4 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork
The DEN Solution
DEN is a solution to several challenges from which both enterprise admin-
istrators and software vendors suffer. Administrators and vendors are
faced with the following issues:
■
How to integrate new e-business systems
■
How to incorporate service level agreements for specific users
■
How to apply and manage policies
■
How to integrate management “islands” (i.e., separate network
administration units and separate network management systems)
■
How to get interoperability from systems right out of the box
■
How to achieve advanced services that are applicable network-wide
DEN solves these issues with the definition of a directory service,
shown in Figure 1.2, which can manage:
■
Integration of e-business systems, media, devices, and protocols
■
Incorporation of service levels into the management of users and
applications
■
Application and management of policies
■
Integration of extensible management applications into the direc-
tory to centralize the network management
■

archy for a directory service, but opposes limitations by defining extensi-
bility. When DEN is used, multiple vendors will not experience conflicts
between their schemas, and network device configuration and management
can be performed through the use of the directory service.
In the DEN policy server model, network devices will use standard pro-
tocols to access the network, such as Domain Name System (DNS) and
Dynamic Host Configuration Protocol (DHCP). The network devices will
access servers or hosts to attempt a network transaction, which will check
the directory service (whether it is stored locally, or on other servers) for
any policies that may apply.
If a policy does apply to the network transaction, the policy is applied
and the transaction is permitted with whatever alterations the policy
requires, or denied based on the policy, as shown in Figure 1.3.
www.syngress.com
Figure 1.2
Directory-enabled networking architecture.
Directory service
Distributed storage
Application A
Application B
Application C
Application D
Directory Report
Users can access
directory for use
of applications
Report can be generated from directory
with integrated information
71_BCNW2K_01 9/10/00 12:27 PM Page 5
6 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork

Directory
Service
Stored Policy
Policy
management
application
Yes
Policy
Management
71_BCNW2K_01 9/10/00 12:27 PM Page 6
Developing a Windows 2000 and Cisco Internetwork • Chapter 1 7
overhead. If the executive holds a spontaneous videoconference without
notifying the administrator, then he or she will not receive the expected
performance and will be disappointed that the business objective was not
met by the QoS product. All of this is a recipe for failure.
The type of network environment in which a QoS product using IP
addresses for policy definition will work well is a static environment in
which the IP addresses, host names, and traffic types rarely change. With
the rate of change of technology today, this type of network is rare.
A DEN-based QoS product can resolve this issue. A DEN-based QoS
product potentially can attach a user’s account dynamically to his or her
computer’s IP address at logon, and statically attach the QoS policy to the
user’s account. Going back to our videoconferencing executive, he or she
would log on to the network and would already have a VideoConference
QoS policy attached to his or her user account (the policy having been cre-
ated by the administrator and assigned to the user account). At logon, this
policy would dynamically be assigned to the IP address the executive had
at that moment. The administrator never needs to be involved except for
the initial definition of the QoS policy, and the executive always receives
the QoS needed for his or her videoconferences, regardless of where he or

tiple routers in an internetwork, the IOS proves to be versatile in addition
to being scalable from small offices to large enterprise internetworks. IOS
supports standard network protocol stacks and media types, including (but
not nearly limited to):
■
Transmission Control Protocol/Internet Protocol (TCP/IP)
■
Internetwork Packet Exchange/Sequenced Packet Exchange
(IPX/SPX)
■
AppleTalk
■
Ethernet
■
Token Ring
■
Frame Relay
■
Integrated Services Digital Network (ISDN)
■
Asynchronous Transfer Mode (ATM)
Cisco’s IOS is the operating system that Cisco routers, switches, and
access servers use to boot up. To enhance access services, routing, and
bridging, the IOS supports a full set of security features—encryption,
authentication, access control, packet filtering, and firewall services. The
IOS is upgradeable as Cisco releases new versions. Each version includes
new capabilities and network services. These new services meet enter-
prises’ business requirements for new technology. The IOS can support
and grow with an organization’s needs.
www.syngress.com

would absolutely require lengthy passwords that change on a frequent
basis. A designer must be aware of these types of issues and be prepared
to make decisions based on business requirements. The network designer
should make recommendations that are sensible for the environment, even
if the organization might want something a little different. In the security
versus usability requirements, for example, the network designer could
recommend using DEN-compliant systems where all user account informa-
tion was held in a single database for the entire internetwork, thus
requiring users to need only a single password. Then again, the designer
could recommend that the users are trained on having longer passwords
using numbers and characters (rather than alphabet-only), and suggest
that a policy be put in place to force the users to change the passwords on
a 60- or 90-day basis. This may not be the most usable system, but it is a
fair compromise!
Cisco provides a free tool (yes, FREE!) called Cisco ConfigMaker that a
network designer can use when designing an internetwork. Cisco
www.syngress.com
71_BCNW2K_01 9/10/00 12:27 PM Page 9
10 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork
ConfigMaker which is an application that runs on Windows 95, Windows
98, Windows NT, or Windows 2000 (on Windows 2000, you should install
the Windows NT version). ConfigMaker is downloadable from
www.cisco.com/go/configmaker, and is shown in Figure 1.4.
ConfigMaker is straightforward, allowing the network designer to con-
figure a small- to medium-size network, or begin the basic design for an
enterprise wide area network, or a section of a large network that does not
utilize the enterprise 7x00 series routers that are not listed within the
ConfigMaker tool. Each new version adds new equipment and features, but
the latest version 2.4 supports Cisco routers from the 800 through the
4000 series, switches, hubs, voice equipment, modems, ISDN, and other

free download at www.cisco.com/go/faststep.
www.syngress.com
Figure 1.5
ConfigMaker router slot configuration.
71_BCNW2K_01 9/10/00 12:27 PM Page 11