AX4 Hyper-V VPS
Login   Search
Skip Navigation Links
Server 2008
Managing Servers
Event Viewer
Placement
Clustering
About Nap
Overview
Consolidation
Dynamic IT
TS Session Broker
Scroll up
Scroll down
Skip Navigation Links>About Nap

About NAP

When a NAP client communicates with NPS, a three step process to ensure the health of the client is initiated: validation, compliancy, and level of network access.

The health of the client is based on information such as does the client have the latest anti-virus signature file, the correct registry settings, and configuration files.

When the NAP client starts, it sends its SoH to HCS. The SoH contains attribute data for compliancy status such as the state of the anti-virus software running on the client or the last operating system update that was applied.

HCS then passes this information to NPS as Remote Authentication Dial-In User Service (RADIUS) vendor-specific attributes (VSAs) in a RADIUS Access-Request message. NPS extracts the SoH data and communicates with the Quarantine Server (QS).

QS then forwards this data for validation to SHV, which then determines whether the client complies with the required health state and creates an SoHR, which is sent back to QS.

This response is then sent to NPS, which initiated the process that determines whether the client has limited or unlimited access to the network.

A RADIUS Access-Accept message is created containing the SoHR, and is sent to HCS. If the response is valid, HCS issues the NAP client a health certificate.

The NAP client can now initiate IPSec-based communication with secure resources using the issued health certificate for IPSec authentication, and respond to communications initiated from other NAP clients.

If the response is not valid, HCS  informs the NAP client how to correct its health state and does not issue a health certificate.

The NAP client cannot initiate communication with other computers that require a health certificate for IPSec authentication.

However, the NAP client can initiate communications with the remediation server to bring itself back into compliance.

The remediation server provides services and resources, such as the latest anti-virus signature file or software update enabling the NAP client to update its SoH data.

Once the NAP client is updated using remediation, a new and updated SoH is sent back to HCS, which then passes this information back to NPS. The NPS validates the information and a health certificate is issued to the NAP client.