The world has been waiting for the day when Microsoft and Cisco reveal plans for integrating their NAP and NAC architectures. Yesterday that day arrived, with a joint interoperability demonstration at the Security Standard show.
Although there´s a lot of buzz around network access control and hope that these two companies will “play nice,” what they really announced was an “architecture and … details on how to integrate the embedded security capabilities of Cisco´s network infrastructure with those of Microsoft Windows Vista and the future version of Windows Server, code- named “Longhorn.”
What does all of this mean? First of all, current plans for rolling out Vista and Longhorn are for the latter half of 2007, so don´t rush out and order it just yet. Further reading of the white paper and press release shows a few other details:
1. Microsoft´s NAP agent will be the single agent that works for both NAP and NAC in Vista and Longhorn.
2. Microsoft is including as a Windows update a patch to the Vista supplicant which will allow it to work with Cisco´s proprietary EAP/802.1x, in addition to the industry standard supplicant that Vista will contain for 802.1x.
3. Windows OS other than Vista and Longhorn will still need two separate agents for NAP and NAC.
4. Microsoft “will license elements of its NAP client technology to third party software developers” to support non-Windows OS.
5. Microsoft NAP API´s will serve as the single programmatic interface used for health reporting for both Cisco NAC and Microsoft NAP.
6. The Cisco ACS (Access Control Server) will receive notification of “health” from the Microsoft server and then based upon that, grant access to the device depending on the users access rights.
In a nutshell, it looks like Microsoft is responsible for the client, testing the endpoints, determining what policy and what tests the endpoint should be tested against, and communicating this to the Cisco NAC solution. The NAC solution is then in charge of assigning the device to the appropriate VLAN and quarantine and network enforcement. But are they really working toward an industry-wide solution?
The NAC solution is then in charge of assigning the device to the appropriate VLAN and quarantine and network enforcement. But are they really working toward an industry-wide solution?