Windows 2008 Network Access Protection (NAP)
After months of cajoling, Adam was finally able to convince Jeff Sigman from the NAP team and Brent Atkison from MSIT to sit still for 30 minutes to talk about why we created NAP, and how we went about deploying it worldwide at Microsoft. Ah, who am I kidding. Jeff’s been asking me for months to put his blue anime hair up on Channel9. Here you go Jeff. Persistance pays off.
Network Access Protection is a new feature in Windows Server 2008 that allows you to enforce computer health requirements before allowing machines to communicate on the network. It’s the answer to the question “do I trust that this machine is patched and won’t infect other machines on my network?”
These guys have done some pretty impressive stuff. The NAP team worked with a list of partners as long as your arm to make sure NAP will play nicely with whatever switch hardware you’ve invested in. Brent shares some impressive sizing guidelines for implementing NAP: Microsoft turned reporting and deferred enforcement on 120,000 machines worldwide, using a very small number of servers. Very small. Less than 3. Total help desk calls as a result? Also a very small number. Oh, and he did that deployment using beta builds of Longhorn Server 2008.
Check out the video http://channel9.msdn.com/showpost.aspx?postid=347154