Solution Accelerators Microsoft Forefront Integration Kit for Network Access Protection
Applies To: Forefront Client Security
Download this Solution Accelerator
Click here to get the Microsoft Forefront Integration Kit for Network Access Protection from the Microsoft Download Center.
About This Solution Accelerator
The Microsoft Forefront Integration Kit for Network Access Protection provides a way for two Microsoft technologies to work together: Forefront Client Security and Network Access Protection (NAP). Forefront Client Security is comprehensive anti-malware software from Microsoft that provides unified protection from viruses, spyware, and other current and emerging threats. NAP is a new feature in Windows Server® 2008 that can control network access based on a computer’s compliance with an organization's health policy. NAP uses system health validators (SHVs) to configure the policies that are used to determine if network access is granted. System health agents (SHAs) provide the information needed to make this determination.
Together, Forefront Client Security and NAP can provide an additional defense-in-depth layer against malicious attacks and give administrators a significant degree of control over the security and health of networked computers.
Included in the download:
SHA and SHV components for 32-bit and 64-bit platforms.
These NAP components provide the ability to configure a Forefront Client Security compliance health policy, monitor the operational health of Forefront Client Security in real time, and remediate problems that arise.
Documentation for the Microsoft Forefront Integration Kit for Network Access Protection is available on TechNet (https://go.microsoft.com/fwlink/?LinkId=193131).
In more detail
What is the Microsoft Forefront Integration Kit for Network Access Protection? Why should I use it?
Answer: The Microsoft Forefront Integration Kit for Network Access Protection provides customers with health policy enforcement for Forefront Client Security. The Kit includes a system health agent (SHA) and a system health validator (SHV). These are the key components the Integration Kit uses to enforce health policy.
What are the benefits of using the Microsoft Forefront Integration Kit for Network Access Protection?
Answer: The Microsoft Forefront Integration Kit for Network Access Protection is designed to help you strengthen security in your environment by providing an additional defense-in-depth layer. The Kit helps you to:
Control access to network resources based on a NAP health policy specific to Forefront Client Security version 1.0
Trigger remediation actions on client computers to support auto-remediation
Leverage your investments in NAP and Forefront Client Security
What are the system health agent (SHA) and system health validator (SHV), and why should I use them?
Answer: The SHA and SHV are key components because they provide the ability to integrate NAP with Forefront Client Security. Detailed information about SHA and SHV components is available in the white paper Network Access Protection Platform Architecture (https://go.microsoft.com/fwlink/?LinkId=192579).
Forefront Client Security
Forefront Client Security provides unified malware protection for business desktop computers, laptops, and servers from threats such as spyware, viruses, and rootkits. With Forefront Client Security, IT administrators can quickly and clearly see the current status of their networks, manage security for client and server computers, and view a history of malware activity in their environments.
Network Access Protection (NAP)
NAP is a policy enforcement platform with components that are built into Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista®, and 32-bit Windows® XP with Service Pack 3 (SP3). NAP uses a Network Protection Server (NPS), SHAs, and SHVs to monitor the health of computers in a network. NAP enables administrators to specify health requirements for their networks and to isolate computers that are noncompliant.
Solution Architecture
The following subsections specify the required components of the Integration Kit.
Required Components
Components that the solution requires include:
A Forefront Client Security 1.0 infrastructure
Network Access Protection, a component of Windows Server 2008, 32-bit or 64-bit editions, and Windows Server 2008 R2
Active Directory® Domain Services (AD DS)
Operating System Requirements
To deploy the Integration Kit, server computers must be running Windows Server 2008 or Windows Server 2008 R2. Client computers must be running either a 32-bit or 64-bit version of one of the following operating systems:
Professional, Enterprise, or Ultimate editions of Windows 7
Business, Enterprise, or Ultimate editions of Windows Vista
Standard or Enterprise editions of Windows Server 2008 and Windows Server 2008 R2
Windows XP Professional Edition with SP3 (32-bit version only)
Important
If you have previously installed an earlier version of this Integration Kit, you must uninstall both the Forefront Client Security SHA and the Forefront Client Security SHV before you can install this updated version.
Solution Components
The following core components are included in this solution:
Forefront Client Security SHA. A standard NAP client computer component that reports Forefront Client Security–related information to the NPS.
Forefront Client Security SHV. A standard NAP server computer component that interprets the Forefront Client Security–related information from computers that run the SHA.
The Microsoft Forefront Client Security SHA/SHV Deployment Guide, which includes an Overview as well as the following four chapters:
Chapter 1: Integration Kit Requirements. This chapter provides information about the infrastructure elements that need to be in place before implementing the Microsoft Forefront Integration Kit for Network Access Protection, which requires a functioning NAP infrastructure and healthy Forefront Client Security infrastructure.
Chapter 2: Installation and Configuration Information. This chapter provides guidance for deploying the Integration Kit. It includes information about planning the policies, deploying the SHA to computers, and installing the server components.
Chapter 3: Client Remediation Actions. This chapter explains the different auto-remediation actions that might occur when using the Integration Kit, and describes which actions might require manual remediation by an administrator.
Chapter 4: Troubleshooting and Error Logging. This chapter provides guidance about interpreting the event messages that the Forefront Client Security SHA and SHV components generate as well as information about error logs generated by NAP and Forefront Client Security.
Related Resources
See the following resources on the Microsoft Web site for more information about this and other Solution Accelerators:
Microsoft Security Compliance Manager (https://go.microsoft.com/fwlink/?LinkId=192585 )
Security Risk Management Guide (https://go.microsoft.com/fwlink/?LinkId=192586)
IT Compliance Management Guide (https://go.microsoft.com/fwlink/?LinkId=192587)
Windows Vista Security Baseline (https://go.microsoft.com/fwlink/?LinkID=74027)
Windows XP Security Baseline (https://go.microsoft.com/fwlink/?LinkId=14839)
Windows Server 2003 Security Baseline (https://go.microsoft.com/fwlink/?LinkId=14845)
System Center Configuration Manager Extensions for SCAP (https://go.microsoft.com/fwlink/?LinkId=113938)
See the Network Access Protection (https://go.microsoft.com/fwlink/?LinkID=139149) site on Microsoft TechNet.
See the Forefront Client Security TechCenter (https://go.microsoft.com/fwlink/?LinkId=192591) site on Microsoft TechNet.
For more information about all of the Microsoft Solution Accelerators, see the Solution Accelerators (https://go.microsoft.com/fwlink/?LinkId=192592) site on Microsoft TechNet.
Community and Feedback
Want to know what’s coming up next? Check out our Security Guidance Blog (https://go.microsoft.com/fwlink/?LinkId=192593).
E-mail your feedback to the following address: SecWish@microsoft.com
If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (https://go.microsoft.com/fwlink/?LinkID=132579) - less than ten minutes long.
About Solution Accelerators
Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Register (https://go.microsoft.com/fwlink/?LinkId=192594)to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:
Communication & Collaboration
Security, Data Protection, & Recovery
Deployment
Download this Solution Accelerator
Click here (https://go.microsoft.com/fwlink/?LinkId=119597)to get the Microsoft Forefront Integration Kit for Network Access Protection from the Microsoft Download Center.