Endpoint Spec Gains Traction

But other plans could thwart TNC.

The movement toward a vendor-neutral, open architecture for endpoint security will pick up momentum this week when the Trusted Computing Group consortium unveils new specifications for the Trusted Network Connect architecture.

However, enterprise IT managers who are waiting for integration between TNC and competing schemes from Microsoft Corp., in Redmond, Wash., and Cisco Systems Inc., in San Jose, Calif., may need a lot of patience.

At the Interop show in Las Vegas this week, the TCG, based in Portland, Ore., will release a document describing the TNC client/server architecture and specifications for APIs for client and server plug-ins that support the TNC standard. TCG members will demonstrate TNC-compliant products, said Thomas Hardjono, principal scientist at VeriSign Inc., in Mountain View, Calif., a TNC working group member.

The introduction of the TNC spec adds more letters to what is already an alphabet soup of competing client security architectures, including Microsofts NAP (Network Access Protection) and Ciscos NAC (Network Admission Control). Plans for tying the architectures together are murky, executives at the companies said.

Third-party software vendors will use the specification documents to build client and server plug-ins that can collect, transmit and evaluate TNC-compliant client integrity data, such as whether a machine that is trying to connect to a TNC-protected network is using updated anti-virus software, said Hardjono.

More APIs are needed to support network communications at different layers and to create an interface for the TCGs TPM (Trusted Platform Module) security chip. TCG hopes to have specifications for a TPM client/server interface and for more network transport layers by the end of the summer, bringing the TNC architecture closer to completion and allowing vendors to develop fuller solutions based on TNC, Hardjono said.

However, even when it is fully established, TNCs place in the growing field of client security may still be a matter of debate.

Microsoft said last month that it will align its NAP architecture with TNC, and it promised in a joint statement with Cisco in October to make NAP interoperable with Ciscos NAC. However, TCG members and executives at Microsoft and Cisco acknowledged that there are serious questions about how the parties will integrate the three competing endpoint security architectures.

Microsoft, a member of TCG, has been working with the group since last year and will make sure that the next version of Windows, code-named Longhorn, contains interfaces or supports software plug-ins that allow data to be passed back and forth between NAP and TNC components, Microsoft officials said.

Cisco, which is not a TCG member, is focused on a forthcoming update to NAC, planned for the summer, and on reaching an accord with Microsoft on integration.

With nothing to show more than six months after they announced plans to join NAC and NAP, Cisco and Microsoft should get behind open standards such as TNC, even if they want to keep developing their own architectures, according to John Pescatore, an analyst at Gartner Inc., in Stamford, Conn.

"The best result would be for companies like Cisco to support open standards but support NAC as well," Pescatore said.