Let’s get some NAP questions and comments folks!


I re-enabled “Allow Anonymous Users to Comment” on the NAP blog. I was talking to my wife this evening about how I don’t get a lot of interaction from folks on the NAP blog and she said “that’s because you have anonymous comments disabled.”


 “Oh”, I said. I’d love for this to be an interactive forum for NAP. My talks with customers at RSA taught me some people really know their stuff on NAP, while others barely know what the acronym means. Something about falling asleep and health, right?


– Jeff


Comments (9)

  1. Anonymous says:

    Hi Kevin,

    I am glad that you asked the question, as those partners just updated their web pages.

    Without me explaining the value of the integration, I would like to redirect you to the following partner pages:

    http://www.lockdownnetworks.com/nap/

    http://www.verniernetworks.com/partners/microsoft.html

    Calvin Choe

    The NAP World Tour Manager

    Business Development & Tech. Evangelism

    Network Access Protection, Windows Enterprise Networking

    Email: Calvin.Choe @ Microsoft.com

  2. Anonymous says:

    Thanks for the encouragement Blake. :->

  3. Anonymous says:

    Kevin, awesome question. I am having someone follow-up with a reply on here shortly.

    Christer, NAP Client (XP/Vista) does not talk to ACS directly (out of the box). You should contact Cisco for more information. NAP integrates with ACS on the backend (ACS can talk to our Network Policy Server – NPS). That was part of the interop plan we announced below.

    http://blogs.technet.com/nap/archive/2006/09/06/454395.aspx

    – Jeff Sigman

  4. Anonymous says:

    Hi Kevin,

    I am glad that you asked the question, as those partners just updated their web pages.

    Without me explaining the value of the integration, I would like to redirect you to the following partner pages:

    http://www.lockdownnetworks.com/nap/

    http://www.verniernetworks.com/partners/microsoft.html

    Calvin Choe

    The NAP World Tour Manager

    Business Development & Tech. Evangelism

    Network Access Protection, Windows Enterprise Networking

    Email: Calvin.Choe @ Microsoft.com

  5. Blake Handler says:

    Yeah, my wife has forced me to do a whole bunch of wonderful things too! (^_^)

  6. David says:

    Hi,

    We are currently at work on our next desktop build (Vista) and I would like to ship it NAP-ready so that when we’re ready to do NAP we do not need to touch the clients. We have not yet defined enforcement methods, or anything else for that matter, so we’d like to keep our options open.

    Any suggestions as to how we should provision, configure our Vista boxes to ensure we don’t need to deploy anything to them later?

  7. Kevin says:

    Hi David,

    I am going to make the assumption that by "touch the clients" you are referring to deploying software to the clients, but deploying configuration through group policy will not be a concern.

    The good thing is that the NAP client is built into Vista.  This includes the NAP client, the four enforcement options (IPSec, 802.1x, VPN, DHCP), and the Windows Security SHA.  With this already in place with the OS, there are a number of NAP deployment
    options that are available simply by enabling the NAP Agent and the appropriate enforcement via using group policy.

    The most likely possibility of needing to deploy additional software will be the decision about the health policy.  If the health policy is going to require checking the health of items not included in the Windows Security SHA then a third party package
    from a NAP partner may be required.  Make sure you understand what the Windows Security SHA provides and whether it meets the needs itself. Understanding your desired health policy prior to completing the desktop build will reduce the possibility that additional
    software may be needed later.

    Kevin Rhodes
    Program Manager – Microsoft
    Enterprise Networking Group

  8. Kevin says:

    Here is a question for those of us unable to attend RSA.  You have partners like Vernier and Lockdown Networks that sell appliances that will work with NAP.

    Can we get a quick overview on what the value added from one of these appliances on top of the NAP framework might be?

  9. Christer says:

    Hello

    Will the XP/Vista NAP client work with Cisco ACS instead off NAP server?

    I wold like to try that combination but we are not trying longhorn.