Comment Feed for Channel 9 - Network Access Protection with MSIT http://ecn.channel9.msdn.com/o9/previewImages/100/249516_100x75.jpg Channel 9 - Network Access Protection with MSIT After months of cajoling, Adam was finally able to convince Jeff Sigman from the NAP team and Brent Atkison from MSIT to sit still for 30 minutes to talk about why we created NAP, and how we went about deploying it worldwide at Microsoft.  Ah, who am I kidding.  Jeff's been asking me for months to put his blue anime hair up on Channel9.  Here you go Jeff.  Persistance pays off. Network Access Protection is a new feature in Windows Server 2008 that allows you to enforce computer health requirements before allowing machines to communicate on the network.  It's the answer to the question "do I trust that this machine is patched and won't infect other machines on my network?" These guys have done some pretty impressive stuff.  The NAP team worked with a list of partners as long as your arm to make sure NAP will play nicely with whatever switch hardware you've invested in.  Brent shares some impressive sizing guidelines for implementing NAP:  Microsoft turned reporting and deferred enforcement on 120,000 machines worldwide, using a very small number of servers.  Very small.  Less than 3.  Total help desk calls as a result?  Also a very small number.  Oh, and he did that deployment using beta builds of Longhorn Server 2008. en Mon, 20 May 2013 12:39:26 GMT Mon, 20 May 2013 12:39:26 GMT Rev9 Re: Network Access Protection with MSIT
Or is it connected to another server exclusively dedicated to this function?

posted by gr@nt

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633276676760000000 Thu, 11 Oct 2007 02:47:56 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633276676760000000 gr@nt Re: Network Access Protection with MSIT You might also have a v-lan that has internet access only, so guests on your network that don't meet your criteria for health can still get to the net.

posted by adambomb

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633276739500000000 Thu, 11 Oct 2007 04:32:30 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633276739500000000 adambomb Re: Network Access Protection with MSIT
Please see documents/whitepapers/other info at http://www.microsoft.com/nap for more information.

-Chris

posted by cedson -MSFT-

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277189740000000 Thu, 11 Oct 2007 17:02:54 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277189740000000 cedson -MSFT- Re: Network Access Protection with MSIT

Jeff Sigman


PS - Thanks to Adam for making this video happen! Let us know if you like it and we can continue a series all about NAP. Make sure to check out the NAP blog.

posted by NAPDude

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277294590000000 Thu, 11 Oct 2007 19:57:39 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277294590000000 NAPDude Re: Network Access Protection with MSIT

posted by mcampbell

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277576970000000 Fri, 12 Oct 2007 03:48:17 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277576970000000 mcampbell Re: Network Access Protection with MSIT posted by CannedSoda

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277603370000000 Fri, 12 Oct 2007 04:32:17 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633277603370000000 CannedSoda Re: Network Access Protection with MSIT Hey Matt, good question.

1.) Integrated client available in XP SP3 and Vista.
2.) Able to enforce NAP orthogonally to the logged-on user (since it is an NT service).
3.) 3rd parties can build on top of client and server and extend the scope of what "health" means.
4.) The TCG adopted our Statement of Health (SoH) protocol as a standard - anyone can read the standard and interoperate.
5.) Check out this demo video I made to get a better idea of the experience.

I hope you try it out for yourself!


Jeff Sigman
Senior Program Manager - NAP

posted by NAPDude

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278010740000000 Fri, 12 Oct 2007 15:51:14 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278010740000000 NAPDude Re: Network Access Protection with MSIT posted by ZippyV

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278342300000000 Sat, 13 Oct 2007 01:03:50 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278342300000000 ZippyV Re: Network Access Protection with MSIT
NAPDude wrote:


Hey Matt, good question.

1.) Integrated client available in XP SP3 and Vista.
2.) Able to enforce NAP orthogonally to the logged-on user (since it is an NT service).
3.) 3rd parties can build on top of client and server and extend the scope of what "health" means.
4.) The TCG adopted our Statement of Health (SoH) protocol as a standard - anyone can read the standard and interoperate.
5.) Check out this demo video I made to get a better idea of the experience.

I hope you try it out for yourself!


Jeff Sigman
Senior Program Manager - NAP



The live meeting site says that the webcast has expired.

posted by mcampbell

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278938540000000 Sat, 13 Oct 2007 17:37:34 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278938540000000 mcampbell Re: Network Access Protection with MSIT
Jeff Sigman

posted by NAPDude

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278983530000000 Sat, 13 Oct 2007 18:52:33 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278983530000000 NAPDude Re: Network Access Protection with MSIT
Jeff Sigman

posted by NAPDude

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278985280000000 Sat, 13 Oct 2007 18:55:28 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278985280000000 NAPDude Re: Network Access Protection with MSIT CannedSoda, Enterprise CA or Standalone will work fine!

Check out the step-by-step for more information.

Jeff Sigman

posted by NAPDude

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278986540000000 Sat, 13 Oct 2007 18:57:34 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633278986540000000 NAPDude Re: Network Access Protection with MSIT Turns out my full 802.1x NAP Live Meeting demo (Server Beta 3) is gone and I can't locate another copy of it. I will create a brand spanking new one and post it on the NAP blog. I have some ideas how to make it better anyway, like showing you how I set up the HP Procurve 802.1x Switch to work with NAP (it is a snap).

Please let me know if there is anything you specifically want to see, and I will consider demoing it. Otherwise just come see me at TechEd / IT Forum Europe and introduce yourself!

Jeff Sigman

posted by NAPDude

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633281389150000000 Tue, 16 Oct 2007 13:41:55 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633281389150000000 NAPDude Re: Network Access Protection with MSIT posted by ZippyV

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633282529950000000 Wed, 17 Oct 2007 21:23:15 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633282529950000000 ZippyV Re: Network Access Protection with MSIT You're right, Server 2003 included a feature called Quarantine Services, you can read more about it here.  Brent talks about it a bit in the video when he talks about Microsoft's Remote Access implementation.  Quarantine services work only on VPN connections, and rely on custom scripts to do all the inspection on the client.  NAP can be used on VPN, IPSEC, 802.1x, or DHCP, and uses client issued health statements for the inspection.  It covers more scenarios and is a faster inspection process.

posted by adambomb

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633282582390000000 Wed, 17 Oct 2007 22:50:39 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633282582390000000 adambomb Re: Network Access Protection with MSIT
Just wondering is NAP compatible with all managable switches, i use a wide range and ages of intelligent switches, vlans are not currently setup however with the introduction of NAP it is an ideal oppertunity to do so.

Regards James!

posted by jamesscammell

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633404077930000000 Thu, 06 Mar 2008 13:43:13 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c633404077930000000 jamesscammell Re: Network Access Protection with MSIT posted by raf hernandez

]]> http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c634272171610000000 Mon, 06 Dec 2010 07:26:01 GMT http://channel9.msdn.com/Blogs/adambomb/Network-Access-Protection-with-MSIT#c634272171610000000 raf hernandez