《物联网专业英语教程》课件第4章

Unit4UbiquitousNetworkandVPNs[58]TextAHowUbiquitousNetworking

WillWork？[65]TextBVPNs[74]参考译文泛在网是如何工作的？

1.IntroductiontoHowUbiquitousNetworkingWillWork

Mobilecomputingdeviceshavechangedthewaywelookatcomputing.LaptopsandPersonalDigitalAssistants(PDAs)(SeeFigure4.1)haveunchainedusfromourdesktopcomputers.AgroupofresearchersatAT&TLaboratoriesCambridgearepreparingtoputanewspinonmobilecomputing.Inadditiontotakingthehardwarewithyou,HowUbiquitousNetworkingWillWork？theyaredesigningaubiquitousnetworkingsystemthatallowsyourprogramapplicationstofollowyouwhereveryougo.

Figure4.1PDA'smodelInsidethebatultrasonictransmittershowstwo-coppercoilantennae,aradiotransmittermodule,thebatteryandtwoultrasonictransmitters.

Byusingasmallradiotransmitterandabuildingfullofspecialsensors,yourdesktopcanbeanywhereyouare,notjustatyourworkstation.Atthepressofabutton,thecomputerclosesttoyouinanyroombecomesyourcomputerforaslongasyouneedit.Inadditiontocomputers,theCambridgeresearchershavedesignedthesystemtoworkforotherdevices,includingphonesanddigitalcameras.

2.SendouttheBatSignal

Inorderforacomputerprogramtotrackitsuser,researchershadtodevelopasystemthatcouldlocatebothpeopleanddevices.TheAT&Tresearcherscameupwiththeultrasoniclocationsystem.Thislocationtrackingsystemhasthreebasicparts:

·Bats—smallultrasonictransmitterswornbyusers;

·Receivers—ultrasonicsignaldetectorsembeddedinceiling;

·Centralcontroller—coordinatesthebatsandreceiverchains.

Userswithinthesystemwillwearabat,asmalldevicethattransmitsa48-bitcodetothereceiversintheceiling.Batsalsohaveanimbeddedtransmitterwhichallowsittocommunicatewiththecentralcontrollerusingabidirectional433-MHzradiolink.

Batsare3incheslong(7.5cm)by1.4incheswide(3.5cm)by0.6inchesthick(1.5cm),oraboutthesizeofapager.Thesesmalldevicesarepoweredbyasingle3.6-voltlithiumthionylchloridebattery,whichhasalifetimeofsixmonths.Thedevicesalsocontaintwobuttons,twoLight-EmittingDiodes(LEDs)andapiezoelectricspeaker,allowingthemtobeusedasubiquitousinputandoutputdevices,andavoltagemonitortocheckthebatterystatus.(SeeFigure4.2)

Figure4.2Smartposter

Asmartposterwillhavebuttonsprintedontoitthatcanbetriggeredbyabat.

Abatwilltransmitanultrasonicsignal,whichwillbedetectedbyreceiverslocatedintheceilingapproximately4feet(1.2m)apartinasquaregrid.Thereareabout720ofthesereceiversinthe10,000-square-footbuilding(929m2)attheAT&TLabsinCambridge.Anobject'slocationisfoundusingtrilateration,aposition-findingtechniquethatmeasurestheobjectsdistanceinrelationtothreereferencepoints.

Ifabatneedstobelocated,thecentralcontrollersendsthebat'sIDoveraradiolinktothebat.ThebatwilldetectitsIDandsendoutanultrasonicpulse.Thecentralcontrollermeasuresthetimeittookforthatpulsetoreachthereceiver.Sincethespeedofsoundthroughairisknown,thepositionofthebatiscalculatedbymeasuringthespeedatwhichtheultrasonicpulsereachedthreeothersensors.Thissystemprovidesalocationaccuracyof1.18inches(3cm)throughouttheCambridgebuilding.

Byfindingthepositionoftwoormorebats,thesystemcandeterminetheorientationofabat.Thecentralcontrollercanalsodeterminewhichwayapersonisfacingbyanalyzingthepatternofreceiversthatdetectedtheultrasonicsignalandthestrengthofthesignal.

3．IntheZone

Withanultrasoniclocationsysteminplace,it'spossibleforanydevicefittedwithabattobecomeyoursatthepushofabutton.Let'ssaytheuserleaveshisworkstationandentersanotherroom.There'saphoneinthisroomsittingonanunoccupieddesk.Thatphoneisnowtheuser'sphoneandalloftheuser'sphonecallsareimmediatelyredirectedtothatphone.Ifthereisalreadysomeoneusingthatphone,thecentralcontrollerrecognizesthatandthepersonusingthephonemaintainspossessionofthephone.

Thecentralcontrollercreatesazonearoundeverypersonandobjectwithinthelocationsystem.Forexample,ifseveralcamerasareplacedinaroomforvideoconferences,thelocationsystemwouldactivatetheappropriatecamerasothattheusercouldbeseenandmovefreelyaroundtheroom.

Whenallthesensorsandbatsareinplace,theyareincludedinavirtualmapofthebuilding.Thecomputerusesaspatialmonitortodetectifauser'szoneoverlapswiththezoneofadevice.Ifthezonesdooverlap,thentheusercanbecomethetemporaryownerofthedevice.

IftheultrasoniclocationsystemisworkingwithVirtualNetworkComputing(VNC)software,therearesomeadditionalcapabilities.Computerdesktopscanbecreatedthatactuallyfollowtheirownersanywherewithinthesystem.Justbyapproachinganycomputerdisplayinthebuilding,thebatcanenabletheVNCdesktoptoappearonthatdisplay.Thisishandyifyouwanttoleaveyourcomputertoshowacoworkerwhatyou'vebeenworkingon.Yourdesktopissimplyteleportedfromyourcomputertoyourcoworker'scomputer.

4．InformationHoppersandSmartPosters

Oncethesezonesaresetup,computersonthenetworkwillhavesomeinterestingcapabilities.Thesystemwillhelpusstoreandretrievedatainan"informationhopper".Thisisatimelineofinformationthatkeepstrackofwhendataiscreated.Thehopperknowswhocreatedit,wheretheywereandwhotheywerewith.

Thinkofthehopperasaubiquitousfilingclerk.Itwillchangehowwethinkofourcomputerfilingsystems.Byusingadigitalcamerathatisconnectedtothenetwork,auser'sphotographsareimmediatelystoredinhisorhertimeline.Taperecorderscouldalsosendaudiomemostotheinformationhopper.

Twoitemsofinformationcreatedatthesametimewillbefoundatthesameplaceonthetimeline.Thesystemknowswhotheuserwaswithwhenhecreatedthedata,andthevarioustimelinesoftheusersworkingtogether.Thiswayanothertimelinecanbecreatedtokeeptrackofparticularprojects.

Anotherapplicationthatwillcomeoutofthisultrasoniclocationsystemisthesmartposter.Aconventionalcomputerinterfacerequiresustoclickonabuttononourcomputerscreen.Inthisnewsystem,abuttoncanbeplacedanywhereinyourworkplace,notjustonthecomputerdisplay.Theideabehindsmartpostersisthatabuttoncanbeapieceofpaperthatisprintedoutandstuckonawall.

Smartposterswillbeusedtocontrolanydevicethatispluggedintothenetwork.Theposterwillknowwheretosendafileandauser'spreferences.Smartposterscouldalsobeusedinadvertisingnewservices.Topressabuttononasmartposter,auserwillsimplyplacehisorherbatonthesmartposterbuttonandclickthebat.Thesystemautomaticallyknowswhoispressingtheposter'sbutton.Posterscanbecreatedwithseveralbuttonsonit.

Ultrasoniclocationsystemswillrequireustothinkoutsideofthebox.Traditionally,wehaveusedourcomputeratworktostoreallofourfiles,andwemaybackupthesefilesonanetworkserver.Thisnewubiquitousnetworkwillenableallcomputersinabuildingtotransferownershipandstoreallofourfilesinacentraltimeline.

Asabusinessgrows,itmightexpandtomultipleshopsorofficesacrossthecountryandaroundtheworld.Tokeepthingsrunningefficiently,thepeopleworkinginthoselocationsneedafast,secureandreliablewaytoshareinformationacrosscomputernetworks.Inaddition,TextBVPNstravelingemployeeslikesalespeopleneedanequallysecureandreliablewaytoconnecttotheirbusiness'scomputernetworkfromremotelocations.

OnepopulartechnologytoaccomplishthesegoalsisaVPN(VirtualPrivateNetwork).AVPNisaprivatenetworkthatusesapublicnetwork(usuallytheInternet)toconnectremotesitesoruserstogether.TheVPNuses"virtual"connectionsroutedthroughtheInternetfromthebusiness'sprivatenetworktotheremotesiteoremployee.ByusingaVPN,businessesensuresecurity—anyoneinterceptingtheencrypteddatacan'treadit.

VPNwasnotthefirsttechnologytomakeremoteconnections.Severalyearsago,themostcommonwaytoconnectcomputersbetweenmultipleofficeswasbyusingaleasedline.Leasedlines,suchasISDN(IntegratedServicesDigitalNetwork,128Kbps),areprivatenetworkconnectionsthatatelecommunicationscompanycouldleasetoitscustomers.Leasedlinesprovidedacompanywithawaytoexpanditsprivatenetworkbeyonditsimmediategeographicarea.TheseconnectionsformasingleWideAreaNetwork(WAN)forthebusiness.Thoughleasedlinesarereliableandsecure,theleasesareexpensive,withcostsrisingasthedistancebetweenofficesincreases.

Today,theInternetismoreaccessiblethaneverbefore,andInternetServiceProviders(ISPs)continuetodevelopfasterandmorereliableservicesatlowercoststhanleasedlines.Totakeadvantageofthis,mostbusinesseshavereplacedleasedlineswithnewtechnologiesthatuseInternetconnectionswithoutsacrificingperformanceandsecurity.Businessesstartedbyestablishingintranets,whichareprivateinternalnetworksdesignedforuseonlybycompanyemployees.Intranetsenableddistantcolleaguestoworktogetherthroughtechnologiessuchasdesktopsharing.ByaddingaVPN,abusinesscanextendallitsintranet'sresourcestoemployeesworkingfromremoteofficesortheirhomes.

1.

Analogy:EachLANisanIsland

Imaginethatyouliveonanislandinahugeocean.Therearethousandsofotherislandsallaroundyou,someverycloseandothersfartheraway.Thecommonmeansoftravelbetweenislandsisviaferry.Travelingontheferrymeansthatyouhavealmostnoprivacy:Otherpeoplecanseeeverythingyoudo.

Let'ssaythateachislandrepresentsaprivateLocalAreaNetwork(LAN)andtheoceanistheInternet.TravelingbyferryislikeconnectingtoaWebserverorotherdevicethroughtheInternet.YouhavenocontroloverthewiresandroutersthatmakeuptheInternet,justlikeyouhavenocontrolovertheotherpeopleontheferry.Thisleavesyoususceptibletosecurityissuesifyou'retryingtoconnecttwoprivatenetworksusingapublicresource.

Continuingwithouranalogy,yourislanddecidestobuildabridgetoanotherislandsothatpeoplehaveaneasier,moresecureanddirectwaytotravelbetweenthetwoislands.Itisexpensivetobuildandmaintainthebridge,eveniftheislandsareclosetogether.However,theneedforareliable,securepathissogreatthatyoudoitanyway.Yourislandwouldliketoconnecttoyetanotherislandthatismuchfartheraway,butdecidesthatthecostsaresimplytoomuchtobear.

Thisscenariorepresentshavingaleasedline.Thebridges(leasedlines)areseparatefromtheocean(Internet),yetareabletoconnecttheislands(LANs).Companieswhochoosethisoptiondosobecauseoftheneedforsecurityandreliabilityinconnectingtheirremoteoffices.However,iftheofficesareveryfarapart,thecostcanbeprohibitivelyhigh—justliketryingtobuildabridgethatspansagreatdistance.

SohowdoesaVPNfitin?Usingouranalogy,supposeeachinhabitantonyourislandhasasmallsubmarine.Let'sassumethateachsubmarinehastheseamazingproperties:

·It'sfast.

·It'seasytotakewithyouwhereveryougo.

·It'sabletocompletelyhideyoufromanyotherboatsorsubmarines.

·It'sdependable.

·Itcostslittletoaddadditionalsubmarinestoyourfleetonceyou'vepurchasedthefirstone.

Althoughthey'retravelingintheoceanalongwithothertraffic,thepeoplecouldtravelbetweenislandswhenevertheywantedtowithprivacyandsecurity.That'sessentiallyhowaVPNworks.EachremotememberofyournetworkcancommunicateinasecureandreliablemannerusingtheInternetasthemediumtoconnecttotheprivateLAN.AVPNcangrowtoaccommodatemoreusersanddifferentlocationsmuchmoreeasilythanaleasedline.Infact,scalabilityisamajoradvantagethatVPNshaveoverleasedlines.Moreover,thedistancedoesn'tmatter,becauseVPNscaneasilyconnectmultiplegeographiclocationsworldwide.

2.

WhatMakesaVPN?

AVPN'spurposeisprovidingasecureandreliableprivateconnectionbetweencomputernetworksoveranexistingpublicnetwork,typicallytheInternet.BeforelookingatthetechnologythatmakesaVPNpossible,let'sconsiderallthebenefitsandfeaturesabusinessshouldexpectinaVPN.

Awell-designedVPNprovidesabusinesswiththefollowingbenefits:

·Extendedconnectionsacrossmultiplegeographiclocationswithoutusingaleasedline;

·Improvedsecurityforexchangingdata;

·FlexibilityforremoteofficesandemployeestousethebusinessintranetoveranexistingInternetconnectionasifthey'redirectlyconnectedtothenetwork;

·Savingsintimeandexpenseforemployeestocommuteiftheyworkfromvirtualworkplaces;

·Improvedproductivityforremoteemployees.

AbusinessmightnotrequireallthesebenefitsfromitsVPN,butitshoulddemandthefollowingessentialVPNfeatures:

·Security—TheVPNshouldprotectdatawhileit'stravelingonthepublicnetwork.Ifintrudersattempttocapturethedata,theyshouldbeunabletoreadoruseit.

·Reliability—EmployeesandremoteofficesshouldbeabletoconnecttotheVPNwithnotroubleatanytime(unlesshoursarerestricted),andtheVPNshouldprovidethesamequalityofconnectionforeachuserevenwhenitishandlingitsmaximumnumberofsimultaneousconnections.

·Scalability—Asabusinessgrows,itshouldbeabletoextenditsVPNservicestohandlethatgrowthwithoutreplacingtheVPNtechnologyaltogether.

OneinterestingthingtonoteaboutVPNsisthattherearenostandardsabouthowtosetthemup.Thisarticlecoversnetwork,authenticationandsecurityprotocolsthatprovidethefeaturesandbenefitslistedabove.ItalsodescribeshowaVPN'scomponentsworktogether.Ifyou'reestablishingyourownVPN,though,it'suptoyoutodecidewhichprotocolsandcomponentstouseandtounderstandhowtheyworktogether.

3.TwocommontypeofVPN

3.1Remote-accessVPN

Aremote-accessVPNallowsindividualuserstoestablishsecureconnectionswitharemotecomputernetwork.Thoseuserscanaccessthesecureresourcesonthatnetworkasiftheyweredirectlypluggedintothenetwork'sservers.Anexampleofacompanythatneedsaremote-accessVPNisalargefirmwithhundredsofsalespeopleinthefield.AnothernameforthistypeofVPNisVirtualPrivateDial-upNetwork(VPDN),acknowledgingthatinitsearliestform,aremote-accessVPNrequireddialingintoaserverusingananalogtelephonesystem.

Therearetwocomponentsrequiredinaremote-accessVPN.ThefirstisaNetworkAccessServer(NAS,usuallypronounced"nazz"conversationally),alsocalledamediagatewayoraRemote-AccessServer(RAS).ANASmightbeadedicatedserver,oritmightbeoneofmultiplesoftwareapplicationsrunningonasharedserver.It'saNASthatauserconnectstofromtheInternetinordertouseaVPN.TheNASrequiresthatusertoprovidevalidcredentialstosignintotheVPN.Toauthenticatetheuser'scredentials,theNASuseseitheritsownauthenticationprocessoraseparateauthenticationserverrunningonthenetwork.

Theotherrequiredcomponentofremote-accessVPNs(SeeFigure4.3)isclientsoftware.Inotherwords,employeeswhowanttousetheVPNfromtheircomputersrequiresoftwareonthosecomputersthatcanestablishandmaintainaconnectiontotheVPN.Mostoperatingsystemstodayhavebuilt-insoftwarethatcanconnecttoremote-accessVPNs,thoughsomeVPNsmightrequireuserstoinstallaspecificapplicationinstead.TheclientsoftwaresetsupthetunneledconnectiontoaNAS,whichtheuserindicatesbyitsInternetaddress.Thesoftwarealsomanagestheencryptionrequiredtokeeptheconnectionsecure.

LargecorporationsorbusinesseswithknowledgeableITstafftypicallypurchase,deployandmaintaintheirownremote-accessVPNs.Businessescanalsochoosetooutsourcetheirremote-accessVPNservicesthroughanEnterpriseServiceProvider(ESP).TheESPsetsupaNASforthebusinessandkeepsthatNASrunningsmoothly.

Aremote-accessVPNisgreatforindividualemployees,butwhataboutentirebranchofficeswithdozensorevenhundredsofemployees?Next,we'lllookatanothertypeofVPNusedtokeepbusinessesconnectedLAN-to-LAN.

Figure4.3Remote-accessVPN

Aremote-accessVPNconnectionallowsanindividualusertoconnecttoaprivatebusinessnetworkfromaremotelocationusingalaptopordesktopcomputerconnectedtotheInternet.

3.2Site-to-siteVPN

Asite-to-siteVPNallowsofficesinmultiplefixedlocationstoestablishsecureconnectionswitheachotheroverapublicnetworksuchastheInternet.Site-to-siteVPNextendsthecompany'snetwork,makingcomputerresourcesfromonelocationavailabletoemployeesatotherlocations.Anexampleofacompanythatneedsasite-to-siteVPNisagrowingcorporationwithdozensofbranchofficesaroundtheworld.(SeeFigure4.4)

Figure4.4Site-to-siteVPNAsite-to-siteVPNconnectionletsbranchofficesusetheInternetasaconduitforaccessingthemainoffice'sintranet.

Therearetwotypesofsite-to-siteVPNs:

·Intranet-based—Ifacompanyhasoneormoreremotelocationsthattheywishtojoininasingleprivatenetwork,theycancreateanintranetVPNtoconnecteachseparateLANtoasingleWAN.

·Extranet-based—Whenacompanyhasacloserelationshipwithanothercompany(suchasapartner,supplierorcustomer),itcanbuildanextranetVPNthatconnectsthosecompanies'LANs.ThisextranetVPNallowsthecompaniestoworktogetherinasecure,sharednetworkenvironmentwhilepreventingaccesstotheirseparateintranets.

Eventhoughthepurposeofasite-to-siteVPNisdifferentfromthatofaremote-accessVPN,itcouldusesomeofthesamesoftwareandequipment.Ideally,though,asite-to-siteVPNshouldeliminatetheneedforeachcomputertorunVPNclientsoftwareasifitwereonaremote-accessVPN.DedicatedVPNclientequipmentcanaccomplishthisgoalinasite-to-siteVPN.

NowthatyouknowthetwotypesofVPNs,let'slookathowyourdataiskeptsecureasittravelsacrossaVPN.

4.KeepingVPNTrafficintheTunnel

MostVPNsrelyontunnelingtocreateaprivatenetworkthatreachesacrosstheInternet.Tunnelingistheprocessofplacinganentirepacketofdatafilewithinanotherpacketbeforeit'stransportedovertheInternet.Thatouterpacketprotectsthecontentsfrompublicviewandensuresthatthepacketmoveswithinavirtualtunnel.

Thislayeringofpacketsiscalledencapsulation.Computersorothernetworkdevicesatbothendsofthetunnel,calledtunnelinterfaces,canencapsulateoutgoingpacketsandreopenincomingpackets.Users(atoneendofthetunnel)andITpersonnel(atoneorbothendsofthetunnel)configurethetunnelinterfacesthey'reresponsiblefortouseatunnelingprotocol.Alsocalledanencapsulationprotocol,atunnelingprotocolisastandardizedwaytoencapsulatepackets.

ThepurposeofthetunnelingprotocolistoaddalayerofsecuritythatprotectseachpacketonitsjourneyovertheInternet.Thepacketistravelingwiththesametransportprotocolitwouldhaveusedwithoutthetunnel;thisprotocoldefineshoweachcomputersendsandreceivesdataoveritsISP.Eachinnerpacketstillmaintainsthepassengerprotocol,suchasInternetProtocol(IP)orAppleTalk,whichdefineshowittravelsontheLANsateachendofthetunnel.ThetunnelingprotocolusedforencapsulationaddsalayerofsecuritytoprotectthepacketonitsjourneyovertheInternet.

Tobetterunderstandtherelationshipsbetweenprotocols,thinkoftunnelingashavingacomputerdeliveredtoyoubyashippingcompany.Thevendorwhoissendingyouthecomputerpacksthecomputer(passengerprotocol)inabox(tunnelingprotocol).Shippersthenplacethatboxonashippingtruck(transportprotocol)atthevendor'swarehouse(onetunnelinterface).Thetruck(transportprotocol)travelsoverthehighways(Internet)toyourhome(theothertunnelinterface)anddeliversthecomputer.Youopenthebox(tunnelingprotocol)andremovethecomputer(passengerprotocol).

1.