If
a health certificate is available, it can also use that to certify health to the VPN
server.
System Health Agent
SHAs on the client are matched with their respective SHVs on the server. The SHA??™s
purpose is to collect system health information that is then sent to the SHV. If the client is
not compliant with the current policy, the SHV returns a SoHR to the SHA informing it
of what steps it needs to take to remediate itself. This is why, in general, each SHA and
its paired SHV must be from the same vendor, so that the SHV knows how to correct any
policy violations found from the data provided by the SHA.
NAP SERVER ARCHITECTURE
Each NAP server contains a number of NAP Enforcement Server (ES) components,
one for each type of authentication/connection method (that is, VPN or IPSec). These
components are then matched to the appropriate NAP EC that matches the NAP ES.
263 Chapter 8: Network Policy and Access Services
For example, the IPSec NAP ES communicates with IPSec NAP-enabled clients. The
NAP server in turn talks to the NPS using RADIUS. The NPS server contains the policies,
NAP administration server, and SHVs. The NAP administration server acts as the
broker between the NPS and various SHVs. It takes SoH records collected from the NAP
clients through NPS and distributes them to the appropriate SHVs. It then returns the
SoHRs provided by the SHVs back to the NAP clients through NPS.
Pages:
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312