News

Microsoft and Cisco Demo New Interop Tech

• By Stuart J. Johnston
• 09/06/2006

Microsoft and Cisco demonstrated this week a single client agent providing interoperability between the software giant's coming Network Access Protection (NAP) and the networking behemoth's Network Admission Control (NAC) protocols. The interoperability technologies are set to begin limited beta testing before year's end with final delivery along with Windows Longhorn Server in late 2007, the two companies said in an interview.

The intent is for the two network protection technologies to interoperate with each other seamlessly, and to work with both Windows Vista and Windows XP clients.

When Microsoft releases Windows Server "Longhorn" in late 2007, it will provide security enhancements that work in concert with Windows Vista. NAP will provide components and an application programming interface that lets administrators enforce compliance with health policies for network access or communications.

With NAP in place, when a user tries to connect to the network, that computer's health state will be validated against the health policies defined by the administrator. Depending on the results, the computer can be granted access, denied, or given only limited access until required configuration changes are made.

Meanwhile, Cisco's own NAC technology initiative, which is a part of its Self-defending Network Initiative, aims to do much the same thing.

"NAC . . .   uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. Customers using NAC can allow network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of noncompliant devices," states Cisco's NAC Web site.

Further, Cisco's technology is already in the marketplace and the San Jose, Calif.-based company has a host of partners who have already gotten some of their products certified to work with NAC, including Altiris, Computer Associates, F-Secure, IBM, Intel, Internet Security Systems, LANDesk, McAfee, Phoenix Technologies, Sophos, Symantec, Trend Micro, and Websense.

Cisco and Microsoft announced in 2004 that they would work together to make the two technologies interoperable. Their first demonstration of this came this week at the Security Standard conference in Boston.

The demo's message to users is that, with interoperability assured, there is no need to hesitate while Longhorn Server and NAP continue their gestation.

"Customers can deploy the two solutions together and they will interoperate very well," said Mike Schutz, group product manager in Microsoft's security and access products group.

The work will be added into Vista and enable either protocol to work with the same client agent. A separate client agent for each technology will be needed in XP deployments.

For Vista there will be a single agent that handles both protocols and provides interoperability between them. Routers and switches already running NAC will not need to be reconfigured either, according to Joe Sirrianni, senior solutions manager for Cisco's security technology group.

"Computers running Windows XP with Service Pack 2 will need to run the Cisco Trust Agent for NAC and run the NAP Agent for NAP," reads a technical whitepaper published by the two companies this week.

"Both sides believe over time, [the NAP/NAC agent] will be a key component of any security infrastructure going forward," Schutz said. The technology will go into limited beta with select customers by the end of the year.