Скачати 326.71 Kb.
Network Policy Server Operations Guide
The Network Policy Server (NPS) Operations Guide provides administration information about NPS in the Windows Server® 2008 operating system.
In Windows Server 2008, Network Policy Server replaces the Internet Authentication Service (IAS) component of Windows Server 2003.
NPS is the Microsoft implementation of the Remote Authentication Dial-In User Service (RADIUS) protocol, and can be configured to act as a RADIUS server or RADIUS proxy, providing centralized network access management. When you configure NPS as a RADIUS server, network access servers that are configured as RADIUS clients in NPS forward connection requests to NPS for authentication and authorization.
When you configure NPS as a RADIUS proxy, NPS forwards authentication and accounting requests to RADIUS servers in a remote RADIUS server group.
The network access servers that you can configure as RADIUS clients in NPS are wireless access points, virtual private network (VPN) servers, 802.1X authenticating switches, Terminal Services Gateway (TS Gateway) servers, and dial-up servers.
In addition, you can configure NPS as a Network Access Protection (NAP) policy server. When NAP is deployed, NPS acts as a NAP policy server, performing client health checks against configured health policies.
You can also configure the NPS proxy to perform authorization locally while forwarding authentication requests to a remote RADIUS server group. In addition, you can customize the processing of accounting requests, processing them locally on the NPS proxy or forwarding them to other RADIUS servers.
Windows Server 2008 Editions and NPS
NPS provides different functionality depending on the edition of Windows Server 2008 that you install.
Windows Server 2008 Enterprise and Datacenter Editions
With NPS in Windows Server 2008 Enterprise and Windows Server 2008 Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.
Windows Server 2008 Standard Edition
With NPS in Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query.
Windows Web Server 2008
NPS is not included in this edition of Windows Web Server 2008.
For NPS resources in addition to this guide, see Network Policy Server in the Windows Server 2008 Technical Library (http://go.microsoft.com/fwlink/?LinkId=104545).
Introduction to Administering NPS
This guide, in conjunction with the NPS procedural Help topics, explains how to administer NPS. The objectives, tasks, and procedures described in this guide and in procedural Help topics discuss actions that are part of the operating phase of the information technology (IT) life cycle.
To access the NPS procedural Help topics, open the NPS console and press F1.
If you are not familiar with this guide, review the following sections of this introduction.
When to use this guide
This guide assumes a basic understanding of what NPS is, how it works, and why your organization uses it to manage network access, including the authentication, authorization, and accounting for network connections. It also assumes that you have a thorough understanding of how NPS is deployed and managed in your organization before performing any of the actions described in this guide.
This guide can be used by organizations that have deployed Windows Server 2008. It includes information that is relevant to different roles within an IT organization, including IT operations management and administrators.
This guide contains both general information and more detailed procedures that are designed for operators who have varied levels of expertise and experience. Although the procedures provide operator guidance from start to finish, operators must have a basic proficiency with Microsoft Management Console (MMC) and its snap-ins. They must also know how to start administrative programs, access the command line, and run the Netsh commands for NPS.
If operators are not familiar with NPS, it might be necessary for IT planners or IT managers to review the relevant operations in this guide and provide the operators with parameters or data that must be entered when the operation is performed.
How to use This guide
The operations areas are divided into the following types of content:
Objectives are general goals for managing, monitoring, optimizing and securing NPS. Each objective consists of one or more general tasks that describe how the objective is accomplished.
Tasks are used to group related procedures and provide general guidance for achieving the goals of an objective.
Procedures provide step-by-step instructions for completing tasks.
If you are an IT manager who will be delegating tasks to operators within your organization:
1. Read through the objectives and tasks to determine how to delegate permissions and whether you need to install tools before operators perform the procedures for each task.
2. Before assigning tasks to individual operators, ensure that you have all the tools installed where operators can use them.
3. When necessary, create “tear sheets” for each task that operators perform in your organization. Cut and paste the task and its related procedures into a separate document, and then either print these documents or store them online, depending on the preference of your organization.
|Step-by-Step Guide for Configuring Network Load Balancing with Terminal Services: Windows Server 2008||Step-by-Step Guide for Configuring a Two-Node File Server Failover Cluster in Windows Server 2008|
|Step-by-Step Guide for Configuring a Two-Node Print Server Failover Cluster in Windows Server 2008||Server Core Installation Option of Windows Server 2008 Step-By-Step Guide|
|Step-by-Step Guide for File Server Resource Manager in Windows Server 2008||Step-by-Step Guide for Windows Deployment Services in Windows Server 2008|
|Step-by-Step Guide for Storage Manager for sans in Windows Server 2008||Services for nfs step-by-Step Guide for Windows Server 2008|
|Windows Server 2008 Active Directory Certificate Services Step-By-Step Guide||Windows Server 2008 ts licensing Step-By-Step Guide|