Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
311312313314315316317318319320
A-14
Addendum to the ProCurve Access Control Security Design Guide
Microsoft NAP
NAP Client Architecture
The NAP-capable endpoint includes several components, described in the
sections below.
NAP Enforcement Clients (ECs)
There is one EC for each network access method. The NAP client ships with
the following ECs:
IPsec NAP EC—IPsec-protected communications
EAPHost NAP EC—802.1X-authenticated connections
VPN NAP ECremote-access VPN connections
DHCP NAP EC—DHCP-based IPv4 address configuration
The NA7P platform includes NAP EC APIs to permit vendors to construct and
install proprietary ECs.
System Health Agents (SHAs)
A SHA monitors one or more elements of the client’s system health, such as
antivirus signatures, software patches, firewall settings, browser settings,
service packs, and local system settings. SHAs can be supplied by Microsoft
or by third-party vendors.
Four of the Microsoft SHAs—OS, patch, antivirus, and update—are associated
with the remediation servers and receive the latest update information during
the time that the endpoint is connected to the network. The Firewall and
Browser SHAs are not associated with remediation servers because they
merely ensure that the client has the proper settings enabled.
Each time an SHA receives an update from the remediation server or detects
that a setting has changed, it sends a new statement of health (SoH) to the
NAP Agent. The SoH contains version numbers and other time-specific infor-
mation about the element that the SHA monitors.
NAP Agent
The NAP Agent collects SoHs from the SHAs and compiles a system statement
of health (SSoH). When the endpoint attempts to connect to the network, the
appropriate EC queries the NAP Agent for the SSoH and presents it to the NAP
enforcement point.