[NAP] NPS/NAP Reporting - Architecture

This is part 2 of my NAP Reporting series.

At this phase in my NAP project we are in a DHCP reporting mode. This is the easiest way to get your feet wet with NAP, you install NPS on your DHCP servers, and create NAP policies that allow all health levels access to the network. In order to define my security policies at 1 location, I've got all DHCP servers configured as RADIUS clients to a central NPS server. This simplifies NAP administration and also allows me to enable ACS on the central server instead of having it enabled on all DHCP servers. If I wanted to have a decentralized model, ACS could just as easily handle it.

So why ACS? There are several problems with the NPS SQL logging that are handled automatically by ACS. ACS provides you with the database, tables, views, reports, and grooming jobs. With NPS SQL logging your on your own to create all of that. Plus as I mentioned in the last post, the event log has more information than what is provided in SQL logging. Using ACS isn't perfect though, the format of the database is difficult to use at first and it's not suitable for long term storage. If you've got some event log collection software already implemented you may want to consider the pros and cons of using it vs. ACS. I plan on eventually creating a data warehouse to solve my reporting issues but I'm not familiar with that process yet. If or when I get there, I'll blog about it, until then SecureVantage or EnterpriseCertified might have a product that helps.

I'm not going to get into the details of how to set NAP up because Microsoft's step by step guides are excellent. This diagram show's how I've got my environment setup, it's not too complicated and should apply whether you're doing DHCP NAP reporting or any of the other enforcement methods such as 802.1x or IPSec.