Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.
Wednesday, April 20, 2011
Windows 2008 Editions and NPS
NPS provides different functionality depending on the edition of Windows Server 2008 and Windows 2008 R2 that you install.In Enterprise and Datacenter editions you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure a group of RADIUS clients by specifying an IP address range.
In Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of two remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query. Windows Web Server 2008 does not include NPS.
You can upgrade a server running Windows Server 2003 and IAS to Windows Server 2008 and NPS. During the upgrade process, the server configuration is preserved but, remote access policies change name to network policies.
Installing a Network Policy Server
1. Open Server Manager
2. Click the Add Roles link in the Actions pane.
3. On the Welcome page, click Next
4. From the list of roles to install, select Network Policy and Access Services from the list, and click Next
5. Review the information provided on the Welcome page, and click Next
6. On the Select Role Services page, select which role services to install on the server, Click Next
7.On the Certificate Authority page, choose whether to install a local CA for issuing health certificates or to use an existing remote CA. If using a remote CA, make sure it is dedicated to issuing only health certificates. Click Next
8. Select whether to configure the HRA to allow only domain-authenticated users to get health certificates. Click Next
9. Select a server authentication certificate to be used to encrypt the network traffic, the certificate should be from an authority that is trusted by all of the clients, an internal enterprise domain CA or an external third-party CA. Click Next
10. On the Confirmation page, click Install.
11. Click Close when the wizard completes
Network Policy Server
Network Policy Server is Microsofts implementation of Remote Authentication Dial-in User Service (RADIUS) Server and Proxy in Windows Server 2008, and replacement for Internet Authentication Service in Server 2003. NPS allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following features:
RADIUS Server:
Performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network connection,and for connections to computers running Terminal Services Gateway. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests.To deploy NPS with TS Gateway,you must deploy TS Gateway on the local or a remote computer that is running Windows Server 2008.To deploy NPS with Routing and Remote Access configured as a VPN server,a member of a VPN site-to-site configuration, or a dial-up server, you must deploy Routing and Remote Access on the local or a remote computer that is running Windows Server 2008.
RADIUS Proxy:
When you use NPS as a RADIUS proxy, you can configure connection request policies that tell the NPS server which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests.
Network Access Protection (NAP) policy server:
When configured as a NAP policy server, NPS evaluates statements of health sent by NAP-capable client computers that want to connect to the network.It also acts as a RADIUS server when configured with NAP, performing authentication and authorization for connection requests. You can configure NAP policies and settings including system health validators, health policy, and remediation server groups.Installation of the Network Policy and Access Services role installs the Network Policy Server component and the RADIUS role
802.3 Wired
You can configure 802.1X-based connection request policies for 802.3 wired client Ethernet network access. You can also configure 802.1X-compliant switches as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, authentication, authorization, and accounting for 802.3 Ethernet connections.
802.11 Wireless
You can configure 802.1X-based connection request policies for 802.11 wireless client network access. You can also configure wireless access points as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, perform authentication, authorization, and accounting for 802.11 wireless connections. You can integrate 802.11 wireless access with NAP when deploying a wireless 802.1X infrastructure so that wireless clients is verified against health policys before they are allowed to connect to the network.
Improving the Web Application Platform
Windows Server 2008 R2 includes many enhancements that make this release the most robust Windows Server Web application platform yet. It offers an updated Web server role, Internet Information Services (IIS) 7.5, and greater support for .NET on Server Core. Design goals for IIS 7.5 concentrated on improvements that enable Web administrators to more easily deploy and manage Web applications, and that increase both reliability and scalability. Additionally, IIS 7.5 has streamlined management capabilities and provides more ways than ever to customize your Web serving environment.
The following improvements to IIS and the Windows Web platform are included in Windows Server 2008 R2:
Reduced Effort to Administer and Support Web-Based Applications
Reduced Support and Troubleshooting Effort
Improved File-Transfer Services
Ability to Extend Functionality and Features
Improved .NET Support
Improved Application Pool Security
IIS.NET Community Portal
Reduced Effort to Administer and Support Web-Based Applications
Reducing the effort required to administer and support Web-based applications is a key differentiator for IIS 7.5. Included with this release is support for increased automation, new remote administration scenarios, and improved content publishing for developers and authors. A short list of these features includes:
Expanding the capabilities of IIS Manager through new management modules
Automating common administrative tasks through the Windows PowerShell Provider for IIS
Support for .NET on Server Core, enabling ASP.NET and remote management through IIS Manager
Reduced Support and Troubleshooting Effort
Windows Server 2008 R2 reduces support and troubleshooting effort in the following ways:
Enhanced auditing of changes to IIS 7.5 and application configuration.
Failed Request Tracing for FastCGI.
Best Practices Analyzer (BPA).
Improved FTP Services
Windows Server 2008 R2 includes a new version of FTP server services. These new FTP server services offer the following improvements:
Reduced administrative effort for FTP server services.
Extended support for new Internet standards.
Reduced effort for support and troubleshooting FTP-related issues.
Ability to Extend Functionality and Features
One of the design goals for IIS 7.5 was to make it easy for you to extend the base functionality and features in IIS 7.5 IIS Extensions allow you to build or buy software that can be integrated into IIS 7.5 in such a way that the software appears to be an integral part of IIS 7.5.
Extensions can be created by Microsoft, partners, independent software vendors, and your organization. Microsoft has developed IIS Extensions since the RTM version of Windows Server 2008. These IIS Extensions are available for download from http://www.iis.net. Many of the IIS Extensions developed by Microsoft will be shipped as a part of Windows Server 2008 R2, including WebDAV, Integrated & Enhanced Administration Pack and Windows PowerShell Provider for IIS
The .NET Framework (versions 2.0, 3.0, 3.5.1 and 4.0) is now available on Server Core as an installation option. By taking advantage of this feature, administrators can enable ASP.NET on Server Core, which affords them full use of PowerShell cmdlets. Additionally, .NET support means the ability to perform remote management tasks from IIS manager and host ASP.NET Web applications on Server Core as well.
Building on the application pool isolation that was available with IIS 7.0, that increased security and reliability, every IIS 7.5 application pool now runs with a unique, less-privileged identity. This helps harden the security of applications and services running on IIS 7.5.
To stay current with new additions to IIS in Windows Server 2008 or Windows Server 2008 R2, make sure to visit the IIS.NET community portal (http://www.iis.net). The site includes news updates, in-depth instructional articles, a download center for new IIS solutions, and free advice via blogs and technical forums.
Microsoft SQL Server
Microsoft® SQL Server™ is a database management and analysis system for e-commerce, line-of-business, and data warehousing solutions. In this section you will find information for several versions of SQL Server. You will find articles on database and database application design, as well as examples of the uses that SQL Server can be put to.
SQL Server 2008, the latest version, includes enhanced XML support, integration of .NET Framework objects in databases, improved integration with Microsoft Visual Studio and the Microsoft Office System, as well as improved analysis, reporting, and data integration services.
SQL Server Programming Reference
Programming Reference
[This documentation is for preview only, and is subject to change in later releases. Blank topics are included as placeholders.]
The following features and technologies allow you to develop applications that access data in a SQL Server database.
Programming Reference Sections
Common Language Runtime (CLR) Integration Programming Concepts
Native XML Web Services Concepts
SQL Server Native Client Programming
SQLXML 4.0 Programming Concepts
WMI Provider for Configuration Management Concepts
WMI Provider for Server Events Concepts
WMI Provider Events and Errors
SQL Server Management Objects (SMO)
SQL Distributed Management Objects (SQL-DMO)
Database Engine Extended Stored Procedure Programming
Data Collector Programming
Exception Message Box Programming
ADOMD.NET
Analysis Management Objects (AMO)
ASSL
OLE DB for Data Mining
Integration Services Developer's Guide
Replication Developer's Guide
Reporting Services Developer's Guide
Other Programming Resources
Developing a data-access application may require you to use one or more of the following technologies:
Accessing Data in Visual Studio
SQL Server 2005 Driver for PHP
JDBC
File Services Role
- The File Services server role in the Windows Server® 2008 operating system provides technologies that help manage storage, enable file replication, manage shared folders, ensure fast file searching, and enable access for UNIX client computers.
- The following topics describe changes in File Services functionality available in this release:
- Access-based Enumeration
- Distributed File System
- File Server Resource Manager
- Windows Server Backup
- Services for Network File System
- Storage Manager for SANs
- Transactional NTFS
- Self-Healing NTFS
- Symbolic Linking