Cisco, Microsoft Detail NAC-NAP Interoperability

The two industry giants provide technical details and a road map for bringing together their respective network security architectures, with products arriving in 2007.

BOSTON—IT giants Cisco Systems and Microsoft revealed specific results Sept. 6 of the companies work to lend interoperability to their individual network security technologies, moving forward their effort to align products that was announced almost two years ago.

At the Security Standard Conference being held here through Sept. 7, the two massive industry players said they have completed the technological tinkering necessary to allow San Jose, Calif.-based Ciscos NAC (Network Admission Control) security architecture to work alongside Microsofts NAP (Network Access Protection) offering. Both technologies are meant to help companies improve network security by allowing them to further track and verify specific details of individual devices and end users who attempt to access corporate systems.

First announced in October 2004, the partnership is aimed at quelling concerns expressed by the partners common customers over their ability to support NAC and NAP simultaneously, Cisco and Microsoft executives admitted. End-user organizations have feared that, if such an effort were not launched and consummated by the vendors, they would be forced to abandon one of the technologies in favor of the other, the companies said.

Among the benefits promoted by the partners as a result of their work will be customers ability to choose among individual components and infrastructure templates present in NAC and NAP, allowing them to piece together various elements of the two systems to help address their specific needs in a single, interoperable network, company officials said. The effort also promises to allow customers to continue to use any existing NAC and NAP products they have already adopted without modifying those technologies significantly.

/zimages/3/28571.gifCisco teams with SAP to help enterprises manage governance, risk and compliance. Click here to read more.

In addition, the companies said they have created a single software agent to be included in Microsofts Windows Vista, due in November, that will allow computers running the operating system, or the companys Windows Server Longhorn package, to include NAPs central agent component as part of the products core operating system, which will be used for both the Cisco and Microsoft technologies.

The partners have also launched an effort to simplify the development of third-party software designed for businesses running Vista, through which the NAP clients APIs will serve as the single programmatic interface used for reporting the performance of both NAC and NAP systems.

Other milestones achieved by the companies include added support for operating systems other than Windows for use alongside NAP and NAC, and new joint software agent distribution and update capabilities.

The companies said that they will release a beta version of the interoperability package to a select group of customers before the end of 2006, and that the tools will officially arrive as part of Microsofts Windows Server Longhorn software launch at the end of 2007.

"Were giving our customers the choice to enable their own functions and policies; our job is to provide this integration and interoperability so that customers can figure out how they want to implement these technologies for themselves," said Bob Gleichauf, chief technology officer for Ciscos Security Technology Group. "Customers who are already deploying NAC infrastructure from Cisco will be able to use those products as part of this interoperability without changing anything; we worked hard to make sure that existing investments could be reused."

Executives at the two companies said that the technological work to complete the integration and interoperability support was less arduous than completing a cross-licensing agreement, signed roughly one year ago, that allowed the firms to begin digging into the project in earnest. Another issue was finding sufficient engineering expertise within the two firms to contribute to the effort.

"In this case, two engineering companies came up with very similar answers to the same problems, and once we had the head count in place we were able to move forward quickly," said Mark Ashida, general manager of Enterprise Networking Servers at Microsoft. "Customers who have been waiting to invest in NAP and NAC out of concern over whether or when we would get this done should be encouraged by the flexibility this work together will offer."

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.