What is Microsoft® Windows® NPS (Network Policy Server)? Network security is a critical requirement for today’s IT organizations. As such, IT admins are considering their options for managing network access, which includes the use of Windows NPS. But what is it?
What is Microsoft Windows NPS?
Windows Network Policy Server is a subset feature of the Windows Server software. Effectively, the NPS role for Windows Server is to act as a RADIUS server that authenticates network access against the identity provider, Microsoft Active Directory® (AD). For those who are familiar with FreeRADIUS, think of Windows NPS as Microsoft’s proprietary implementation of FreeRADIUS (although it isn’t clear that Microsoft has used the FreeRADIUS code base, but has rather similar functions).
Microsoft created the Network Policy Server to give IT organizations the ability to authenticate client devices through various network access points—i.e. WiFi, VPN, 802.1x switches, etc. Generally, network access equipment, such as VPNs and wireless access points, prefer the RADIUS protocol, so Microsoft essentially uses NPS as a converter to ultimately authenticate network access via AD. If an NPS server is placed within an Active Directory domain, it can seamlessly integrate and ultimately authenticate network access via AD.
Essentially, the logical flow is that a user accesses a WiFi access point or VPN and submits their username and password, which is forwarded on to the Microsoft NPS server via the RADIUS protocol. The NPS server will then check the credentials against Active Directory, determining whether the user should be allowed access or not. This approach allows IT admins to seamlessly integrate their non-Windows-based network access equipment to authenticate with AD.
While this approach worked well for a number of years, as the IT landscape shifts to the cloud, there is a great deal of concern over whether a Microsoft Windows NPS server is actually required anymore.
See, avoiding vendor lock-in and adopting cloud-forward attitudes are driving IT organizations away from traditional forms of network management like AD and NPS. This shift in paradigm is increasing the amount of “as-a-Service” offerings on the market, (Read more...)