi to phin bng cch chuyn thng tin xc thc n my ch ca mng ring. My ch ca mng ring s tin hnh tip bc th 2. Giai on 2, my ch ca mng ring quyt nh chp nhn hay t chi cuc gi. Cuc goi t ISP chuyn n c th mng thng tin CHAP, PAP hay bt k thng tin xc thc no, my ch s da vo cc thng tin ny quyt nh chp nhn hay t chi. Thng tin cuc gi c chp nhn th my ch c th khi ng giai on th 3 ca qu trnh xc thc (ti lp PPP), y l giai on tu chn. bc ny xem nh my ch xc thc mt ngi dng quay s truy cp vo thng my ch. Kt qu ca 3 giai on ny cho php ngi dng, ISP v my ch ca mng ring xc nh c tnh chnh xc ca cuc gi nhng vn cha bo mt cho d liu. vic xc thc trong L2TP hiu qu th cn phi phn phi kho. Mc d phn phi bng tay c th kh thi trong mt s trng hp nhng v c bn th cn phi c mt giao thc qun l kho. e) ng hm kt ni LAN-LAN Mc ch ban u ca L2TP l quay s truy cp VPN s dng client PPP, nhng L2TP cng thch hp cho kt ni LAN-LAN trong VPN.Nhm SV: Trn Ngc H o Duy m Nguyn Th Thu Trang

1

ng hm kt ni LAN-LAN c thit lp gia hai my ch L2TP nhng t nht mt trong 2 my ch phi c kt ni ti ISP khi to phin lm vic PPP. Hai my ch ng vai tr va l LAC, va l LNS v c th khi to hay kt thc ng hm khi cn.M n g ri n g c b o v M n g r i n g oc bo v

C o m p u te r C o m p u te r C o m p u te r

C o m p u te r

In te r n e tM y ch L2T P M y ch L2T PC o m p u te r

C o m p u te r

LAN

LAN

Hnh 3.18: ng hm kt ni LAN-LAN f) Qun l kho Khi h