Boston – Two years after signing a joint architecture development plan, Microsoft Corp. and Cisco Systems have unveiled a road map for interoperability around their network access control systems
The two companies briefed industry press recently at The Security Standard conference here on how Cisco Network Admission Control (NAC) and Microsoft Network Access Protection (NAP) will interoperate and how customers and partners can benefit.
“This (collaboration) was motivated by our customers,” said Ted Kummert, corporate vice-president of the security, access and solutions division at Microsoft’s server and tools business.
Customers who have both environments want to be able to interoperate, he said.
NAC and NAP are designed to protect a company’s network by verifying the security status of devices before granting them access.
The architecture allows customers the choice of deploying only one system or both concurrently.
“We’re giving our customers the option to figure out which components to enable,” said Bob Gleichauf, chief technology officer of Cisco’s security technology group.
But, he added, “the three fundamental pieces that we did glue together are a client component, a middle infrastructure, and a policy backend.”
Components of the interoperable architecture include Cisco’s development of Extensible Authentication Protocol (EAP)-FAST and a corresponding supplicant, which provide interoperability with the native EAP and 802.1x supplicant that will be included with Windows Vista and Windows “Longhorn” server.
The use of a single agent will be enabled, as computers running Vista and Longhorn will include Microsoft NAP as part of the core operating system that will be used for both NAP and NAC.
Cisco and Microsoft plan to begin beta testing with select customers later this year.
Executives said general availability of the technology will come with Microsoft’s release of its Longhorn server in the second half of 2007.
According to Zeus Kerravala, vice-president of security and networking research at Boston-based Yankee Group, collaboration of this scale is good for the industry.
“Microsoft is thought as a proprietary company, so playing nice (with other vendors) is important,” he said.
Most organizations, added Kerravala, already have a large deployment of Microsoft and Cisco, so making the two interoperate can be seen as a natural value proposition.
Independent software vendors will have access to NAP client APIs to encourage third-party development of health agent and health enforcement components of the offering, explained Mark Ashida, general manager of Windows networking at Microsoft.
Microsoft also plans to license elements of its NAP client technology to third parties to support non-Windows platforms.
NAC, said Cisco’s Gleischauf, already supports non-Windows technology.
Gleischauf added that both vendors will work with their joint channel partners to understand how they want to bring this to market.
“This simplifies their lives dramatically, they’re not getting squeezed to pick between us,” he said.
Security masters
During his keynote address, Cisco president and CEO John Chambers, marked security as the one issue that will change productivity and technology.
“Security is becoming a cornerstone of how you implement technology,” he said.
Chambers added that companies need to collaborate and drive a collective security strategy.
“There has to be a movement from command and control to a collaborative, teamwork approach,” he said.
On this front to addressing the changing security market dynamics, Cisco has announced a master security specialization for its channel partners.
The company defines the new master brand as “a demonstrated capability to integrate multiple sophisticated security solutions combined with a full menu of lifecycle services.”
Created to support the enhanced channel partner program launched last March, the master specialization “offers differentiation and opportunity for financial rewards in the Value Incentive Program,” said Edison Peres, vice-president and chief go-to-market officer for Cisco worldwide channels.
“If you have a masters, you get an extra discount point,” he said. “It’s a recognition that as an expert, they have a cost infrastructure that’s bigger than others.”
As a prerequisite to becoming a master security specialist, partners must first meet the advanced security specialization requirements. In addition, master security specialist partners must pass a rigorous Cisco audit in the areas of technology, services and selling capabilities.|