Overview of IAS Deployment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use IAS to provide authentication and authorization for dial-up, VPN, wireless, and authenticating switch access to your network. For example, organizations that outsource network access and perform joint ventures with other organizations require the authentication of user accounts from outside of the private network. In addition, organizations that provide outsourcing services, such as Internet service providers (ISPs), require remote user connection accounting so that they can charge subscribers.
Windows Server 2003 IAS enables you to centralize authorization, authentication, and accounting for remote access clients, enhancing the security of your network. Windows Server 2003 IAS works with other standards-based implementations of the Remote Authentication Dial-In User Service (RADIUS) protocol, so that you can use it with any standards-compliant RADIUS client, server, or proxy server.
Windows Server 2003 IAS is included in Microsoft® Windows® Server 2003, Standard Edition; Windows® Server 2003, Enterprise Edition; and Windows® Server 2003, Datacenter Edition. IAS is not provided with Microsoft® Windows® Server 2003, Web Edition. In addition, Windows Server 2003, Standard Edition, limits some IAS features. For more information, see "Concepts for IAS" later in this chapter.
Windows Server 2003 IAS provides the following solutions for organizations that require secure network access:
Compatibility with RADIUS servers and clients from any vendor that meets the specifications outlined in RFCs 2865, 2866, and 2869.
Integration with the Active Directory® directory service. IAS allows you to take advantage of Active Directory for user authentication, authorization, and client configuration, thus reducing management costs.
Use of standards-based strong authentication methods for network access.
Management of network access that is outsourced to an ISP. IAS allows you to create an agreement between your organization and the ISP in which the ISP can charge a roaming user’s department for that employee’s network usage. In this way, each employee does not need to submit an expense statement or create a roaming account to connect to the corporate network remotely.
Dynamic key management for wireless access points as a means to increase network security.