|16 Dec 2009||#1|
| || |
Understanding and Set Up of Remote Access to your WHS
Hi, I’m Sean Daniel, and I’m a Program Manager who works on Windows Home Server and Windows Small Business Server. I am one of the team members that works on Remote Access, and I wanted to blog today about setting up and understanding remote access in Windows Home Server, as well as call out a few “gotchas” to be careful of.
Let’s start with the basics.
Windows Home Server provides so many functions for the local network, it’s easy to overlook that it also provides an extended set of features for when you’re not at home. While Windows Home Server attempts to make this set up process as easy as possible, but some users still hit issues that the Home Server can’t predict.  I’ll address those issues at the end of this post.
Understanding Remote Access
Before we set up remote access, let’s take a second to understand what’s going on. Think, for a second, as the Internet as similar to the “snail-mail” postal service. When you’re sending a letter, you need an address to send it to. That address has a street address, a city, a zip-code and a country. This is much like an Internet Address, it has a host name (similar to street address) a city/zip (similar to a domain name), and a country (similar to the .com or .co.uk) which all complete the domain name. Think of a postal look-up book, DNS (Domain Name Services) will tell you where on the Internet to find the exact location of your server.
Furthermore, like your house having doors and windows, computers have “ports” that indicate if you’re going to go in the side door, a window, or the front door, etc. When you browse on the internet, if you have HTTP:// before your address, you are using the public/front door of your house (on the server, this is referred to as port 80). If you have HTTPS:// before your domain address, you’re using the secure side door of your house (on the server, this is referred to port 443). In order for your external person to find and get into your house, you have to make sure they have your address (a domain name), and know which door to go in (the port). Then you also have to make sure there are no fences or walls in the way of that door (or inside the network, we call these firewalls). If the address is correct, and the firewalls are open, you need only come up to the house and ask to come in. Think of Home Server as your automated butler, which answers the door each time someone comes in and asks “who are you?” If the person provides sufficient evidence that you trust them (a username and password), the Butler automatically lets them into your home. Make sense so far? Good.
Setting up Remote Access on the Home Server
Let’s get down to business and set up Remote Access on the Home Server. As hinted above, this will make a number of changes to your home server and your network:
(1) It will register your server in the global DNS services using Windows Live, thus giving your computer a friendly address such as hostname.homeserver.com. This is like you saving your aunts address into your GPS and just clicking Aunt May to get to her house. There is no need for you to actually remember the full address, just “Aunt May’s House”. This is what you are doing when you register your server with the DNS services.
(2) Home Server will attempt to remove any walls to the specific ports the home server provides remote access to. It does this by making a UPnP call to your router and attempts to open the ports on the firewall and point them to your home server
(3) Home Server, for local network protection, also has a local Windows Firewall; this firewall is configured to allow those same ports through to your home server. As a note here, the Windows Firewall also allows a lot more “stuff” through to the server on the local network for media streaming, and client/server communication. Think of these as the doors to the dining room, living room, etc. They shouldn’t be changed without consulting someone who knows the structure of your home server!
With these three steps, the intention is to allow requests from anywhere on the Internet to find your home server, and pass through the layers of security (your router firewall, and your Windows Firewall) to the secure remote access solution provided by home server. Once there, the Home Server will serve up files, and remote access to PCs that are turned on, and any potential OEM value or add-ins you installed on your server that are remotely available, such as media streaming applications.
To set up remote access, simply open the Windows Home Server Dashboard, and select Settings, in the top right hand corner. In the list that opens, select the Remote Access settings:
Select the Turn On button. When you do this, the Home Server will attempt to configure your router via UPnP as we mentioned above. It will attempt to forward ports 80 (for http access), 443 (for https access) and 4125 (for access to your PCs through the home server). Port 4125 is specifically used for remote PC access. If you’re a networking guru, you’ll notice that nothing is actually listening on port 4125, until you tell the server to connect to a specific computer in your home, thus ensuring a secure computing environment for your home.
Now you’ll want to register your server and obtain a domain name. By default, Windows Home Server comes with a single domain provider called “Windows Live Custom Domains”, but your OEM may have provided additional options, you can try either to see which works best for you. I’m going to talk about the Windows Live one as this is a generic solution on all home servers. Once you sign up, you are provided with a HostName on the .homeserver.com domain name, such as HostName.homeserver.com, this will be the Internet address of your Home Server. You will require a LiveID to complete this step. The reason LiveID is used is we secure the updates to your home server using a LiveID and password. You wouldn’t want a random person changing this, so we make sure it’s securely updated! Next you have to choose a HostName. This is unique in the whole world, of all the people who own home servers. So don’t be surprised if your first name or last name isn’t available! You may have to get creative.
Specifically with the Windows Live domain service, you also obtain a certificate for securing the information across the Internet. The certificate is like a key to your home. It works slightly differently, but essentially it ensures that your information is secured with 1024-bit security. This is a similar level of security that many big businesses use for securing their data! Additionally, home server forces you to send all data over this connection, so you can’t mistakenly send it un-encrypted over the Internet.
When you finish this wizard, the HostName of your choice is pointed at your routers Internet facing IP address, the specific ports are open in your router, and you should be able to access your home server using the secure certificate encrypting all of your data.
That’s the basics, there is definitely more to learn about networking in general and we can go deeper under the covers. You can always get more help on the Windows Home Server Forums. Additionally, I run my own blog that touches on home and small business related technologies at http://whs.seandaniel.com.
|My System Specs|
|Similar help and support threads for2: Understanding and Set Up of Remote Access to your WHS|
|Access 2007, need help understanding an install error.||Microsoft Office|
|Infection Of Windows Through Remote Access/Remote Desktop||System Security|
|Remote Access Help||Network & Sharing|
|Remote Access||Network & Sharing|
|Remote Access||Network & Sharing|
|Remote access||Network & Sharing|
|Remote Access Win 7 --> Win XP SP3||Network & Sharing|