Preparing for Microsoft's NAP

Clarifying issues surrounding this emerging security architecture

The next few months are important for businesses that want to start using Microsoft's version of NAC, which is known as network access protection or NAP.

With the release of Microsoft Vista for desktops, customers have client software that supports 802.1x authentication and that can become the client component in other vendors' NAC schemes.

This can be a real time saver for customers who would otherwise have to distribute 802.1x supplicant software to each machine that they want to be part of a network-based NAC deployment.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The next few months are important for businesses that want to start using Microsoft's version of NAC, which is known as network access protection or NAP.

With the release of Microsoft Vista for desktops, customers have client software that supports 802.1x authentication and that can become the client component in other vendors' NAC schemes.

This can be a real time saver for customers who would otherwise have to distribute 802.1x supplicant software to each machine that they want to be part of a network-based NAC deployment.

One business, for example, that wants to deploy Cisco's switch-based network admission control (CNAC) says it would rather wait until it deploys Vista widely than spend money on Cisco's own CNAC host software, Secure Services Client.

The business, which has 14 campuses, is so distributed that it can't afford to use NAC appliances, a large number of which would have to be deployed widely. So it likes the idea of CNAC determining centrally whether devices should gain network access and enforcing those decisions through its Cisco switches.

And also because the users are so distributed, the company is reluctant to add any more specialized client software to its PCs, creating one more item that needs to be installed and maintained.

Businesses that want to embrace full-blown NAP as conceived by Microsoft will still have to wait a bit longer until the Longhorn server ships later this year. It contains the elements that measure when, how and if a device gets network access, and includes assessment of the security posture of the host machine.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.