Mapping Your Deployment Goals to a NAP Design

Updated: October 6, 2008

After you have reviewed the NAP deployment goals and determined which are appropriate for your organization, you can map those goals to a specific design.

The following table shows how well the NAP designs meet the deployment goals discussed in Identifying Your NAP Deployment Goals. This table refers only to the four primary NAP designs described in this guide. However, you can combine the NAP deployment goals as appropriate for your organization.

NAP deployment goal	IPsec enforcement design	802.1X enforcement design	VPN enforcement design	DHCP enforcement design
Keep Computers Updated	Excellent	Very Good	Good	Good
Protect Roaming Laptop Computers	Excellent	Good	Good	Good
Protect Corporate Headquarters from Noncompliant Computers	Excellent	Excellent	Good	Poor
Protect a Branch Office from Noncompliant Computers	Excellent	Excellent	Good	Poor
Manage Risk Within the Network	Excellent	Very Good	Good	Good
Track Compliance with Security Policies	Excellent	Excellent	Good	Good
Protect Remote Access	Excellent	N/A	Excellent	N/A
Protect Corporate Assets from Unmanaged Computers	Excellent	Very Good	Excellent	Poor

Before you select a NAP design, you must understand how each enforcement method works. You should also be sure to review component requirements and configuration details. The following enforcement methods are discussed in this guide: