Microsoft demos NAP technology with partners 15 February, 2007 By Patricia Pickett

The Redmond, Wash. software giant claims it now has the largest partner ecosystem for network access control. The ecosystem includes vendors in the networking hardware space; makers of security appliances, secure sockets layer (SSL) virtual private networks (VPNs) and other access technologies; patch management vendors; and anti-virus companies for network access control (NAC).

Together with its partners, Microsoft showed more than 40 working NAP solutions to the public at the recent RSA Conference in San Francisco, including examples of NAP interoperation with networking equipment from Alaxala Networks Corp., Aruba Networks Inc., Cisco Systems Inc., Enterasys Networks Inc., Extreme Networks Inc., Foundry Networks Inc., Meru Networks, Nortel Networks and ProCurve Networking by HP.

Meanwhile, a separate partner pavilion at the conference featured several NAP partners, including Altiris Inc., Apani Networks, Applied Identity Inc., ConSentry Networks, LG N-Sys, Lockdown Networks, Nevis Networks Inc., SignaCert, SkyRecon Systems and Vernier Networks.

NAP is built into the Windows Vista operating system and will be included in the upcoming version of Windows Server, code-named Longhorn. The platform enables IT administrators to enforce compliance with system health requirements, said Derick Wong, senior product manager for security and management at Microsoft Canada Co. in Mississauga, Ont.

When someone goes through a virtual private network (VPN), the user's computer must go through a security check to make sure it has the current virus signature updates, patches and other operating system updates that the system administrator has set as requirements. "That's great, but if I take that same laptop and plug it into a network in an office, the network doesn't do those checks," Wong said.

NAP will change all of that, Wong said. Computers plugging directly into the network will now be checked the same way as those coming in through the VPN. Not only will administrators be able to create customized policies to validate computer health before allowing access or communication, but they will also be able to automatically update compliant computers to help ensure that compliance is ongoing. In addition, administrators have the option to confine non-compliant computers to a restricted network until they become compliant, he said.

The automation included in NAP is ideal for small and medium businesses where the systems administrator might be wearing other hats, Wong said.

There are many opportunities for channel partners in this space, Wong noted. One of them is the ability to provide additional customer care around security. "Now (resellers) have a mechanism that they can actually deploy to their customers to help them keep their resident and remote machines up-to-date," he said. "This can help reduce the risk for customers and also help reduce management of machines."

NAP also provides partners with integration opportunities. "We have integration partners that will be configuring all these other devices to work with NAP. It's really a cross-platform type of solution," said Wong.

Many Microsoft partners are already proficient in the vendor's current access solutions, including Active Directory. "These partners will be able to pick up NAP fairly easily." NAP will provide another dimension of what these partners already offer their customers, Wong said.