Selecting the Right NAP Architecture

Download the Guide for Selecting the Right NAP Architecture

About This Guide

The Selecting the Right NAP Architecture guide provides a consistent structure for addressing the decisions and activities most critical to the successful implementation of the Microsoft Network Access Protection (NAP) infrastructure. This guide includes several specific questions to answer when designing a NAP architecture, such as determining the current capabilities of the network infrastructure and computers, ranking importance of cost versus robustness of the solution, and deciding how client computers connect to the network.


Figure 1. Decision flow chart

The Infrastructure Planning and Design Guide for Selecting the Right NAP Architecture includes the following four-step process:

Step 1: Determine Client Connectivity. This step involves determining how client devices will connect to the corporate network.

Step 2: Determine the VPN Platform. This step involves identifying which VPN platform that will be used to connect to the network.

Step 3: Determine the Enforcement Layer. The purpose of this step is to determine whether to enforce NAP restrictions at each host using IPsec or to enforce it on the network.

Step 4: Select Between 802.1X and DHCP. If IT decides to enforce NAP restrictions at the network layer, the organization must choose between two methods: 802.1X and DHCP.

Related Resources


About Solution Accelerators

Solution Accelerators are authoritative resources that help IT pros plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:

  • Communication and collaboration

  • Security, data protection, and recovery

  • Deployment

  • Operations and management

See also