Windows Server 2008 Remote Access and Network Access Protection
In the following case scenarios, you will apply what you have learned about planning server installs and upgrades. You can find answers to these questions in the “Answers” section at the end of this book.
Case Scenario 1: Remote Access at Wingtip Toys
Wingtip Toys has branch office locations in Sydney and Melbourne, Australia. The branch office firewalls are configured to let traffic from the Internet through only to hosts on the screened subnet on TCP ports 25, 80, and 443. An RD Gateway server has been installed on the screened subnet at the Sydney location. A multihomed computer running Windows Server 2008 R2 with the Remote Access role installed will be deployed on the Melbourne screened subnet next week. Given this information, provide answers to the following questions:
What type of policy should you configure to limit access at the Sydney location to a list of authorized users?
When the Melbourne server is deployed, what VPN protocol would you use to provide access if you are not able to modify the existing firewall rules?
What sort of NAP enforcement should you use in the Melbourne location?
Case Scenario 2: Coho Vineyard NAP
You are in the process of improving network security at Coho Vineyard’s head office. Coho Vineyard has 20 servers running Windows Server 2008 R2 and 400 clients running Windows 7 Enterprise edition. As a part of this process, you intend to deploy NAP, but must deal with the following design constraints:
Management at Coho want to do a six-month trial before they commit to purchasing any new hardware. The pilot program should allow NAP to be tested and ensure that noncompliant clients are remediated.
If the pilot program proves to be successful, NAP should be implemented in such a way that unhealthy clients are blocked from accessing the network at the switch level.
Coho Vineyard does not have the necessary hardware infrastructure at this time to implement switch-level network access demarcation, but the hardware will be purchased at the conclusion of a successful pilot program.
Several of Coho Vineyard’s legacy third-party systems do not support the IPsec protocol.
With this information in mind, answer the following questions:
Which NAP method should be used at Coho Vineyard during the pilot program?
Which NAP method should be used at Coho Vineyard once the pilot program is deemed successful?
What steps should you take to allow for remediation?