With Windows Server 2008 there's no more NAPping

Clarifying issues surrounding this emerging security architecture

By the end of the month, Microsoft will release Windows Server 2008 which contains native support for its NAC scheme called network access protection (NAP).

NAP support is already in Vista clients and certain versions of XP clients so now with NAP support in Server 2008, customers will finally have all the elements they need to actually try out NAP - something they’ve not been able to do since Microsoft started talking about NAP in 2004.

The combination of the client and server give Microsoft customers the ability to communicate endpoint security status to the NAP policy server to determine what, if any, network access the client should receive.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

By the end of the month, Microsoft will release Windows Server 2008 which contains native support for its NAC scheme called network access protection (NAP).

NAP support is already in Vista clients and certain versions of XP clients so now with NAP support in Server 2008, customers will finally have all the elements they need to actually try out NAP - something they’ve not been able to do since Microsoft started talking about NAP in 2004.

The combination of the client and server give Microsoft customers the ability to communicate endpoint security status to the NAP policy server to determine what, if any, network access the client should receive.

With NAP turned on, customers can use 802.1x switches, DHCP servers,VPN gateways, and wireless access points as places to enforce NAP policies. Theoretically, NAP could be implemented with little investment beyond the cost of upgrading to Windows Server 2008.

In a larger view, this is the start of finding out how large Microsoft’s influence will be in NAC. For those who have put off NAC this long and who are upgrading to Server 2008 anyway, it probably makes sense to wait a bit longer and see whether NAP can meet their network access needs.

Some who have already rolled out NAC may find value in plugging some or all of NAPs components into their NAC architecture. Having the NAP policy server as part of the plan or using the NAP client as a health reporting agent may make administrative or financial sense.

In any case, once NAP is available at the end of the month, its pending arrival can no longer be cited as a reason that NAC uptake is delayed. If NAC uptake doesn’t accelerate over the course of this year, it will be for more fundamental reasons that would question whether NAC is as burning a need as its proponents claim.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.