This is desirable since you want to secure your NPS server as much as possible.
261 Chapter 8: Network Policy and Access Services
This is not a technical requirement, however. In fact, the NPS can reside on the same
server as your DHCP, HRA, VPN, or even remediation servers. Logically, the communication
still follows that depicted in Figure 8-2, except that the NPS is technically visible
by the NAP client. This is not a recommended setup, but it may be appropriate on small
networks or when trying to demonstrate NAP functionality as some form of proof of
concept.
NAP CLIENT ARCHITECTURE
NAP clients are systems that can participate in a NAP-enabled network because they
have the ability to generate statements of health from agents installed on them. These
system health agents not only check for the system??™s health relative to their specific function
(for example, an anti-virus system health agent may be able to query the anti-virus
Figure 8-2. NAP component interaction
NAP Client
System
Health
Updates
Authentication Requests
Health Registration
Authority
Network Policy
Server
DHCP Server
VPN Server
802.1X Device
QUARANTINE ZONE BOUNDARY ZONE PROTECTED ZONE
Remediation Servers
262 Microsoft Windows Server 2008 Administration
running state as well as engine and definition version), but they are also responsible for
communicating with their respective remediation server to resolve the issues that mark
them as unhealthy.
Pages:
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310