Planning the Placement of a NAP Health Requirement Server

  • Article

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

NAP health requirement servers communicate with the NAP health policy server to establish requirements for installed SHVs. An SHV does not always use a health requirement server to obtain health requirements. For example, health requirements for the WSHV are configured only on a health policy server. The design of an SHV determines whether a health requirement server is required. Some examples of NAP health requirement servers include:

  • Antivirus signature servers. An antivirus SHV might contact an antivirus server to determine the date of the most recent antivirus signature.

  • Domain controllers. An SHV might use Active Directory Domain Services (AD DS) to determine whether the client meets current health requirements. For example, the System Center Configuration Manager SHV uses a global catalog server to validate the client’s health state by checking the health state reference published to AD DS.

  • Proprietary servers. As new SHVs are developed, vendors might require that the NAP health policy server communicates with selected vendor services.

When to install a health requirement server

A health requirement server is required only if you have deployed an SHV that uses a health requirement server to obtain current health policy.

Where to place a health requirement server

A health requirement server must be able to communicate with the NAP health policy server. You can install the health requirement server on the same computer as the health policy server if resources are sufficient. If these services are installed on separate computers, the health requirement server must maintain network connectivity to the NAP health policy server.

Planning redundancy for a health requirement server

If health requirement servers support them, you can use scalability and availability technologies, such as network load balancing, to provide redundancy. Alternatively, an SHV vendor might incorporate server redundancy into the functionality or configuration of the SHV.