RealTime IT News

Microsoft's Network Access Tech Hits Critical Mass

Microsoft  is very serious about network access control, so serious that it just announced a list of 100 partner companies whose products will interoperate with its Network Access Protection (NAP) technology on Windows server.

NAP is Microsoft's policy enforcement platform that will be in full release when Windows Server, code-named Longhorn, ships later this year. It helps IT administrators ensure that devices that connect to their network meet minimum security and health policies. With 100 more companies working with the technology, NAP's footprint is expanding.

NAP is both competitive and complementary to other access control methodologies including Cisco NAC and the Trusted Computing Group's Trusted Network Connect (TNC) standard championed by Cisco rival Juniper Networks and others.

"We've really reached critical mass having really all of the primary major vendors in the networking end point security and management categories adopt NAP and integrate their products with NAP going forward," Mike Schutz, group product manager for Microsoft's edge & security group, told internetnews.com.

What that means for customers is that when NAP is available they'll be able to deploy NAP into their existing infrastructure without having to rip and replace the investments they have made in other security and networking, Schutz said.

The list includes providers such as Sophos, StillSecure, Symantec, Websense, Symbol Technologies, CA, Check Point Software Technologies, Citrix Systems, ConSentry Networks, eEye Digital Security, Enterasys Networks, and Nortel Networks.

Although 100 companies are prepared to interoperate with Microsoft NAP before Windows server is actually in full release, Microsoft said NAP is more than just vaporware.

"We're past the Beta 2 phase of Longhorn server and NAP has been code and feature complete since Beta 1. The work that is going on now is around stability and reliability fit and finish. The protocols and API's will not change," Schutz said.

Users of Microsoft's Window Server 2003 will not be able to run NAP on their servers directly. But that may not matter in the overall scheme of how NAP is actually deployed. According to Shutz, NAP is not specific to Longhorn server. What a NAP deployment requires is a primary NAP server, which is called the Network Policy Server (NPS). It acts as policy brain of the network and is the heart of NAP.

"So it's not a large investment for an organization to put in one or two servers, depending on their size, to run their entire infrastructure," Shutz said.

NAP is also built into Windows Vista. From a client perspective though, users will also be able to run NAP on Windows XP.

"The reason why NAP is part of Longhorn server rather than a separate product is that this type of functionally we fundamentally believe needs to be as pervasive as user authentication," Shutz said. "Today everyone expects to have to provide their user name and login and we believe that this is a fundamental thing that should be part of the infrastructure that every device should be authenticated and healthy."

Though Microsoft is focused on developing and deploying NAP for the Windows Platform, non-Windows endpoints can also benefit from NAP as well. Shutz explained that Microsoft has put into place a licensing program so partners can deliver NAP on non-windows operating systems such as Mac and Linux. One of those partners is Lockdown Network, which will be demonstrating at the upcoming RSA Security conference how they can extend NAP policy and enforce on non-Windows devices.

There isn't a Microsoft branded NAP-Ready program yet, even though Microsoft has 100 partners already. There is a NAP Partner Program site where partners can check their products for NAP compliance and interoperability.

"It's a self-evaluation at this point, the vendor does it," Shutz said. "Microsoft is requesting that they meet a set of requirements. There is no Microsoft validated program that takes care of that."

Beta 3 of Microsoft NAP is expected in the middle of 2007 with the full release included in Windows Longhorn server in the latter half of this year.