Multiple NPS/NAP Servers?
hi,
firstly should start saying newbie server 2008 , nps/nap, appreciated.
we in planning stages of rolling out nps , nap along hp procurve switches using 802.1x. planning on using nps servers authenticate dial-in users via cisco vpn client.
the question is, need install nap on both nps (radius) servers or can pass nap traffic onto 1 server? or microsoft preferred way?
as secondary question possible check applications or executables on machine using nap? if possible set variables?
many thanks
paul
firstly should start saying newbie server 2008 , nps/nap, appreciated.
we in planning stages of rolling out nps , nap along hp procurve switches using 802.1x. planning on using nps servers authenticate dial-in users via cisco vpn client.
the question is, need install nap on both nps (radius) servers or can pass nap traffic onto 1 server? or microsoft preferred way?
as secondary question possible check applications or executables on machine using nap? if possible set variables?
many thanks
paul
hi paul,
you can pass traffic 1 nps, or can split between two. decision depends on redundancy needs. think can configure switch send traffic primary , secondary radius server redundancy. of course require sync policies between 2 servers.
another option have switch send traffic 1 server forwards request second server. this, set remote radius server group , configure connection request policy foward authentication requests remote group (do on server a). other server (server b) will have authentication , authorization policies (called connection request , network polices on nps) , have radius client entry configured server a. don't think either way preferred.
i'm not aware of sha available checking files on client hard drive. else might have heard of one.
-greg
you can pass traffic 1 nps, or can split between two. decision depends on redundancy needs. think can configure switch send traffic primary , secondary radius server redundancy. of course require sync policies between 2 servers.
another option have switch send traffic 1 server forwards request second server. this, set remote radius server group , configure connection request policy foward authentication requests remote group (do on server a). other server (server b) will have authentication , authorization policies (called connection request , network polices on nps) , have radius client entry configured server a. don't think either way preferred.
i'm not aware of sha available checking files on client hard drive. else might have heard of one.
-greg
Windows Server > Network Access Protection
Comments
Post a Comment