Windows Vista is supposed to have included a number of new
networking features designed to make it faster, more robust, easier to manage
and safer. Now, how many of these functions and features would you encounter
readily and how do they affect the productivity of your users? In this article,
we'll look at these aspects with focus on both wired and wireless worlds. We
are looking at how
Vista
behaves on the network as well as how it presents the network and its resources
to you as a user or administrator.
|
Network profiles
One of the first things you'd notice when you fire up the network center
(or the network list applet) is that there seem to be more than one configured
network on your system, even if you have just one Ethernet adapter. Before we go
ahead to see what these are, let's get a couple of concepts cleared. In Win
XP, after you've browsed to a couple of file shares, you'll notice shortcuts
to them appear in your 'My Network Places' folder. Now, that happens with
Vista
too.
In addition to this,
Vista
saves connection/route information too to that resource. This is based on a
combination of your
network adapter (may be wired or wireless) MAC address and your gateway. The
connection shortcuts (Win XP) you are currently familiar with, help navigate
quickly to that resource. But these new ones let you manage your route to that
resource. If you are not somehow satisfied with the performance of the
connection, you could simply move it selectively to another connection or
gateway. This way, you can utilize your network connections more effectively.
While it is easy to connect to WLANs, it does not let you connect simultaneously to more than one WLAN |
Some of these profiles are classified under the managed or
unmanaged categories, although as the system administrator, you can manage all
of them. When you use the Properties dialog from the context menu for a
connection, you get the option to manage the sessions on that network profile.
These sessions can be wired, wireless or a mix of both. Using the 'Move To'
option on the Manage dialog, you can assign a connection to another network
profile. Here, connections are listed by their NetBIOS or DNS name, the MAC
address of its gateway and the status of that connection. If a profile does not
have any active connections, its boxes would be blank and show 'Not
connected' against them.
This happens because of
Vista
's ability to isolate the routing tables on a per-session basis. This
isolation can also take care of keeping separate the routing tables for the
Intranet and WAN links from those meant for the Internet, thereby increasing
security.
Wireless
The Win XP's ability to create and use multiple wireless
profiles remains in
Vista
too; but with a difference in the how and where it is. For instance, to get
there, you need to go again to the
Network
Center
and use the 'Manage wireless networks' option there. Initially of course,
the screen you get would have no networks listed, because you haven't added
any to your wireless profiles configuration. To configure them, use the wizard
that opens with the 'Add' button on the toolbar above. The wizard is fairly
simple and straightforward for a Windows user. The exciting thing about this
wizard is the ability to create a temporary connection to a network if you want
to quickly give someone a file (as when your visiting speakers are copying over
their presentations or demos to your file server)-for this you would use the
'Create ad hoc network' option from the wizard's first screen. In
either case, you need to have the SSID and network security key handy. You can
right-click on a connection after you've created it and select 'Move up'
or 'Move down' to change its priority when more than one of them is
available. Connecting to or disconnecting from them later is a matter of
right-clicking on the connection and selecting the appropriate option.
There is already a download available for Win XP called
'VirtualWiFi' (http://research.microsoft.com/netres/projects/virtualwifi/)
that lets users of Win XP connect simultaneously to several wireless networks.
We expected a similar functionality in
Vista
, but it does not exist (yet).
A small issue we noticed with our wireless connections
especially is its penchant frequently disconnecting from even strong networks.
We presume that this happens because of the traffic it generates due to active
polling for 'Internet connectivity detection' on the wireless channel or
because this is still a beta. Because of this, when you open some networking
related virtual folders where wireless is a part, the system will hang
frequently while connections are broken and re-established. Several times to
finish configuration actions, we had to disable the wireless adapter, make the
changes and re-enable to get to the end.
Use the network profiles feature to segregate your connections and keep the traffic between them different for better security |
Network maps
Vista
includes a new control panel item called 'Network Map'. In order for this
to work, you need to have the 'Link-Layer Topology Discovery Mapper I/O
Driver' installed and enabled (done by default) on atleast one network adapter
on the
Vista
system. It takes a while to draw the map, but when it eventually
finishes, you will see a graphical view of how the particular system is
connected on the network and in particular, how it reaches the Internet. It will
show devices it could not determine the role of (like a new router or gateway
that's been added somewhere without a particular role to play) as items it
could not classify, at the bottom of the window. Items it could not decipher to
be systems, switches/routers or gateway devices are shown as 'unknown'. You
can right-click on your system and on the Internet icon to perform actions (like
manage your PC or fire up IE to browse the Internet). You also get an 'Open'
option for devices in the list below the map-which has items that
Vista
could not determine the location of in the map. Selecting this (Open) allows
you to browse that device if possible.
Invisible improvements
As per what's documented on the Microsoft TechNet website, improvements
have been made to the way TCP/IP works. The stack has been rewritten for better
performance in high-latency and high-loss environments. It has the ability to
recognize spurious and duplicate packets and acknowledge them selectively,
thereby saving on bandwidth as well as decreasing required response times to
legitimate packets. Better detection of network errors, time outs and the
ability to check if a designated gateway is up or down (using ARP messages) is
also part of the new protocol package. We will carry an update later on how well
this works in a typical deployment scenario.
Vista lets you create new VPN connections easily. But you can't locate the created connection later to connect to this resource |
What's new in IPv6
As with improvements in the IPv4 layer, the IPv6 stack has also been
rewritten. Now, IPv6 is everywhere in Windows, and all the interfaces that let
you manage aspects of the network-where you could traditionally only manage
IPv4 information-you can now manage IPv6 information as well. The protocol is
also installed and enabled by default on the system, and setup to receive
automatic IP address allocation.
Teredo, the technology that enables IPv6 communications
over IPv4 and NAT'ed connections is another component that's installed and
enabled by default in
Vista
. Up to now, IPv6 could only be configured using the NETSH CUI. With
Vista
, administrators get the ability to configure the protocol using GUI from the
same connection properties dialog box. IPv6 supports IPsec with full IKE and AES
encryption and IPv6 over PPP connections. Also, the DHCP client in
Vista
supports IPv6 to acquire IPv6 addresses from a DHCP server.
The Windows Firewall that's a part of Vista includes
support to filter IPv6 traffic as well.IPv6 interface IDs if assigned in
sequence can open up a potential gateway for attack once one or two IPv6 enabled
systems on your network have been compromised, since the attacker may be able to
guess other interface IDs on your network and compromise those systems as well.
The way out is to have non-sequential interface IDs across the LAN. This is
achieved by
Vista
, which will automatically generate a random ID when it is acquiring the address
from a DHCPv6 server, for the local IPv6 interfaces.
Better diagnostics
The current version of the 'Repair' option previously available on
network connection items comes labeled 'Diagnose'. Selecting this invokes a
diagnostic (at present users have no way of knowing what it is checking from the
displayed UI) that scans for what problems there might be. Conditions checked
include: IP address, gateway status, incorrect DNS settings, what required ports
are in use, status of media (Ethernet cables, etc) connections and if
sufficient memory is available.
Once the problem has been detected,
Vista
repairs what can be fixed. If it cannot find anything to fix (perhaps the
condition is beyond its abilities to correct), it throws up options to the user.
Sometimes, what is displayed can be buggy and confusingfor instance, two
identical options on the same dialog-this mostly happens in situations like
you have network access but Vista cannot determine why your Internet
functionality is down.
Vista can map how your system is connected to the LAN and the Internet. Multiple routes out to the networks are also shown |
VPN
Creating a VPN connection seems pretty straight forward. All you need to do
is open the Network Center and click on the Create New link on the left and
follow the steps after selecting 'Create a VPN Connection' from the first
screen. But, after that there seems to be no way at the present time to find
this connection you created and actually connect to it. In Win XP, one would
find the connection easily under the Network Connections folder. In
Vista
, this screen seems to list only LAN and WLAN connections. Therefore again,
we're forced to wait for an update to
Vista
to tell you more about
Vista
's usability with VPN connections.
Remote desktop
There are a few new features in
Vista
's Remote Desktop
connectivity. These are all useful for the enterprise user. First up, you cannot
save your connection credentials in the RDP session file. Therefore, no one who
got accidental access to an open
unattended system can fire up a remote desktop session and use remote resources.
Local devices such as disk drives, printers and serial
ports were already usable;
Vista
adds clipboard and smart cards. If you're using USB devices, those can be
selected and shared too. One problem is you cannot logon to a system that
does not require authentication, since the program will keep prompting you for
credentials.
Now, even though you can share your clipboard with the
remote system, you will find that a number of times, you cannot copy or paste
files between the two systems. To resolve this, you need to also share the local
drive (with the remote system) that contains your temporary folder. This folder
is defined in the TEMP, TMP or USERPROFILE environment variables or is taken to
be %SYSTEMROOT%\Temp.
Now, you may not want to share out a sensitive drive, so it
is advisable to locate your temporary folder on a separate partition and share
that out instead. With all these levels of control, we missed the ability that
would let you share out only particular drives or folders with the remote
system, instead of the whole drive as happens.
Next time, we shall examine the ways in which
Vista
will let you manage applications and software and their updates on the system.
Sujay V Sarma