Network Access Protection
Protection (NAP) is a platform and solution introduced in Windows Server 2008
R2 that helps to maintain the network's overall integrity by controlling access
to network resources based on a client computer's compliance with system health
policies. Examples of system health policies include making sure that clients
have the latest antivirus definitions and security updates installed, a
firewall installed and enabled, and so on. If a client is not compliant with
the network health requirements, NAP can be configured to limit the client's
network access. NAP also provides a mechanism to automatically bring the client
back to compliance.
The NAP server
validates client health using the system health policies.
The NAP server is
supported on Windows Server 2008 R2.
The NAP client is
supported on the following operating systems:
When a NAP client
attempts to connect to the network, the client's health state is validated
against the health requirement policies defined in the Network Policy Server
If a client is not
compliant with the defined health policies, the administrator can choose to
limit the client's access to a restricted network. This restricted network
ideally contains health update resources for the client to gain compliance. In
this limited access environment, only clients that comply with the health
requirement policies are allowed unlimited access to the network. However, the
administrator can also define exceptions.
can choose to configure a monitoring-only environment where the noncompliant
client can still be granted full network access. In this environment, the
compliant state for each client is logged.
can also choose to automatically update noncompliant clients with missing
software updates to help ensure compliance. In a limited access environment,
noncompliant clients have restricted network access until the updates and
configuration changes are completed. In a monitoring-only environment,
noncompliant clients have full access to the network before they are updated
with the required changes.
With all these
options available, administrators can configure a solution that is best
tailored to the needs of their networks.
Using Microsoft Windows NAP with Unified CCE
Network Policy Server
As a general rule, do not use a Unified CCE server for any
other purpose than for Unified CCE approved software. Therefore, do not run the
Network Policy Server on any Unified CCE machine such as ICM, CVP, and so
Unified CCE Servers
NAP can be used in a
few different ways. The following are some deployment options a user can
consider using with Unified CCE:
servers using a limited access environment—NOT SUPPORTED
In this model,
the Unified CCE servers such as the ICM PG, ICM Router, ICM Logger, and ICM
AW/HDS would become inaccessible if they fall out of compliance. This
inaccessibility would cause the entire call center to go down until machines
become compliant again.
server uses monitoring-only environment
This mode could
be useful to track the health status of the Unified CCE servers.
servers that are exempt from health validation
In this mode,
the Unified CCE servers work in a NAP environment but do not become
inaccessible from the network. The Unified CCE server's state of health does
not affect communications to and from the Unified CCE servers.
Unified CCE Client
Machines and NAP
contains information about Unified CCE client machines and NAP.
client machines using limited access environment:
Systems in this
environment must be compliant with all policies that the network administrator
sets up. For example, if an agent desktop is in this environment then the agent
would not be able to sign in or contact the Agent PG in any way until the
client machine becomes compliant with the NAP policies that are active.
client machines using monitoring-only environment:
Same as above
for Unified CCE servers.
client machines that are exempt from health validation:
Same as above
for Unified CCE servers.
For more information
about NAP, see the following references: