Network Computingwww.networkcomputing.com

The Hawk lacks the RASCAL's and CommPlete's detailed real-time reporting capabilities. Although the product's GUI presents all of the information on the main screen, the inability to correlate user names with ports or to gather historical information lessens management utilization. In addition, statistics logging is not present in the Hawk 2290, making management difficult for determining utilization. The documentation, however, lists all of the events that are logged to system and application log, which aids troubleshooting.

The Hawk's testing ability was unique to the devices we tested. Testing runs on either an Octal Communication Device (OCD) or a single Communication Device (CD), or you can test the entire system with a keystroke. The Hawk will also gather T1 robbed bit signaling statistics, such as bit error rate, loss of signal and severely errored seconds. The tests are disruptive, taking the system out of service. However, the tests' thoroughness should provide early warning of failure, which warrants the occasional 30 minutes of downtime.

After the initial installation, the comprehensive test ensures that everything is connected and communicating properly. This test exercises the main control processor on each card, the secondary control processor and the digital signal processor for each mode m, and the communication with the T1 card over the MVIP ribbon cable. The results are logged to the Event Log, in addition to the management console, for viewing.

Mike Fratto can be reached at mfratto@nwc.com.

NT RAS: Ready For Enterprise Remote Access?
Everything but the kitchen sink seems to be the theory behind adding more capabilities to NT, and RAS is no different. Vanilla NT 4.0 offers enough functionality to connect most PPP dial-up users, authenticate them against NT Domain and pass the proper addressing to the client. If you are running a Wintel shop, many of the OS limitations aren't important because of the integration on the Windows platforms. Non-Windows PPP clients may require more work to connect authentication and PPP sessions because the cli ents don't support many of the PPP extensions, such as VJ Compression. Additionally, the NT architecture and intrinsic limitations in the PC platform work against the movement to place RAS into the position of enterprise remote access.

The Routing and RAS (RRAS) update and the NT Options pack address some of the outstanding issues, and NT 5.0 should address even more, but is it enough to push NT RAS into the enterprise? Authenticating users is limited to PAP (Password Authentication Protocol) or MS-CHAP (Microsoft's version of the Challenge Handshake Authentication Protocol). Domain users can be authenticated only against a PDC (Primary Domain Controller) using MS-CHAP. PAP is performed against the local database. RRAS relieves some of the problems associated with authentication by adding RADIUS client functionality, and the option pack adds a RADIUS server, but this entails managing a separate user database.

We ran into some odd problems during testing. To get RAS running, we hacked the registry in two instances. To force RAS to only use PAP authentication, we deleted two keys. The problem is RAS tries to authenticate with MS-CHAP, then drops to PAP. Older clients will try to negotiate MS-CHAP

as CHAP, and the authentication will fail. Windows NT will drop the connection without dropping back to PAP. Changing the authentication sequence in NT 5 to allow PAP is a possible solution.

Redundancy and fault tolerance are largely outside of Microsoft's control. The PC architecture, while fine for workstations and servers running applications, wasn't made for typical remote-access demands. Expansion cards are inserted into the server, configured and left alone. However, remote-access servers are notorious for needing extra care and feeding. If a modem fails and the card needs to be replaced, the entire server must be dropped while the hardware is swapped and the server brought back online. Adding new software to NT requires a rather complex dance to reapply service packs and hot fixes. Minimum downtime can e asily amount to over an hour.

The use of the service packs and hot fixes becomes an exercise in patience. Alter system components, and you have to reapply Service Pack 3 to overwrite any old files, update RRAS to overwrite SP3 files, apply the hot fix to overwrite some RRAS files and copy RASTAPI.DLL back to the winnt\system32 directory to stabilize RRAS.