Remote Access Server Architecture

The architecture of the remote access server consists of the following elements, as illustrated in Figure 7.7:

  • The NDIS wrapper, Ndis.sys, providing the NDIS packet-level interface to protocols, such as TCP/IP, IPX, NetBEUI, and AppleTalk.

  • The NDISWAN driver, Ndiswan.sys, is an intermediate NDIS driver that provides an IEEE 802.3 miniport interface to protocol drivers and a protocol interface to WAN miniport drivers. NDISWAN provides framing, compression, and encryption services for remote access connections.

  • WAN miniport drivers are NDIS miniport drivers that contain the necessary code to operate the dial-up equipment. In order to use an adapter supporting WAN media, such as ISDN or ATM with Windows 2000 remote access, the adapter vendor must create a WAN miniport driver.

  • Remote access components are a series of libraries that provide the Remote Access Service (RAS) programming interface for applications, PPP protocols (link control, authentication, and network control protocols), and so on. Remote access components can communicate directly with the NDISWAN driver or by accessing the Telephony API (TAPI).

  • TAPI components are a series of libraries that provide a call control programming interface for all TAPI-aware applications. TAPI components communicate directly with the NDISWAN driver to manage connections. For more information about TAPI in Windows 2000, see "Telephony Conferencing and Integration" in this book.


Figure 7.7 Remote Access Architecture in Windows 2000

Connections are established by remote access clients that call the RAS programming interface, which in turn uses TAPI to pass call connection information to the dial-up equipment. Once the physical connection is made, TAPI is no longer used and additional remote access components negotiate the connection with link, authentication, and network control protocols by communicating directly with NDISWAN.

Once a remote access connection is established, protocol drivers can communicate over that connection using standard NDIS calls like NdisSend(). NdisSend() calls for dial-up connections are forwarded to NDISWAN, which then determines the appropriate device and port, performs compression and encryption, provides PPP framing, and then forwards the completed frame to the WAN miniport driver. The WAN miniport driver then forwards the frame to the dial-up adapter.

All inbound remote access client connections, initiated by remote access clients to the remote access server, are represented as a single adapter called the RAS server interface. For each outbound remote access client connection, initiated by the remote access server, a separate interface is created.

To accept calls, the remote access server instructs each WAN miniport driver to indicate when it goes into a line-up state. When the call is placed, the WAN miniport driver passes the line-up state indicator up through NDISWAN to the TAPI components. TAPI returns a call handle to NDISWAN to be used to refer to the physical connection, and then NDISWAN and the remote access components negotiate the rest of the remote access connection.