Microsoft will build a policy enforcement platform to Windows Vista and later to the upcoming Windows Server Longhorn.
Called Network Access Protection (NAP), it is designed to enable IT administrators to protect network assets by enforcing compliance with system requirements.
Customers create customized policies to validate computer condition before granting access or communication. NAP can automatically update compliant computers to help ensure that compliance is ongoing, and optionally quarantine non-compliant computers to a restricted network until they become compliant.
Derrick Wong, senior security product manager for Microsoft Canada, said the availability of NAP allows organizations to protect network assets.
“Today, users with VPNs can go in and remotely access the network,” he said. “With NAP, it will run through a series of checks, such as if the operating system is updated or if you have the proper anti-virus signatures. If you do not have all these checks it will quarantine you and reject access. It prevents you from getting an IP address until you pass the health check and this is based on customer needs or policies.”
More than 100 networking and security partners such as Cisco Systems and McAfee have announced support for and integration with NAP. With this support, Microsoft said it has one of the largest partner ecosystems for NAP.
McAfee’s vice-president of product management, Rees Johnson, said the partnership enables customers using McAfee VirusScan Enterprise to have an added layer of protection with NAP.
Microsoft also announced the general availability of Intelligent Application Gateway (IAG) 2007. It combines the secure sockets layer virtual private networking (SSL VPN) and Web application firewall product obtained in the acquisition of Whale Communications last year.
Microsoft has formed OEM partnerships with Celestix Networks Inc. and Network Engines Inc., two appliance makers, for distribution of this product.
Wong believes there could be other appliance partners included with Celestix and Network Engines. He said that people in the Redmond, Wash., headquarters are looking for partnerships.
IAG 2007 is now available in pre-installed and configured appliances manufactured by Celestix and Network Engines and sold through resellers in Canada and the U.S.
“The Whale product concentrated on robust SSL VPN, and that provided a great broad connectivity and policy authentication and authorization for end point security. With ISA, it extends the VPN capability and gives higher level of encryption and filtering. This is more advanced and helps to protect assets against hackers, spyware and viruses,” Wong said.
IAG 2007 will have a new pricing model. It will involve a regular license and a Client Access License (CAL). Under this model, it is approximately $22 per user running access user appliance.