Health Registration Authority (HRA)

Applies To: Windows Server 2008

Health Registration Authority (HRA) is a component of a Network Access Protection (NAP) infrastructure that plays a central role in NAP Internet Protocol security (IPsec) enforcement. HRA obtains health certificates on behalf of NAP clients when they are determined to be compliant with network health requirements. These health certificates authenticate NAP clients for IPsec-protected communications with other NAP clients on an intranet. If a NAP client does not have a health certificate, the IPsec peer authentication fails and the NAP client cannot initiate communication with other IPsec-protected computers on the network.

HRA is installed on a computer that is also running Network Policy Server (NPS) and Internet Information Services (IIS). If they are not already installed, these services will be added when you install HRA.

Managed Entities

The following is a list of the managed entities that are included in this managed entity:

Name Description

HRA Backbone Services

To process Network Access Protection (NAP) client requests for health certificates, Health Registration Authority (HRA) must have a connection to Network Policy Server (NPS) and a certification authority (CA) server. These servers must also be configured for NAP Internet Protocol security (IPsec) enforcement.

HRA Server Role

Health Registration Authority (HRA) is responsible for validating client credentials and then forwarding a certificate request to a certification authority (CA) on behalf of Network Access Protection (NAP) clients. HRA validates certificate requests by checking with Network Policy Server (NPS) to determine if the NAP client is compliant with network health requirements. NAP clients use health certificates to communicate on an IPsec-protected network.

NAP Infrastructure