Documente Academic
Documente Profesional
Documente Cultură
Module 6: Implementing Direct Access Module 12: Implementing Active Directory Federation Services
Module Overview
Implementing DNS and DHCP Enhancements Implementing IP Address Management NAP Overview
Implementing NAP
GlobalNames Zones
the DNS server role Sign the zones Configure trust anchor distribution points Configure NRPT on clients
DEMO: Configuring DNSSEC In this demonstration you will learn how to configure DNSSEC
DHCP Limitations Failure of DHCP will result in loss of network connectivity for clients
Windows systems can have their DNS name registrations overwritten by non-Microsoft systems bearing the same system name
failover partner is considered to be down Message authentication can validate the failover messages Firewall rules auto-configured during DHCP installation
management:
Planning Managing Tracking Auditing
administrators
IPAM Architecture
IPAM has four main modules: IPAM discovery IP address space management Multi-server management and monitoring Operational auditing and IP address tracking IPAM can be deployed in three topologies: Distributed Centralized Hybrid IPAM has two components: IPAM Server IPAM Client
DEMO: Implementing IPAM In this demonstration you will see how to: Install IPAM Create IPAM related GPOs Initiate server discovery
What is NAP?
Network Access Protection can: Enforce health-requirement policies on client computers Ensure client computers are compliant with policies Offer remediation support for computers that do not meet health requirements Network Access Protection cannot: Protect the network from malicious users Guarantee that a client computer is not infected
server role
NAP Architecture
VPN Use slide 7 from 6421B_07.pptx Server Architecture The title is NAP Platform Active Directory
Internet
Perimeter Network
DHCP Server
Remediation Servers
Restricted Network
the client Network Policy Server (NPS) is required to create and enforce policies SHVs are required to determine what will be evaluated on the client System health policies are required to determine client compliance or noncompliance Certificates are required to validate computer identities for PEAP authentication Remediation networks can provide a way for clients to become compliant and gain access to the network
noncompliant clients Network policy grants full access to compliant clients and limited access to noncompliant clients Group policy or local policy can enable the ECs on client computers NAP agent service must be enabled on clients Computer certificates are required for PEAP authentication
certificate on behalf of clients Authentication requirements: domain only or anonymous An NPS server Clients configured for IPsec enforcement IPsec policies to create logical networks
evaluate client health NPS tells the DHCP server to provide full access to compliant computers and to restrict access to noncompliant computers
Quick Review
Will client computers still be able to access the
network if the DHCP server fails? Is a third party certification authority required to implement DNSSEC? What is the difference between a centralized and a distributed IPAM topology? True or false: NAP can protect your network from viruses and malware on remote computers that connect to your network through VPN connections.