InformationWeek
Defining The Business Value Of Technology
Rolling Review: Windows Server 2008 Makes Upgrade Sense For Some
Network Access Protection
(Page 2 of 3)
We had mixed success with the first generation of NAP in the lab. Our biggest complaint is that the NAP client only exists for XP Service Pack 3 and Vista, and the client is not nearly as robust and configurable as the Cisco Network Access Control client. NAP enforcement is somewhat difficult to configure, and there's no captive portal functionality for guest access--yet. Finally, there's no mechanism for automatically distributing antivirus or anti-spyware software during the remediation process.
There's plenty to like about NAP, though, starting with the fact that it's included with your Server 2008 license. So if you're lukewarm about buying a third-party NAC, you now have another option. But if you're buying Server 2008 just for network access control, you'll find that you can buy Cisco's NAC, which is a much more mature product, for less.
We were impressed with how quickly the NAP client responded to a user who violated policy by turning off the firewall. In the lab, the client's firewall was immediately turned back on after the policy violation was introduced.
We're also encouraged to see third parties developing additional functionality for NAP. Avenda Systems already has an evaluation release of a Linux NAP Agent and a Windows System Health Validator for Linux. As a result, a fully functional method for health-checking Linux clients with your Microsoft Network Policy Server is on the horizon.
NAP is a value-add for IT shops that will be moving to Server 2008 anyway but are lukewarm on the value of network access control. All of the core functionality needed for a fairly robust implementation is present out of the box, so you can test the NAC and NAP waters with little risk.
As a new feature addition to the Windows Server line, NAP gives IT shops an out-of-the-box mechanism for validating and health-checking systems before they're allowed access to the network. Using DHCP, VPN, 802.1X, and IPsec as the primary points of enforcement, NAP does a pretty good job, for a first-generation feature, at preventing vulnerable systems from accessing the corporate LAN.
(click image for larger view)
Page 3:
Hyper-V, Windows Powershell and Server Core
« Previous Page
|
1
|
2
|
3
Next Page »
Subscribe to RSS
Featured Community
Stay connected and informed by visiting our Enterprise IT Community!
Become a member today for instant access to free InformationWeek research, expert advice, peer perspectives, and more on the following topics:
- Application Performance Management (APM)
- Security Management
- Mainframe 2.0
- IT Automation
- Service Assurance
Also, visit our Government, Retail and Financial Services groups to see how these technologies apply specifically to those industries.
Get InformationWeek in Print
Apply for a free 52-week subscription to InformationWeek (a $199 value)
NOTE: Offer valid for U.S., U.S. possessions, & Canada only.
