SCCMNAP BLOGS

Supporting System Center & Forefront Security and Identity Mangement

Welcome to SCCMNAP BLOGS Sign in | Join | Help

Home

Blogs

Forums

Photos

Downloads

SCCMNAP BLOGS » Configuration Manager 2007 » Network Access Protection (NAP) » NAP and high availability

NAP and high availability

Last post 04-08-2010 7:29 AM by Richard Dixon. 3 replies.

Page 1 of 1 (4 items)
	Sort Posts: Previous Next

11-19-2009 3:22 AM

magi
Joined on 11-19-2009
Posts 1
Points 0

NAP and high availability

Reply Contact

Hello Il would like to implement NAP with SCCM (DHCP enforcement) SCCM is already implemented. My question is about the criticity of my SCCM Server. What would be the impact on my clients (NAP/DHCP enforcement) if my SCCM server crashes ? And what do I have to do to reduce this criticity (if there's a risk ...) thanks in adance for your help, Magi France

Post Points: 0

12-26-2009 2:12 PM In reply to

Richard Dixon
Joined on 01-05-2008
Redmond, Washington
Posts 187
Points 0

Re: NAP and high availability

Reply Contact

Hi, it depends on what part/site roles of the site scrashes. if the primary site crashes, you are ok because you DP and MPs are up and running. clients would still be able to get policies and validate clients statement of health. The issue will come in where if you MP is don't and clients could not validate policies and the SoH. If the all DPs are down then clients would not be able to get content when required. So in short in sure you have enough MPs and DPs standing. I would seperate the roles of MP, DP and SHV off the site server.

Richard Dixon
Sr Systems Engineer
System Center Integrations Specialist

Filed under: SCCM and NAP integration, SHV System Health Validator Pleacement, NAP, ConfigMgr 2007, SCCM, clients SoH, SHV

Post Points: 0

01-16-2010 9:34 AM In reply to

mimartinez
Joined on 01-06-2010
Posts 1
Points 0

Re: NAP and high availability

Reply Contact

My Customer has asked the following question:

Did you have a chance to find some metrics on how often NAP is able to remediate SCCM/SMS client issues or HBSS (MacAfee EPO). How often does the NAP client itself fail, common causes (other than misconfigurations), resolutions. I was hoping you were going to send some more detailed information once you got back in the office. You had stated that if the NAP server is offline, it would prevent network access. Are there any failover or redundancy capabilities?

Thanks,

Mike

Filed under: SCCM and NAP integration, NAP

Post Points: 0

04-08-2010 7:29 AM In reply to

Richard Dixon
Joined on 01-05-2008
Redmond, Washington
Posts 187
Points 0

Re: NAP and high availability

Reply Contact

NAP does not perform the remediation actions. NAP detects non compliancy based on the policies set. then notifies the systems that will be performing the remediation. this can be customer scripts, SCCM pushing patches or Windows Update pushing the patches down to the client. the NAP servers can be one of many systems depending on what remediation servers you set up. in the context of a NAP server, that can be a DP, a MP, a SHV or any other server that will be performing remediation actions, like running a custom script to perform some kind of remediation attempt. these all can be considered a NAP server. if a client is determind to be out of compliance it will use it last SoH to gain access to the network, but when the client re evaluates its SoH and if still unhealthy it will then go into quarantine.

Richard Dixon
Sr Systems Engineer
System Center Integrations Specialist

Post Points: 0

Page 1 of 1 (4 items)

Powered by Community Server (Non-Commercial Edition), by Telligent Systems