Cisco And Microsoft, How's The Network Access Cooperation Going? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

06:40 PM

Cisco And Microsoft, How's The Network Access Cooperation Going?

The two vendors won't discuss plans or timetables, even as the issue grows in importance for IT security managers.

With so many devices accessing so many business networks, it's decision time about technology for controlling network access. Companies want it so they can check the security status of PCs and mobile devices--who knows where they've been?--before letting them plug into the network.

But customers can't yet count on the two vendors at the center of it all, Cisco Systems and Microsoft. More than a year after the vendors revealed with fanfare that they were working together to get their respective network access control technologies to interoperate, customers haven't gotten much. What was envisioned as a tightly woven access control fabric is beginning to resemble a drafty patchwork, and customers are starting to look elsewhere for protection as the number and types of mobile devices linking to their networks proliferate.

Like airport security patting down passengers and inspecting bags, network access control systems check to see that PCs and mobile devices have up-to-date software patches and are virus-free before granting network access, and then control what they can do once inside. Cisco has delivered important pieces of its Network Admission Control. Microsoft's Network Access Protection will show up later this year in Windows Vista and next year in Longhorn server, but customers will have to implement both before they can benefit from the NAP system.

Having the leading network and software vendors pursuing separate access control schemes makes sense only if they can communicate with each other. So in October 2004, the vendors said they would integrate NAC and NAP, with a promise of simplifying network security managers' lives. So what's the holdup? Interoperability, integration, and standardization of clients, network devices, and policy systems, says Cisco's NAC marketing director Russell Rice.

Cisco's part in ensuring interoperability will come from its work with the Internet Engineering Task Force, and a lot remains to be done. At meetings that begin March 19, the IETF will discuss creating transport protocols that let clients, network devices, and policy systems exchange information. But that process is too unpredictable for Cisco to be able to say when it will have a product ready to ship.

Microsoft also is slogging through details about how the vendors' access control products will communicate. "NAP will inform the Cisco NAC infrastructure on how to enforce security policies, and vice versa," says Mike Schutz, product manager with Microsoft's infrastructure marketing group, adding that both vendors have licensed each other's APIs to help their systems communicate.

Microsoft backs the Trusted Computing Group's Trusted Network Connect specification, which was demonstrated for the first time last month as a way hardware-based security technology can ensure that PCs comply with enterprise security policies. But those guidelines are far from widely accepted.

Although Cisco isn't part of the Trusted Computing Group, it's working with TCG member--and Cisco rival--Juniper Networks within the IETF to standardize the protocols needed to ensure interoperability in any network end-point assessment system. Juniper sells network access control technology and in December bought Funk Software, which makes an 802.1x client for connecting to wireless and wired networks and offers Radius technology for authenticating clients connecting to a network remotely.

What Cisco and Microsoft are proposing is unquestionably complex. For access control to be effective, a number of technologies--directory servers, policy engines, networking equipment, PCs, and more--will have to rely on standardized communication protocols. And it will be unquestionably more expensive for companies if Cisco and Microsoft don't get this right. "It's critical that Microsoft's and Cisco's solutions work together," Forrester Research analyst Robert Whiteley says. "The more standards you have, the more well-defined the moving parts are, the lower the cost will be."

So what would customers like? Since they're getting some network access control capabilities already, they want to coordinate network access in IT environments that include Cisco routers, Windows PCs, mobile phones, BlackBerrys, and the like. And they'd like more insight into what Microsoft and Cisco will deliver together, including a timetable for supporting common protocols in their flagship products.

No Waiting
The market isn't waiting around. End-point security provider Senforce Technologies this week will deliver an intelligent network access control application to check that end points are secure before they connect to a network. It's meant to work with access control technology from Cisco, Juniper, and Nortel. And Intel Capital is making an equity investment of an undisclosed amount in Lockdown Networks, which makes network appliances that check PCs and other devices for security compliance and enforce security policies.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll