Appendix C: Documenting Your NAP Design
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista
Documenting your NAP design will help you explain the infrastructure and policy decisions and record the results of the deployment phases of the project. You can use the following sections to create a document with your goals and proposed timeline, and you can add to these sections at the end of each phase of your NAP deployment.
List the terms and definitions that you will use to describe your NAP deployment. For more information, see NAP Terminology.
Provide a brief description of how NAP works or use the following description:
Network Access Protection (NAP) is a solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define the level of network access provided to client computers based on their compliance. If a client is not compliant, NAP can restrict the network access of the computer. NAP also provides a mechanism for automatically bringing the client back into compliance and then granting full network access. NAP is supported by Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, and Windows XP SP3.
List your reasons for deploying NAP and state how your design plan will achieve these goals. Also provide the following:
Benefits: Describe the predeployment state of the network and the benefits you expect to see as a result of the NAP deployment.
Requirements: List what is required to achieve your goals. Examples include operating system updates, equipment purchases, training, cross-team collaboration, and project schedules.
Progress. Describe your current progress.
Infrastructure design plan
List the names and locations of servers and other devices that will be used in your NAP deployment. Include current and future plans. Provide the following details:
Devices and roles: List all devices, including their role, in your NAP design. Include computers and other devices used for NAP enforcement, remediation, and reporting.
Capacity management and redundancy: Describe your expectations for capacity management and redundancy in the NAP design.
Scaling plan. Describe changes that will be required to support the expansion of the NAP deployment to include additional sites, enforcement methods, or health requirements.
Policy design plan
Use this section to document how policies will be configured to implement specific health requirements on your network.
Health requirements: List the SHAs that you plan to deploy with the associated users and groups. Provide current and future plans. Be sure to detail how you will design network policies and health policies on the health policy server to implement these health requirements.
Exemptions: List any users, groups, or devices that you plan to exempt from NAP health checks.
Describe how you will use reporting mode, deferred enforcement, and full enforcement to stage your NAP deployment. Include the following information for each health requirement that you plan to deploy:
Compliance strategy: Provide the minimum level of compliance that will be required to pass each phase of the deployment. Explain why you chose this level of compliance.
Timeline: Provide details of your proposed timeline to implement health requirements on your network. Include your initial timeline and any deviation from that timeline.
Provide NAP reporting data that includes the following.
Metrics: Describe the metrics that you will use to measure your results. These metrics can include NAP reports and data from other network management systems. You can also provide a link to archived data and other customized reports.
Staging results: Provide the compliance results for each stage of your NAP deployment.
Trends. Describe any trends in compliance.
Use this section to describe problems that were encountered and solutions that were implemented during your NAP deployment.