In a nap system what is the function of the system health validator?
The system health validator (SHV) is a server software counterpart to the system health agent (SHA). A SHV verifies that the statement of health (SoH) produced by a SHA matches the requirements defined in a NAP policy.
If the client is not compliant with the health policy requirements, it cannot be allowed to join the network or communicate with other clients. A noncompliant client is placed on a restricted network where it can access remediation servers to download and install system health components and updates that will correct its health status.
If a noncompliant client is not placed on a restricted network, it can only connect to a DHCP server that assigns it an IP address configuration with a limited set of network permissions and restrictions. This limitation can be imposed because the client is a non-NAP-capable client or because it does not meet the health requirements specified by a NAP policy.
NAP policy validation
When a connection attempt comes to the NPS service, the NPS service first determines whether to process the RADIUS Access-Request message locally or forward it to another NPS service. The NPS service then uses network policies to check for system health requirements and compliance, based on a configured set of network and health policies.
The NPS service creates a System Statement of Health Response (SSoHR), which indicates whether the client is compliant or noncompliant with the network and health policies. The SSoHR is then sent in a RADIUS Access-Accept message as a RADIUS VSA to the HRA, which then sends it back to the NAP EC.