12.3. How Microsoft NAP Works
Each organization structures and populates their network based on their networking needs and requirements. Microsoft designed NAP to work within different, heterogeneous network environments. Also, because Microsoft NAP supports various enforcement methods, the configuration of and operation for each NAP enforcement method differs somewhat.
The core operation of Microsoft NAP remains virtually the same, regardless of enforcement method:
The Microsoft NAP client sends a reading of the health state of the computer or other endpoint device as part of another, enforcement method-specific function (such as a DHCP request message or as part of an initial IPSec communication) or on request (like NAP's 802.1X and VPN enforcement methods do).
The system determines the health state of the computer or other device by checking a Statement of Health (SoH) that it gathers from all SHAs (each of which monitors a specific application), as well as from the WSC SHA that's part of Microsoft Windows Vista and Windows XP Service Pack 3.
The system provides the SoH to the EC, which communicates the health state of the endpoint device to Microsoft NPS. The ESs, either resident on the NPS or located elsewhere on the network (for example, in the HRA in NAP's IPSec enforcement method), communicate the endpoint device's security state to Microsoft NPS. Microsoft NPS, as the policy server for NAP, validates whether the endpoint device complies with the system health requirements ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
