Windows Network Policy Server Fundamentals

Ranjana JainMCSE, MCT, RHCE, CISSP, CIW Security AnalystIT Pro Evangelist Microsoft Indiahttp://ranjanajain.spaces.live.com

• Network Policy Server Architecture and

Functionality

• Deploying and configuring Network

Access Protection (NAP)

• Monitoring NPS for High Availability

What Will We Cover?

Level 300

• Understanding of network access

• Familiarity with DHCP

• Familiarity with RADIUS

Helpful Experience

• Introducing Network Policy Server

• Deploying and Configuring NAP

• Best Practices and Troubleshooting

• Configuring Load Balancing

Agenda

The Core IO Model

CROSS-MODEL ENABLERS• Identity • Presence • Rights Management • Network Access

Desktop, Device, and Server ManagementDesktop, Device, and Server Management

Security and NetworkingSecurity and Networking

Identity and Access ManagementIdentity and Access Management

Data Protection and RecoveryData Protection and Recovery

IT Management and Security ProcessIT Management and Security Process

What is Network Policy Server?

NPS Authentication Process

User requests access to port

Network device asks user for credentials

Forwards credentials and connection details

Evaluates connection and forwards credentials for authentication

If policy matches, and user is authentic, access allowed

Device allows access

Demonstration Environment

Internal Network192.168.16.0/20

SEA-DC-01.contoso.comWindows Server Longhorn

Domain Controller, NPS, DHCP192.168.16.2/20

SEA-WRK-001.contoso.comWindows Vista

IP Address by means of DHCP

Demo

Reviewing Network Policies

Tour the NPS Console Configure NAP Server Settings Configure NAP Policies and Elements

demonstration

• Introducing Network Policy Server

• Deploying and Configuring NAP

• Best Practices and Troubleshooting

• Configuring Load Balancing

Agenda

NetworkAccess

Requests Not Compliant

Policy Compliant

How NAP Works

Corporate Network

Restricted Network

WindowsClient

NetworkAccessDevices

NPS

ActiveDirectory

RemediationServers

HealthStatements

QA

SHA

EC QS

SHV

Demo

Configuring NAP for DHCP

Enable and Configure Client Settings Configure DHCP Server Test Client Access

demonstration

• Introducing Network Policy Server

• Deploying and Configuring NAP

• Best Practices and Troubleshooting

• Configuring Load Balancing

Agenda

Deployment Best Practices

• Install NPS on the Domain Controller

• Use RADIUS to distribute requests

• Specify RADIUS client IP addresses

• Specify permission by RAP

• Log wisely

Debug Tracing Logs

RADIUS Server and Proxy

Authentication, Mapping, Validation

Policy and Quarantine Evaluation

File and Database Logging

Network Monitor

Corporate Network

Demo

Examining Connection Trace Logs

Examine Event Logs Examine Connection Logs

demonstration

• Introducing Network Policy Server

• Deploying and Configuring NAP

• Best Practices and Troubleshooting

• Configuring Load Balancing

Agenda

NPS as a RADIUS Proxy

NPS RADIUSProxy Server

NPS Load Balancing

Demo

Configuring Load Balancing

Export Settings and Create Clone Configuration

Set Up NPS as a RADIUS Proxy

demonstration

Faster Communications Fast enterprise class search on clients and serversFaster networking with new TCP/IP stack and native IPv6Improved file-sharing performance over high-latency linksIntegrated remote access to internal applications and resources

Windows Server 2008 + Windows Vista

Greater AvailabilityScalable print servers with client-side renderingTransparent offline experience with client-side cachingTransactional File System for file and registry operationsPolicy-based Quality of Service to prioritize application bandwidth

More Efficient ManagementSingle worldwide servicing modelEvent forwarding between client and serverFaster and more reliable remote operating system deploymentsNetwork Access Protection ensures health of connecting systems

• NPS and NAP can be used to protect networks

• Policy rules may be extremely fine-grained

• NPS is a very flexible server application

Session Summary

Visit TechNet at:

www.microsoft.com/technet

www.microsoft.com/nap

For More Information

• Live Events and Online webcast Series

• My Blog: http://ranjanajain.spaces.live.com

• Chats, Newsgroups, Forums and Virtual Labs

• Local Locator for Professional User Groups

Where Else Can I Get Help?

groups.msn.com/itdelhiug

THANK YOU