The two companies briefed industry press Wednesday, at The Security Standard conference here, on how Cisco Network Admission Control (NAC) and Microsoft Network Access Protection (NAP) will interoperate and how customers and partners can benefit.
“This (collaboration) was motivated by our customers,” said Ted Kummert, corporate vice-president of the security, access and solutions division at Microsoft’s server and tools business.
Customers who have both environments said they wanted to be able to interoperate, added Kummert.
NAC and NAP are designed to protect a company’s network by verifying the security health status of devices before granting them access. The architecture allows customers the choice of deploying only one system or both concurrently.
“We’re giving our customers the option to figure out which components to enable,” said Bob Gleichauf, CTO of the security technology group at Cisco. But, he added, “the three fundamental pieces that we did glue together are a client component, a middle infrastructure, and a policy backend.”
Components of the interoperable architecture include Cisco’s development of Extensible Authentication Protocol (EAP)-FAST and a corresponding supplicant, which provide interoperability with the native EAP and 802.1x supplicant that will be included with Windows Vista and Windows “Longhorn” server.
The vendors are also enabling the use of a single agent, as computers running Vista and Longhorn will include Microsoft NAP as part of the core operating system that will be used for both NAP and NAC.
Both Cisco and Microsoft plan to begin beta testing with select customers later this year. Executives said general availability of the interoperable technology will come with Microsoft’s release of its Longhorn server in the second half of 2007.
According to Zeus Kerravala, vice-president of security and networking research at Boston-based Yankee Group, collaboration of this scale is good for the industry.
“Microsoft is thought as a proprietary company, so playing nice (with other vendors) is important,” he said.
Most organizations, added Kerravala, already have a large deployment of Microsoft and Cisco, so making the two interoperate can be seen as a natural value proposition.
Independent software vendors will have access to NAP client APIs to encourage third-party development of health agent and health enforcement components of the offering, explained Mark Ashida, general manager of Windows networking at Microsoft.
Microsoft also plans to license elements of its NAP client technology to third parties in order to support non-Windows platforms.
NAC, said Cisco’s Gleischauf, already supports non-Windows technology.
Gleischauf added that both vendors will work with their joint channel partners to understand how they want to bring this to market.
“This simplifies their lives dramatically, they’re not getting squeezed to pick between us,” he said.