Network Policy Server Infrastructure

Applies To: Windows Server 2008

Network Policy Server (NPS) allows you to centrally configure and manage network policies with the following three features: RADIUS server, RADIUS proxy, and Network Access Protection (NAP) policy server. With NPS, you can authorize and authenticate network connections through a variety of network access servers, including IEEE 802.1X authenticating switches and wireless access points, virtual private network (VPN) servers, dial-up servers, and computers running Windows Server 2008 with Terminal Services Gateway (TS Gateway).

Network Policy Server is a role service of the Network Policy and Access Services server role.

Hierarchy of Managed Entities

Managed Entities

Name Description

Network Policy Server (NPS)

Network Policy Server (NPS) provides authentication, authorization, and accounting services for network access servers, such as IEEE 802.1X authenticating switches and wireless access points, virtual private network (VPN) servers, dial-up servers, and computers running Windows Server 2008 with Terminal Services Gateway (TS Gateway).

NPS Accounting

Network Policy Server (NPS) accounting is the logging of user authentication and accounting requests to a local file or a SQL Server database.

NPS RADIUS Proxy

Network Policy Server (NPS) can be used as a RADIUS proxy to provide the routing of RADIUS messages between RADIUS clients (access servers) and RADIUS servers that perform user authentication, authorization, and accounting for the connection attempt. When used as a RADIUS proxy, NPS is a central switching or routing point through which RADIUS access and accounting messages flow. NPS records information about forwarded messages in an accounting log.

NPS Network Access Protection

Network Access Protection (NAP) is a client health policy creation, enforcement, and remediation technology that is included in Windows Vista and Windows Server 2008. With NAP, you can establish health policies that define software requirements, security update requirements, and required configuration settings for computers that connect to your network.

NPS RADIUS Server

Network Policy Server (NPS) can be used as a RADIUS server to perform authentication, authorization, and accounting for RADIUS clients. A RADIUS client can be either a network access server or a RADIUS proxy. When NPS is used as a RADIUS server, it provides a central authentication and authorization service for all access requests and a central accounting service for all accounting requests that are sent by RADIUS clients.

NPS RADIUS Client

A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.

Client computers, such as wireless laptop computers and other computers running client operating systems, are not RADIUS clients.