2.2 Protocol Summary
The following tables provide a comprehensive list of the NAP member protocols, where the protocols are grouped according to their primary purpose for NAP deployment.
The following protocols enable NAP for IP Configuration access.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Dynamic Host Configuration Protocol (DHCP) Extensions for Network Access Protection (NAP) |
DHCP is used by clients to configure their IP stack including address, DNS hosts, and so on. |
|
|
Microsoft Dynamic Host Configuration Protocol (DHCP) Server Management Protocol |
As previously mentioned, DHCP is used by clients to configure their IP stack including their IP address, DNS servers, gateways, and so on. This document details extensions and implementation decisions made by Microsoft. |
The following protocols enable NAP for VPN access and LAN access.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Protected Extensible Authentication Protocol (PEAP) |
PEAP specifies the EAP method for end-to-end TLS-protected EAP between the client/NEP and NPS [RFC2716]. |
The following protocols enable NAP for IPsec access.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Health Certificate Enrollment Protocol (HCEP) |
HCEP details how the client enrolls for a health certificate based on its SoH. This certificate is then used by the IPsec layer to perform network access enforcement. |
|
|
Internet Key Exchange Protocol |
This document details extensions to and differences from the IETF IKE standards as made by Microsoft. |
The following protocols enable NAP for Remote Desktop access.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Remote Desktop Gateway Server Protocol |
Remote Desktop is a Microsoft Protocol that allows thin clients to run displays from a terminal server supporting many clients. |
The following protocols are used by NAP policy servers (NPS).
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Vendor-Specific RADIUS Attributes for Network Access Protection (NAP) Data Structure (RADIUS) |
RADIUS allows for NAP communication to NAP policy servers. |
The following protocols enable SoH communication.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Protocol Bindings for SoH |
Specifies the format and message exchange of SoH request and SoH response (SoHR) messages. |
|
|
Windows Security Health Agent (WSHA) and Windows Security Health Validator (WSHV) Protocol |
The WSHA reports the system security health state (Windows Security Center) to the WSHV which responds with quarantine and remediation instructions if the status reported is not compliant with the defined security health policy. |