Archive

Archive for the ‘SHAs and SHVs’ Category

See NAP at TechEd 2009

May 12th, 2009 Comments off

Hey NAP Fans!


If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC).  It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2. 


Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments.   Both are on Friday May 15th:


WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together


Presenter: Jay Ferron


Fri 5/15 | 9:00 AM-10:15 AM | Room 502A


 


WSV305 Deploying NAP: Best Practices and Lessons Learned


Presenters: Venkatesh Gopalakrishnan, Lambert Green


Fri 5/15 | 2:45 PM-4:00 PM | Room 403B


 


Hope to see you there,


The NAP Team

See NAP at TechEd 2009

May 12th, 2009 No comments

Hey NAP Fans!


If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC).  It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2. 


Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments.   Both are on Friday May 15th:


WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together


Presenter: Jay Ferron


Fri 5/15 | 9:00 AM-10:15 AM | Room 502A


 


WSV305 Deploying NAP: Best Practices and Lessons Learned


Presenters: Venkatesh Gopalakrishnan, Lambert Green


Fri 5/15 | 2:45 PM-4:00 PM | Room 403B


 


Hope to see you there,


The NAP Team

See NAP at TechEd 2009

May 12th, 2009 No comments

Hey NAP Fans!


If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC).  It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2. 


Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments.   Both are on Friday May 15th:


WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together


Presenter: Jay Ferron


Fri 5/15 | 9:00 AM-10:15 AM | Room 502A


 


WSV305 Deploying NAP: Best Practices and Lessons Learned


Presenters: Venkatesh Gopalakrishnan, Lambert Green


Fri 5/15 | 2:45 PM-4:00 PM | Room 403B


 


Hope to see you there,


The NAP Team

See NAP at TechEd 2009

May 12th, 2009 No comments

Hey NAP Fans!


If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC).  It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2. 


Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments.   Both are on Friday May 15th:


WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together


Presenter: Jay Ferron


Fri 5/15 | 9:00 AM-10:15 AM | Room 502A


 


WSV305 Deploying NAP: Best Practices and Lessons Learned


Presenters: Venkatesh Gopalakrishnan, Lambert Green


Fri 5/15 | 2:45 PM-4:00 PM | Room 403B


 


Hope to see you there,


The NAP Team

See NAP at TechEd 2009

May 12th, 2009 No comments

Hey NAP Fans!


If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC).  It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2. 


Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments.   Both are on Friday May 15th:


WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together


Presenter: Jay Ferron


Fri 5/15 | 9:00 AM-10:15 AM | Room 502A


 


WSV305 Deploying NAP: Best Practices and Lessons Learned


Presenters: Venkatesh Gopalakrishnan, Lambert Green


Fri 5/15 | 2:45 PM-4:00 PM | Room 403B


 


Hope to see you there,


The NAP Team

See NAP at TechEd 2009

May 11th, 2009 No comments

Hey NAP Fans!

If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC).  It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2. 

Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments.   Both are on Friday May 15th:

WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together

Presenter: Jay Ferron

Fri 5/15 | 9:00 AM-10:15 AM | Room 502A

 

WSV305 Deploying NAP: Best Practices and Lessons Learned

Presenters: Venkatesh Gopalakrishnan, Lambert Green

Fri 5/15 | 2:45 PM-4:00 PM | Room 403B

 

Hope to see you there,

The NAP Team

SHV Multi-Config in Windows Server 2008 R2

April 2nd, 2009 Comments off

In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.


In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.


To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.


Windows System Health Validator settings 


For a larger version of this figure, click here.


There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.


To create another configuration for the WSHV, do the following:


1. Right-click Settings, and then click New.


2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.


3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.


The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.


WSHV Settings for DHCP 


For a larger version of this figure, click here.


To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.


Example of selecting an SHV configuration 


Click the desired configuration of the WSHV, and then click OK.


 


NAP Product Team 

SHV Multi-Config in Windows Server 2008 R2

April 2nd, 2009 No comments

In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.


In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.


To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.


Windows System Health Validator settings 


For a larger version of this figure, click here.


There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.


To create another configuration for the WSHV, do the following:


1. Right-click Settings, and then click New.


2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.


3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.


The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.


WSHV Settings for DHCP 


For a larger version of this figure, click here.


To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.


Example of selecting an SHV configuration 


Click the desired configuration of the WSHV, and then click OK.


 


NAP Product Team 

SHV Multi-Config in Windows Server 2008 R2

April 2nd, 2009 No comments

In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.


In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.


To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.


Windows System Health Validator settings 


For a larger version of this figure, click here.


There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.


To create another configuration for the WSHV, do the following:


1. Right-click Settings, and then click New.


2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.


3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.


The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.


WSHV Settings for DHCP 


For a larger version of this figure, click here.


To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.


Example of selecting an SHV configuration 


Click the desired configuration of the WSHV, and then click OK.


 


NAP Product Team 

SHV Multi-Config in Windows Server 2008 R2

April 2nd, 2009 No comments

In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.


In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.


To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.


Windows System Health Validator settings 


For a larger version of this figure, click here.


There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.


To create another configuration for the WSHV, do the following:


1. Right-click Settings, and then click New.


2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.


3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.


The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.


WSHV Settings for DHCP 


For a larger version of this figure, click here.


To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.


Example of selecting an SHV configuration 


Click the desired configuration of the WSHV, and then click OK.


 


NAP Product Team 

SHV Multi-Config in Windows Server 2008 R2

April 2nd, 2009 No comments

In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.


In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.


To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.


Windows System Health Validator settings 


For a larger version of this figure, click here.


There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.


To create another configuration for the WSHV, do the following:


1. Right-click Settings, and then click New.


2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.


3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.


The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.


WSHV Settings for DHCP 


For a larger version of this figure, click here.


To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.


Example of selecting an SHV configuration 


Click the desired configuration of the WSHV, and then click OK.


 


NAP Product Team 

SHV Multi-Config in Windows Server 2008 R2

April 1st, 2009 No comments

In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.

In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.

To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.

Windows System Health Validator settings 

For a larger version of this figure, click here.

There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.

To create another configuration for the WSHV, do the following:

1. Right-click Settings, and then click New.

2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.

3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.

The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.

WSHV Settings for DHCP 

For a larger version of this figure, click here.

To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.

Example of selecting an SHV configuration 

Click the desired configuration of the WSHV, and then click OK.

 

NAP Product Team

 

Five Ways to Draw More Value from Microsoft NAP Deployments

January 7th, 2009 Comments off

Here is a guest posting from our NAP Partner Avenda Systems.



 


When the founders of Avenda Systems decided to build a Policy Platform, one of the first stops included Microsoft. NAP was in the works and discussions with other industry experts led us to embrace the idea of creating a product or products that truly allowed for adding value to the NAP platform.


Early discussions with Microsoft centered on the development of extensible NAP agents for the support of Windows and Vista operating systems, as well as delivering agents for client operating systems other than Windows. The plan was to provide supplemental value to allow organizations to easily deploy NAP in heterogeneous operating system environments and take advantage of NAP’s robust endpoint health policy architecture.


Here are five ways that you can get value from the combination of NAP and products from Avenda Systems:


1.     No other Policy Server required


The use of Avenda’s eAgents lets organizations use the resources they have already deployed to support NAP.  All three functions of Windows Server 2008, Network Policy Server (NPS)—RADIUS server, RADIUS proxy, and NAP health policy server—are leveraged across all access methods, including wireless, wired, and VPNs. 


 


At some point the need to support managed and unmanaged devices in a NAP environment may warrant the use of a complimentary platform, but the addition of intermediary policy servers should not be required when investigating NAP Partner solutions. 


2.    Extended control beyond Windows Security Center checks
When using the Windows Security Health Validator (WSHV), policy validation checks are performed  to verify the existence and status (running or not) of the following; Firewall, Anti-Virus Protection, Spyware Protection, Automatic Updating, and
Security Update Protection.  Based on a client’s response, a noncompliant result can cause the client to be put into a restricted network until the condition has been corrected. For example, if a client has turned off Anti-Virus for some reason, they will not be allowed full network access until the Anti-Virus software has been turned on again.


When using Avenda’s Universal System Health Agent (USHA) and Universal System Health Validator (USHV), administrators gain the ability to create fine-grained policies that extend beyond the verification of the status of the applications and services described above. In addition, the client can be requested to provide version numbers, DAT file and engine revisions and the time the last scan was performed, and automatic remediation can be performed for Anti-Virus and Anti-Spyware applications. The Avenda SHV can also be configured to check for and will start or stop certain services and applications that match specified registry values.  For example, clients that have Skype installed can be restricted (as detected by registry values). Once on the network, if Skype is installed again, the next health evaluation can restrict the client.


As the adoption of Windows Server 2008 increases, inquiries regarding our eAgents has really picked up. Customers are attracted to the expanse of additional functionality and our ability to quickly integrate new features. Additional features such as server-side policy checks for latest versions and updates of anti-malware products and data files are available as a portal service from Avenda.


3.    Supported Operating Systems
Avenda’s eAgents are available for Windows Vista, Windows XP with Service Pack 3, and Windows Server 2008. In addition, we also have a
Linux NAP Agent (with 802.1X enforcement) and a Macintosh NAP Agent is in the works.


 


4.    Dissolvable Agents
Many organizations allow guest and partner access and a common concern has been how to treat unmanaged clients (either lacking or have misconfigured supplicants) that attempt to connect to the network.  The addition of Avenda’s
eTIPS Policy Server, which interacts with Microsoft NPS, supports this requirement. A fully NAP SoH protocol-compliant dissolvable agent (a Java applet), in simple terms, performs Web authentication and health checks through a captive portal. 


For transient users, policies can also determine what level of access is allowed, for what length of time and on which days of the week.


5.    Avenda’s competitive advantage


When deploying eAgents in a network (especially for educational institutions, companies that are merging, call centers, etc.), it is important for the agent to support and expect to encounter anti-malware products from multiple vendors. Avenda’s eAgents ship with support for all major anti-malware vendors.

Categories: Partners, SHAs and SHVs Tags:

Five Ways to Draw More Value from Microsoft NAP Deployments

January 7th, 2009 No comments

Here is a guest posting from our NAP Partner Avenda Systems.



 


When the founders of Avenda Systems decided to build a Policy Platform, one of the first stops included Microsoft. NAP was in the works and discussions with other industry experts led us to embrace the idea of creating a product or products that truly allowed for adding value to the NAP platform.


Early discussions with Microsoft centered on the development of extensible NAP agents for the support of Windows and Vista operating systems, as well as delivering agents for client operating systems other than Windows. The plan was to provide supplemental value to allow organizations to easily deploy NAP in heterogeneous operating system environments and take advantage of NAP’s robust endpoint health policy architecture.


Here are five ways that you can get value from the combination of NAP and products from Avenda Systems:


1.     No other Policy Server required


The use of Avenda’s eAgents lets organizations use the resources they have already deployed to support NAP.  All three functions of Windows Server 2008, Network Policy Server (NPS)—RADIUS server, RADIUS proxy, and NAP health policy server—are leveraged across all access methods, including wireless, wired, and VPNs. 


 


At some point the need to support managed and unmanaged devices in a NAP environment may warrant the use of a complimentary platform, but the addition of intermediary policy servers should not be required when investigating NAP Partner solutions. 


2.    Extended control beyond Windows Security Center checks
When using the Windows Security Health Validator (WSHV), policy validation checks are performed  to verify the existence and status (running or not) of the following; Firewall, Anti-Virus Protection, Spyware Protection, Automatic Updating, and
Security Update Protection.  Based on a client’s response, a noncompliant result can cause the client to be put into a restricted network until the condition has been corrected. For example, if a client has turned off Anti-Virus for some reason, they will not be allowed full network access until the Anti-Virus software has been turned on again.


When using Avenda’s Universal System Health Agent (USHA) and Universal System Health Validator (USHV), administrators gain the ability to create fine-grained policies that extend beyond the verification of the status of the applications and services described above. In addition, the client can be requested to provide version numbers, DAT file and engine revisions and the time the last scan was performed, and automatic remediation can be performed for Anti-Virus and Anti-Spyware applications. The Avenda SHV can also be configured to check for and will start or stop certain services and applications that match specified registry values.  For example, clients that have Skype installed can be restricted (as detected by registry values). Once on the network, if Skype is installed again, the next health evaluation can restrict the client.


As the adoption of Windows Server 2008 increases, inquiries regarding our eAgents has really picked up. Customers are attracted to the expanse of additional functionality and our ability to quickly integrate new features. Additional features such as server-side policy checks for latest versions and updates of anti-malware products and data files are available as a portal service from Avenda.


3.    Supported Operating Systems
Avenda’s eAgents are available for Windows Vista, Windows XP with Service Pack 3, and Windows Server 2008. In addition, we also have a
Linux NAP Agent (with 802.1X enforcement) and a Macintosh NAP Agent is in the works.


 


4.    Dissolvable Agents
Many organizations allow guest and partner access and a common concern has been how to treat unmanaged clients (either lacking or have misconfigured supplicants) that attempt to connect to the network.  The addition of Avenda’s
eTIPS Policy Server, which interacts with Microsoft NPS, supports this requirement. A fully NAP SoH protocol-compliant dissolvable agent (a Java applet), in simple terms, performs Web authentication and health checks through a captive portal. 


For transient users, policies can also determine what level of access is allowed, for what length of time and on which days of the week.


5.    Avenda’s competitive advantage


When deploying eAgents in a network (especially for educational institutions, companies that are merging, call centers, etc.), it is important for the agent to support and expect to encounter anti-malware products from multiple vendors. Avenda’s eAgents ship with support for all major anti-malware vendors.

Categories: Partners, SHAs and SHVs Tags:

Five Ways to Draw More Value from Microsoft NAP Deployments

January 7th, 2009 No comments

Here is a guest posting from our NAP Partner Avenda Systems.



 


When the founders of Avenda Systems decided to build a Policy Platform, one of the first stops included Microsoft. NAP was in the works and discussions with other industry experts led us to embrace the idea of creating a product or products that truly allowed for adding value to the NAP platform.


Early discussions with Microsoft centered on the development of extensible NAP agents for the support of Windows and Vista operating systems, as well as delivering agents for client operating systems other than Windows. The plan was to provide supplemental value to allow organizations to easily deploy NAP in heterogeneous operating system environments and take advantage of NAP’s robust endpoint health policy architecture.


Here are five ways that you can get value from the combination of NAP and products from Avenda Systems:


1.     No other Policy Server required


The use of Avenda’s eAgents lets organizations use the resources they have already deployed to support NAP.  All three functions of Windows Server 2008, Network Policy Server (NPS)—RADIUS server, RADIUS proxy, and NAP health policy server—are leveraged across all access methods, including wireless, wired, and VPNs. 


 


At some point the need to support managed and unmanaged devices in a NAP environment may warrant the use of a complimentary platform, but the addition of intermediary policy servers should not be required when investigating NAP Partner solutions. 


2.    Extended control beyond Windows Security Center checks
When using the Windows Security Health Validator (WSHV), policy validation checks are performed  to verify the existence and status (running or not) of the following; Firewall, Anti-Virus Protection, Spyware Protection, Automatic Updating, and
Security Update Protection.  Based on a client’s response, a noncompliant result can cause the client to be put into a restricted network until the condition has been corrected. For example, if a client has turned off Anti-Virus for some reason, they will not be allowed full network access until the Anti-Virus software has been turned on again.


When using Avenda’s Universal System Health Agent (USHA) and Universal System Health Validator (USHV), administrators gain the ability to create fine-grained policies that extend beyond the verification of the status of the applications and services described above. In addition, the client can be requested to provide version numbers, DAT file and engine revisions and the time the last scan was performed, and automatic remediation can be performed for Anti-Virus and Anti-Spyware applications. The Avenda SHV can also be configured to check for and will start or stop certain services and applications that match specified registry values.  For example, clients that have Skype installed can be restricted (as detected by registry values). Once on the network, if Skype is installed again, the next health evaluation can restrict the client.


As the adoption of Windows Server 2008 increases, inquiries regarding our eAgents has really picked up. Customers are attracted to the expanse of additional functionality and our ability to quickly integrate new features. Additional features such as server-side policy checks for latest versions and updates of anti-malware products and data files are available as a portal service from Avenda.


3.    Supported Operating Systems
Avenda’s eAgents are available for Windows Vista, Windows XP with Service Pack 3, and Windows Server 2008. In addition, we also have a
Linux NAP Agent (with 802.1X enforcement) and a Macintosh NAP Agent is in the works.


 


4.    Dissolvable Agents
Many organizations allow guest and partner access and a common concern has been how to treat unmanaged clients (either lacking or have misconfigured supplicants) that attempt to connect to the network.  The addition of Avenda’s
eTIPS Policy Server, which interacts with Microsoft NPS, supports this requirement. A fully NAP SoH protocol-compliant dissolvable agent (a Java applet), in simple terms, performs Web authentication and health checks through a captive portal. 


For transient users, policies can also determine what level of access is allowed, for what length of time and on which days of the week.


5.    Avenda’s competitive advantage


When deploying eAgents in a network (especially for educational institutions, companies that are merging, call centers, etc.), it is important for the agent to support and expect to encounter anti-malware products from multiple vendors. Avenda’s eAgents ship with support for all major anti-malware vendors.

Categories: Partners, SHAs and SHVs Tags:

Five Ways to Draw More Value from Microsoft NAP Deployments

January 7th, 2009 No comments

Here is a guest posting from our NAP Partner Avenda Systems.



 


When the founders of Avenda Systems decided to build a Policy Platform, one of the first stops included Microsoft. NAP was in the works and discussions with other industry experts led us to embrace the idea of creating a product or products that truly allowed for adding value to the NAP platform.


Early discussions with Microsoft centered on the development of extensible NAP agents for the support of Windows and Vista operating systems, as well as delivering agents for client operating systems other than Windows. The plan was to provide supplemental value to allow organizations to easily deploy NAP in heterogeneous operating system environments and take advantage of NAP’s robust endpoint health policy architecture.


Here are five ways that you can get value from the combination of NAP and products from Avenda Systems:


1.     No other Policy Server required


The use of Avenda’s eAgents lets organizations use the resources they have already deployed to support NAP.  All three functions of Windows Server 2008, Network Policy Server (NPS)—RADIUS server, RADIUS proxy, and NAP health policy server—are leveraged across all access methods, including wireless, wired, and VPNs. 


 


At some point the need to support managed and unmanaged devices in a NAP environment may warrant the use of a complimentary platform, but the addition of intermediary policy servers should not be required when investigating NAP Partner solutions. 


2.    Extended control beyond Windows Security Center checks
When using the Windows Security Health Validator (WSHV), policy validation checks are performed  to verify the existence and status (running or not) of the following; Firewall, Anti-Virus Protection, Spyware Protection, Automatic Updating, and
Security Update Protection.  Based on a client’s response, a noncompliant result can cause the client to be put into a restricted network until the condition has been corrected. For example, if a client has turned off Anti-Virus for some reason, they will not be allowed full network access until the Anti-Virus software has been turned on again.


When using Avenda’s Universal System Health Agent (USHA) and Universal System Health Validator (USHV), administrators gain the ability to create fine-grained policies that extend beyond the verification of the status of the applications and services described above. In addition, the client can be requested to provide version numbers, DAT file and engine revisions and the time the last scan was performed, and automatic remediation can be performed for Anti-Virus and Anti-Spyware applications. The Avenda SHV can also be configured to check for and will start or stop certain services and applications that match specified registry values.  For example, clients that have Skype installed can be restricted (as detected by registry values). Once on the network, if Skype is installed again, the next health evaluation can restrict the client.


As the adoption of Windows Server 2008 increases, inquiries regarding our eAgents has really picked up. Customers are attracted to the expanse of additional functionality and our ability to quickly integrate new features. Additional features such as server-side policy checks for latest versions and updates of anti-malware products and data files are available as a portal service from Avenda.


3.    Supported Operating Systems
Avenda’s eAgents are available for Windows Vista, Windows XP with Service Pack 3, and Windows Server 2008. In addition, we also have a
Linux NAP Agent (with 802.1X enforcement) and a Macintosh NAP Agent is in the works.


 


4.    Dissolvable Agents
Many organizations allow guest and partner access and a common concern has been how to treat unmanaged clients (either lacking or have misconfigured supplicants) that attempt to connect to the network.  The addition of Avenda’s
eTIPS Policy Server, which interacts with Microsoft NPS, supports this requirement. A fully NAP SoH protocol-compliant dissolvable agent (a Java applet), in simple terms, performs Web authentication and health checks through a captive portal. 


For transient users, policies can also determine what level of access is allowed, for what length of time and on which days of the week.


5.    Avenda’s competitive advantage


When deploying eAgents in a network (especially for educational institutions, companies that are merging, call centers, etc.), it is important for the agent to support and expect to encounter anti-malware products from multiple vendors. Avenda’s eAgents ship with support for all major anti-malware vendors.

Categories: Partners, SHAs and SHVs Tags: