Microsoft (Quote) is very serious about network access control, so serious that it just announced a list of 100 partner companies whose products will interoperate with its Network Access Protection (NAP) technology on Windows server.
NAP is Microsoft’s policy enforcement platform that will be in full release when Windows Server, code-named Longhorn, ships later this year. It helps IT administrators ensure that devices that connect to their network meet minimum security and health policies. With 100 more companies working with the technology, NAP’s footprint is expanding.
NAP is both competitive and complementary to other access control methodologies
including Cisco NAC
and the Trusted Computing Group’s Trusted Network Connect (TNC) standard
championed by Cisco rival Juniper Networks and
“We’ve really reached critical mass having really all of the primary major
vendors in the networking end point security and management categories adopt
NAP and integrate their products with NAP going forward,” Mike Schutz, group
product manager for Microsoft’s edge & security group, told internetnews.com.
What that means for customers is that when NAP is available they’ll be able
to deploy NAP into their existing infrastructure without having to rip and
replace the investments they have made in other security and networking, Schutz said.
The list includes providers such as Sophos, StillSecure, Symantec, Websense, Symbol Technologies, CA, Check Point Software Technologies, Citrix Systems, ConSentry Networks, eEye Digital Security, Enterasys Networks, and Nortel Networks.
Although 100 companies are prepared to interoperate with Microsoft NAP before Windows server is actually in full release, Microsoft said NAP is more than just vaporware.
“We’re past the Beta 2 phase of Longhorn server and NAP has been code and
feature complete since Beta 1,” “The work that is going on now is around stability and reliability fit and finish. The protocols and API’s will not change,” Schutz said.
Users of Microsoft’s Window Server 2003 will not be able to run NAP on their
servers directly. But that may not matter in the overall scheme of how NAP
is actually deployed. According to Shutz, NAP is not specific to Longhorn server.
What a NAP deployment requires is a primary NAP server, which is
called the Network Policy Server (NPS). It acts as policy brain of the network and is the heart of NAP.
“So it’s not a large investment for an organization to put in one or two
servers, depending on their size, to run their entire infrastructure,” Shutz
NAP is also built into Windows Vista. From a client perspective though, users
will also be able to run NAP on Windows XP.
“The reason why NAP is part of Longhorn server rather than a separate
product is that this type of functionally we fundamentally believe needs to
be as pervasive as user authentication,” Shutz said. “Today everyone expects
to have to provide their user name and login and we believe that this is a
fundamental thing that should be part of the infrastructure that every
device should be authenticated and healthy.”
Though Microsoft is focused on developing and deploying NAP for the Windows
Platform, non-Windows endpoints can also benefit from NAP as well. Shutz
explained that Microsoft has put into place a licensing program so partners
can deliver NAP on non-windows operating systems such as Mac and Linux. One
of those partners is Lockdown Network, which will be demonstrating at the
upcoming RSA Security conference how they can extend NAP policy and enforce on non-Windows
There isn’t a Microsoft branded NAP-Ready program yet, even though Microsoft
has 100 partners already. There is a NAP Partner Program site where partners
can check their products for NAP compliance and interoperability.