1 / 17

Selecting the Right Network Access Protection Architecture

Selecting the Right Network Access Protection Architecture. Infrastructure Planning and Design Series. What Is IPD?. Guidance that aims to clarify and streamline the planning and design process for Microsoft ® infrastructure technologies IPD…in 50 pages: Defines decision flow

dayo
Download Presentation

Selecting the Right Network Access Protection Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Selecting the Right Network Access Protection Architecture Infrastructure Planning and Design Series

  2. What Is IPD? Guidance that aims to clarify and streamline the planning and design process for Microsoft® infrastructure technologies IPD…in 50 pages: • Defines decision flow • Describes decisions to be made • Relates decisions and options for the business • Frames additional questions for business understanding • Replaces Windows Server System™ Reference Architecture (WSSRA) Download the IPD Guides at www.microsoft.com/ipd

  3. Getting Started Selecting the Right nAP Architecture

  4. Purpose and Agenda • Purpose • To assist in the decision-making process regarding which enforcement methods to use in conjunction with Network Access Protection (NAP) to meet business and technical requirements • Agenda • Determine which components to use in a NAP architecture

  5. What Is NAP? • Network Access Protection is a policy-based solution that: • Validates whether computers meet health policies • Can limit access for noncompliant computers • Automatically remediates noncompliant computers • Continuously updates compliant computers to maintain health state • Offers administrators a wide range of choice and deployment flexibility to better secure their Windows networks

  6. NAP Architecture

  7. Why Implement NAP? • Controlled access for guests, vendors, partners • Improved resilience to malware as network health increases • More robust update infrastructure • Managed compliance

  8. Key Messages for NAP • The NAP client can be Windows Server® 2008, Windows Vista®, Windows® XP SP3, or third-party (Linux + Macintosh) • NAP is built into Windows that you enable via GP/script • NAP requires a minimum of one Windows Server 2008 machine to get started

  9. NAP Enforcement Options

  10. Decision Flow • Determine the client connectivity • Determine enforcement layer • If enforcement is at network layer, select enforcement options

  11. Determine Client Connectivity • Type of network connectivity dictates appropriate enforcement methods. Client devices connect two ways: • Locally—via wired or wireless • Remotely—such as VPN

  12. Determine VPN Platform • Will the VPN platform be Microsoft or third-party? • Microsoft VPN selected: • If IT selects RRAS to provide remote access, VPN server must run Windows Server 2008 • Low level of complexity and cost to implement • Third-party VPN selected: • If IT selects a third-party VPN, IPsec can be used to restrict client device access • High level of complexity and medium cost to implement

  13. Enforcement Layer Decision • Enforce NAP restrictions at each host or enforce on network? • Enforce restrictions at hosts selected: • Using IPsec provides robust security • High level of complexity and medium cost to implement • Enforce restrictions on network selected: • Depending on specific network-based enforcement method, security level less robust than IPsec • Medium level of complexity and highcost to implement

  14. NAP Restrictions – Host vs. Network Enforcement • Use the table below to select between: • IPsec – host-based • 802.1X – network-based • DHCP – network-based

  15. Additional Considerations for NAP • Determine system compliance requirements • Combining NAP technologies • Dependencies

  16. Summary and Conclusion • NAP flexibility provides choice • NAP is deployment ready Provide feedback to satfdbk@microsoft.com

  17. Find More Information • Download the full document and other IPD guides: • www.microsoft.com/ipd • Contact the IPD team: • satfdbk@microsoft.com • Visit the Microsoft Solution Accelerators Web site: • www.microsoft.com/technet/SolutionAccelerators

More Related