Microsoft's NAP (Network Access Protection) has been a long time coming for those of us working in the security industry. The first real evidence of NAP was the NAP client shipped in Vista and in Windows XP's SP2 (correction XP SP3) update. The server component for actually applying policies and managing enforcement required the then dubbed Longhorn release, which we now know as Windows Server 2008.
My interest was peaked again this week when Jeff Wettlaufer, Sr. Technical Product Manager of Microsoft's System Center Configuration Manager, put up a blog post about SCCM's role in the Microsoft NAP process. You almost hear the excitement in Jeff's voice when reading his blog post about the launch of Windows Server 2008.
Jeff has agreed to join me on a future episode of the Converging On Microsoft Podcast which will probably air around the time of Windows Server 2008 launch on February 27th. I've also asked my friend Amith Krishnan, Sr. Product Manager of Microsoft's NAP, to join me on a podcast too, so hopefully he'll be on to give us the skinny on all the NAP capabilities available with Windows Server 2008. Amith previously appeared on episode 42 my personal SSAATY Podcast.
As a lead up to NAP's availability in Server 2008, I thought I'd supply a few overviews on what NAP is and how it works. Here's an excerpt from Jeff's blog post describing a scenario using NAP.
A typical scenario could be this. Microsoft releases the standard patch Tuesday round of updates, and Woodgrove Bank (our fictitious company we use as an archetype in our demos) brings these into their environment, tests and releases these. Through the release process, these updates can actually be given a window of time where they are made available, both to network clients, (online and WoL) as well as Internet Based Clients (yup we do that now). But, the Woodgrove bank also has a security policy that updates must be enforced, so part of our release of updates could include NAP evaluation after a certain date. So, for example, we make the update available for say 2 weeks, but after that, we will NAP enforce the presence of that update on clients.
And here's a video demonstration.
Video: Configuration Manager Network Access Protection
Like this? Here are some of Mitchell's recent posts.
Vista Starter - The Easy Button For Vista
vLite Puts Vista On Diet
Comic Strip About IT Heroes
Controlling Upgrades A Thing Of The Past?
SQL Server 2008, er...2009?
Check out Mitchell's Converging On Microsoft Podcast.
Also visit Mitchell's personal blog The Converging Network and SSAATY Podcast.
Visit Microsoft Subnet for more news, blogs, opinion from around the Web.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Mitchell Ashley is CEO and Chief Strategist of Converging Network, LLC, providing product and technology strategies to emerging technology companies. A serial entrepreneur, Mitchell has created many successful products and services in the networking, security, convergence, Internet and IT industries. In addition to blogging for NetworkWorld, Mitchell regularly blogs at TheConvergingNetwork and co-hosts the widely popular Still Crazy After All These Years podcast.
|
|
has thier prince come?
Mitchell - reading this I had visions of Bill Gates as prince charming awakening sleeping beauty. I think the truth may be closer to Microsoft kissing a lot of frogs, looking for a prince! I have wrote more about this on my blog here