Wednesday, April 20, 2011

Network Access Protection

Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.

Windows 2008 Editions and NPS

NPS provides different functionality depending on the edition of Windows Server 2008 and Windows 2008 R2 that you install.In Enterprise and Datacenter editions you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure a group of RADIUS clients by specifying an IP address range.

In Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of two remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query. Windows Web Server 2008 does not include NPS.

You can upgrade a server running Windows Server 2003 and IAS to Windows Server 2008 and NPS. During the upgrade process, the server configuration is preserved but, remote access policies change name to network policies.

Installing a Network Policy Server

1. Open Server Manager

2. Click the Add Roles link in the Actions pane.

3. On the Welcome page, click Next

4. From the list of roles to install, select Network Policy and Access Services from the list, and click Next

5. Review the information provided on the Welcome page, and click Next

6. On the Select Role Services page, select which role services to install on the server, Click Next

7.On the Certificate Authority page, choose whether to install a local CA for issuing health certificates or to use an existing remote CA. If using a remote CA, make sure it is dedicated to issuing only health certificates. Click Next

8. Select whether to configure the HRA to allow only domain-authenticated users to get health certificates. Click Next

9. Select a server authentication certificate to be used to encrypt the network traffic, the certificate should be from an authority that is trusted by all of the clients, an internal enterprise domain CA or an external third-party CA. Click Next

10. On the Confirmation page, click Install.

11. Click Close when the wizard completes

Network Policy Server

Network Policy Server is Microsofts implementation of Remote Authentication Dial-in User Service (RADIUS) Server and Proxy in Windows Server 2008, and replacement for Internet Authentication Service in Server 2003. NPS allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following features:

RADIUS Server:

Performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network connection,and for connections to computers running Terminal Services Gateway. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests.To deploy NPS with TS Gateway,you must deploy TS Gateway on the local or a remote computer that is running Windows Server 2008.To deploy NPS with Routing and Remote Access configured as a VPN server,a member of a VPN site-to-site configuration, or a dial-up server, you must deploy Routing and Remote Access on the local or a remote computer that is running Windows Server 2008.

RADIUS Proxy:

When you use NPS as a RADIUS proxy, you can configure connection request policies that tell the NPS server which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests.

Network Access Protection (NAP) policy server:

When configured as a NAP policy server, NPS evaluates statements of health sent by NAP-capable client computers that want to connect to the network.It also acts as a RADIUS server when configured with NAP, performing authentication and authorization for connection requests. You can configure NAP policies and settings including system health validators, health policy, and remediation server groups.Installation of the Network Policy and Access Services role installs the Network Policy Server component and the RADIUS role

802.3 Wired

You can configure 802.1X-based connection request policies for 802.3 wired client Ethernet network access. You can also configure 802.1X-compliant switches as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, authentication, authorization, and accounting for 802.3 Ethernet connections.

802.11 Wireless

You can configure 802.1X-based connection request policies for 802.11 wireless client network access. You can also configure wireless access points as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, perform authentication, authorization, and accounting for 802.11 wireless connections. You can integrate 802.11 wireless access with NAP when deploying a wireless 802.1X infrastructure so that wireless clients is verified against health policys before they are allowed to connect to the network.

You can also use NPS to deploy secure password authentication with Protected Extensible Authentication Protocol (PEAP)-MS-CHAP v2 for wireless connections.To deploy NPS with secure 802.1X wired or wireless access, you must enroll a server certificate to the server running NPS using Active Directory Certificate Services or a public certification authority. To deploy EAP-TLS or PEAP-TLS, you must also enroll computer or user certificates,that requires you to design and deploy a public key infrastructure using AD CS

Improving the Web Application Platform

Windows Server 2008 R2 includes many enhancements that make this release the most robust Windows Server Web application platform yet. It offers an updated Web server role, Internet Information Services (IIS) 7.5, and greater support for .NET on Server Core. Design goals for IIS 7.5 concentrated on improvements that enable Web administrators to more easily deploy and manage Web applications, and that increase both reliability and scalability. Additionally, IIS 7.5 has streamlined management capabilities and provides more ways than ever to customize your Web serving environment.

The following improvements to IIS and the Windows Web platform are included in Windows Server 2008 R2:

Reduced Effort to Administer and Support Web-Based Applications

Reduced Support and Troubleshooting Effort

Improved File-Transfer Services

Ability to Extend Functionality and Features

Improved .NET Support

Improved Application Pool Security

IIS.NET Community Portal

Reduced Effort to Administer and Support Web-Based Applications

Reducing the effort required to administer and support Web-based applications is a key differentiator for IIS 7.5. Included with this release is support for increased automation, new remote administration scenarios, and improved content publishing for developers and authors. A short list of these features includes:

Expanding the capabilities of IIS Manager through new management modules

Automating common administrative tasks through the Windows PowerShell Provider for IIS

Support for .NET on Server Core, enabling ASP.NET and remote management through IIS Manager

Reduced Support and Troubleshooting Effort

Windows Server 2008 R2 reduces support and troubleshooting effort in the following ways:

Enhanced auditing of changes to IIS 7.5 and application configuration.

Failed Request Tracing for FastCGI.

Best Practices Analyzer (BPA).

Improved FTP Services

Windows Server 2008 R2 includes a new version of FTP server services. These new FTP server services offer the following improvements:

Reduced administrative effort for FTP server services.

Extended support for new Internet standards.

Reduced effort for support and troubleshooting FTP-related issues.

Ability to Extend Functionality and Features

One of the design goals for IIS 7.5 was to make it easy for you to extend the base functionality and features in IIS 7.5 IIS Extensions allow you to build or buy software that can be integrated into IIS 7.5 in such a way that the software appears to be an integral part of IIS 7.5.

Extensions can be created by Microsoft, partners, independent software vendors, and your organization. Microsoft has developed IIS Extensions since the RTM version of Windows Server 2008. These IIS Extensions are available for download from http://www.iis.net. Many of the IIS Extensions developed by Microsoft will be shipped as a part of Windows Server 2008 R2, including WebDAV, Integrated & Enhanced Administration Pack and Windows PowerShell Provider for IIS

The .NET Framework (versions 2.0, 3.0, 3.5.1 and 4.0) is now available on Server Core as an installation option. By taking advantage of this feature, administrators can enable ASP.NET on Server Core, which affords them full use of PowerShell cmdlets. Additionally, .NET support means the ability to perform remote management tasks from IIS manager and host ASP.NET Web applications on Server Core as well.

Building on the application pool isolation that was available with IIS 7.0, that increased security and reliability, every IIS 7.5 application pool now runs with a unique, less-privileged identity. This helps harden the security of applications and services running on IIS 7.5.

To stay current with new additions to IIS in Windows Server 2008 or Windows Server 2008 R2, make sure to visit the IIS.NET community portal (http://www.iis.net). The site includes news updates, in-depth instructional articles, a download center for new IIS solutions, and free advice via blogs and technical forums.

Microsoft SQL Server

Microsoft® SQL Server™ is a database management and analysis system for e-commerce, line-of-business, and data warehousing solutions. In this section you will find information for several versions of SQL Server. You will find articles on database and database application design, as well as examples of the uses that SQL Server can be put to.

SQL Server 2008, the latest version, includes enhanced XML support, integration of .NET Framework objects in databases, improved integration with Microsoft Visual Studio and the Microsoft Office System, as well as improved analysis, reporting, and data integration services.

SQL Server Programming Reference

Programming Reference

[This documentation is for preview only, and is subject to change in later releases. Blank topics are included as placeholders.]

The following features and technologies allow you to develop applications that access data in a SQL Server database.

Programming Reference Sections

Common Language Runtime (CLR) Integration Programming Concepts

Native XML Web Services Concepts

SQL Server Native Client Programming

SQLXML 4.0 Programming Concepts

WMI Provider for Configuration Management Concepts

WMI Provider for Server Events Concepts

WMI Provider Events and Errors

SQL Server Management Objects (SMO)

SQL Distributed Management Objects (SQL-DMO)

Database Engine Extended Stored Procedure Programming

Data Collector Programming

Exception Message Box Programming

ADOMD.NET

Analysis Management Objects (AMO)

ASSL

OLE DB for Data Mining

Integration Services Developer's Guide

Replication Developer's Guide

Reporting Services Developer's Guide

Other Programming Resources

Developing a data-access application may require you to use one or more of the following technologies:

Accessing Data in Visual Studio

SQL Server 2005 Driver for PHP

JDBC

File Services Role

  • The File Services server role in the Windows Server® 2008 operating system provides technologies that help manage storage, enable file replication, manage shared folders, ensure fast file searching, and enable access for UNIX client computers.
  • The following topics describe changes in File Services functionality available in this release:
  • Access-based Enumeration
  • Distributed File System
  • File Server Resource Manager
  • Windows Server Backup
  • Services for Network File System
  • Storage Manager for SANs
  • Transactional NTFS
  • Self-Healing NTFS
  • Symbolic Linking