Delaying the Network Access Protection program and signing an interoperability deal with Cisco Systems Inc will reduce confusion for customers looking to implement an endpoint security policy system, according to a Microsoft Corp executive.
Microsoft has said that it will work with Cisco to make NAP compatible with Cisco’s Network Admission Control technology. But NAP, originally planned for next year, was delayed until 2007, when the Longhorn version of Windows Server is released.
Windows server product group manager Samm DiStasio said the moves were related but that many factors were considered before the decisions were made. These decisions are never black-and-white, he said. This was not a chicken-and-egg situation.
It’s less to do with [product development] resources than it has to do with customer feedback and demand for a certain feature set, DiStasio said. One of the things customers were looking for was compatibility with Cisco, he said.
Having two competing network access initiatives, one centered around Cisco switches and routers and one centered around Microsoft operating systems would make a lot more potential for it being a big mess, DiStasio said.
NAC and NAP both promise systems that can block computers from making a full network connection if they are not secure enough, for example if their virus software is out of date or if their personal firewall is badly configured.
DiStasio said among the technical changes Microsoft is planning is support for IPSec, as well as the DHCP support originally planned. Both protocols would be used during the network connection part of NAP, but IPSec is more secure, he said.
Competitors in the endpoint security policy software market said that Microsoft may be right about reducing customer confusion, but questioned whether delaying NAP until 2007 is the best move.
We’re been hearing from customers that they were concerned Microsoft and Cisco were heading off in two fundamentally different directions, Bill Scull, senior VP of marketing at Sygate Inc, an endpoint security player, said.
But, pushed out to 2007, it leaves customers with a quandary, said Scull. This is a pressing issue. Worms and viruses are problem now.
Scull pointed out that there’s still another standards-based effort underway by Cisco competitors, the Trusted Network Initiative, under the Trusted Computing Group. Microsoft is a member of TCG, but Cisco is not.