Designing a WINS Replication Strategy 70-236 70-646 70-431 70-293
In designing your WINS infrastructure you must take into account the process of replicating
your WINS database from one WINS server to another WINS server located on
a different subnet. This is very important; you want users from a subnet to be able to
access resources located on a different subnet using NetBIOS-friendly names. This lesson
will show you how a WINS server can be selected as a push or pull partner, which
enables this replication to take place.
Creating a Replication Strategy
Once you have documented your WINS infrastructure and have determined the placement
of all of your WINS servers, routers, subnets, users, and so on, it’s time to create
a replication strategy to improve performance and to add fault tolerance to your enterprise
network. On smaller networks where only one or two WINS servers are needed,
a replication strategy is simple and effortless to create. On larger enterprise networks,
a lot of thought must be put into designing and implementing a replication strategy.
In the diagram, Subnet 1 contains a single WINS server named WS1 that services all client
computers on that subnet. When Client1-1 starts up, it registers all of the NetBIOS
information you learned earlier to the WINS database. All of the WINS-enabled client
computers in this subnet are configured to use WS1 as their primary WINS server.
When Client1-2 initiates a connection to \\client1-1, a name-resolution request is made
to the WINS server. The database is checked, and the IP address is returned. 70-649 MB2-632 642-812
Subnet 2 also has a WINS server, named WS2, which services all WINS-enabled workstations
on Subnet 2. When Client2-1 starts up, it too registers its NetBIOS information
to the WINS server, as do all WINS-enabled workstations in Subnet 2. But what would
happen if Client1-1 tried to access Client2-1 using NetBIOS name resolution? The router
in the diagram indicates that broadcast traffic would not pass through it, so NetBIOS
name resolution would have to occur in one of the two other ways you learned:
Lmhosts files or WINS. Let’s assume that there are no Lmhosts files configured for any
of the clients. When Client1-1 queries the WINS database on the WS1 server, there will
not be an entry for Client2-1, or for any other clients in Subnet 2 for that matter, in the
WINS database because Subnet 2 clients register all NetBIOS information to only the
WINS database on the WS2 server.
Securing Your WINS Infrastructure
Any time replication information from one server will traverse a network to reach
another server, you risk the possibility of interception of that data. Just as DNS zone
transfers are susceptible to this type of attack, so is WINS replication data.
Because WINS servers may be exposed to the Internet just like DNS servers are, security
should be of concern. Replication traffic between WINS servers across a public network
such as the Internet can be intercepted. NetBIOS names and IP addresses of your
servers and workstations can be made available to unauthorized personnel. As with
DNS, there are a couple of options you can use to protect your WINS replication data:
Encryption using Internet Protocol Security (IPSec ) 70-620 jn0-562
Encryption using a Virtual Private Network (VPN ) 117-201 117-202
As a network administrator, it is very important that your design always includes security
measures to protect the information and network resources of your company. All
WINS servers should be secured by cipher-locked doors, and access should be
restricted to authorized personnel using Active Directory directory services.