Cisco And Microsoft, How's The Network Access Cooperation Going? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

06:40 PM

Cisco And Microsoft, How's The Network Access Cooperation Going?

The two vendors won't discuss plans or timetables, even as the issue grows in importance for IT security managers.

With so many devices accessing so many business networks, it's decision time about technology for controlling network access. Companies want it so they can check the security status of PCs and mobile devices--who knows where they've been?--before letting them plug into the network.

But customers can't yet count on the two vendors at the center of it all, Cisco Systems and Microsoft. More than a year after the vendors revealed with fanfare that they were working together to get their respective network access control technologies to interoperate, customers haven't gotten much. What was envisioned as a tightly woven access control fabric is beginning to resemble a drafty patchwork, and customers are starting to look elsewhere for protection as the number and types of mobile devices linking to their networks proliferate.

Like airport security patting down passengers and inspecting bags, network access control systems check to see that PCs and mobile devices have up-to-date software patches and are virus-free before granting network access, and then control what they can do once inside. Cisco has delivered important pieces of its Network Admission Control. Microsoft's Network Access Protection will show up later this year in Windows Vista and next year in Longhorn server, but customers will have to implement both before they can benefit from the NAP system.

Having the leading network and software vendors pursuing separate access control schemes makes sense only if they can communicate with each other. So in October 2004, the vendors said they would integrate NAC and NAP, with a promise of simplifying network security managers' lives. So what's the holdup? Interoperability, integration, and standardization of clients, network devices, and policy systems, says Cisco's NAC marketing director Russell Rice.

Cisco's part in ensuring interoperability will come from its work with the Internet Engineering Task Force, and a lot remains to be done. At meetings that begin March 19, the IETF will discuss creating transport protocols that let clients, network devices, and policy systems exchange information. But that process is too unpredictable for Cisco to be able to say when it will have a product ready to ship.

Microsoft also is slogging through details about how the vendors' access control products will communicate. "NAP will inform the Cisco NAC infrastructure on how to enforce security policies, and vice versa," says Mike Schutz, product manager with Microsoft's infrastructure marketing group, adding that both vendors have licensed each other's APIs to help their systems communicate.

Microsoft backs the Trusted Computing Group's Trusted Network Connect specification, which was demonstrated for the first time last month as a way hardware-based security technology can ensure that PCs comply with enterprise security policies. But those guidelines are far from widely accepted.

Although Cisco isn't part of the Trusted Computing Group, it's working with TCG member--and Cisco rival--Juniper Networks within the IETF to standardize the protocols needed to ensure interoperability in any network end-point assessment system. Juniper sells network access control technology and in December bought Funk Software, which makes an 802.1x client for connecting to wireless and wired networks and offers Radius technology for authenticating clients connecting to a network remotely.

What Cisco and Microsoft are proposing is unquestionably complex. For access control to be effective, a number of technologies--directory servers, policy engines, networking equipment, PCs, and more--will have to rely on standardized communication protocols. And it will be unquestionably more expensive for companies if Cisco and Microsoft don't get this right. "It's critical that Microsoft's and Cisco's solutions work together," Forrester Research analyst Robert Whiteley says. "The more standards you have, the more well-defined the moving parts are, the lower the cost will be."

So what would customers like? Since they're getting some network access control capabilities already, they want to coordinate network access in IT environments that include Cisco routers, Windows PCs, mobile phones, BlackBerrys, and the like. And they'd like more insight into what Microsoft and Cisco will deliver together, including a timetable for supporting common protocols in their flagship products.

No Waiting
The market isn't waiting around. End-point security provider Senforce Technologies this week will deliver an intelligent network access control application to check that end points are secure before they connect to a network. It's meant to work with access control technology from Cisco, Juniper, and Nortel. And Intel Capital is making an equity investment of an undisclosed amount in Lockdown Networks, which makes network appliances that check PCs and other devices for security compliance and enforce security policies.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll