Network Access Protection is a great new feature of Windows Server 2008 that will help you understand the health of your client machines (Windows Vista and Windows XP Service Pack 3) and increase the trust in your network.
Server and Domain Isolation utilises IPsec to protect domain computers from un-trusted devices. Network Access Protection automates the process of moving machines between logical trusted and un-trusted IPsec networks.
Here are the links for Thursday the 7th of February 2008:
- The big news this week is obviously that Windows Server 2008 and Windows Vista Service Pack 1 have gone RTM, which means that the final NAP code is available. Hopefully Windows XP Service Pack 3 is just around the corner.
- Microsoft have released a number of NAP and IPsec documents that have been around during the Windows Server 2008 beta period or even earlier and have been updated for the RTM version: Introduction to Network Access Protection, Internet Protocol Security for Microsoft Windows Server 2003, Internet Protocol Security Enforcement in the Network Access Protection Platform and IEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft Windows.
- You might also want to check out the Group Policy Settings Reference for Windows Server 2008 document which includes the new NAP, 802.1x and IPsec polices available.
- Microsoft have also recently recently released an IPsec Diagnostic Tool. The UI is pretty basic but the diagnostic results should make short work of troubleshooting.
- Jeff Wettlaufer, Senior Technical Product Manager for System Centre Configuration Manager, has posted some great detail on SCCM integration with NAP. There’s a demo video and I gather from this quote: “a few weeks ago the North American region went into production NAP enforcement, so we really are practicing what we preach”, that Microsoft have moved from report only mode to full enforcement on their internal networks. That sounds pretty cool when you consider how big their network is.
- A new case study on NAP deployment has been published. Fulton County implemented NAP with IPsec enforcement.. Via Steve.
- There’s a new TechNet webcast today: NAP TAP Deployments in Windows Server 2008, which is detailing some best practices. Keep and eye out for the recorded version which should be available in the next few weeks.
- Chris Hoff generated all sorts of discussion with this post How the Hypervisor is Death By a Thousand Cuts to the Network IPS/NAC Appliance Vendors and it’s follow up Client Virtualization and NAC: The Fratto Strikes Back.
- Greg Shields at Redmond Mag has a nice overview of NAP here: A NAP Is Good for Your Health.</ul>