O'Reilly logo

Windows Server® 2008 Networking and Network Access Protection (NAP) by Microsoft Networking Team, Tony Northrup, Joseph Davies

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Planning and Design Considerations

When planning for the deployment of IPsec enforcement, you must consider the following:

  • Active Directory

  • PKI

  • HRAs

  • IPsec policies

  • NAP clients

Active Directory

You must consider the following planning and design issues for Active Directory:

  • IPsec NAP exemption group

  • Security groups or organizational units (OUs) for IPsec policy application

  • Security groups or OUs for NAP exceptions

IPsec NAP Exemption Group

You must create an IPsec exemption security group whose members are the remediation servers and HRAs in the boundary network. Remediation servers and HRAs will use certificate autoenrollment to obtain NAP exemption certificates, which are long-lived health certificates that remediation servers and HRAs can use to initiate ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required