Microsoft's NAP plays a leading role in NAC interoperability

Clarifying issues surrounding this emerging security architecture

Interop Labs is again taking a look at NAC interoperability and that project has produced interesting interpretations of the importance of Microsoft's network access protection (NAP).

Many businesses may have been waiting for NAP before starting to deploy NAC, says Joel Snyder, who wrote up the Interop Labs test results for Network World Lab Alliance.

He writes that “…we found a widespread assumption among team members and participating vendors that enterprises will want to start with Microsoft’s built-in - not to mention free - NAP clients in Vista and XP SP3 and build a full NAC solution on top of those.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Interop Labs is again taking a look at NAC interoperability and that project has produced interesting interpretations of the importance of Microsoft's network access protection (NAP).

Many businesses may have been waiting for NAP before starting to deploy NAC, says Joel Snyder, who wrote up the Interop Labs test results for Network World Lab Alliance.

He writes that “…we found a widespread assumption among team members and participating vendors that enterprises will want to start with Microsoft’s built-in - not to mention free - NAP clients in Vista and XP SP3 and build a full NAC solution on top of those.”

The reason? The desire to avoid the one-more-client syndrome. Snyder says this is borne out by the behavior of NAC rivals Cisco and Juniper. Both participated in Interop Labs tests, but neither brought along their NAC clients, which could be interpreted as them ceding the client to Microsoft.

After all, they both sell a lot of other NAC-related gear, so letting Microsoft take care of the client won’t affect their bottom line that much. And it may be just as much of a nuisance for them to upgrade clients as it is for customers.

Snyder also notes that endpoint security software, such as that made by McAfee, Symantec and Trend Micro, can contribute to NAC endpoint assessment. Their software can report information about the health of endpoints to the NAP client, giving a fuller picture of endpoint status.

The odd thing is that none of those three participated in this year’s Interop Labs tests, “where they would have been expected to have fully baked solutions that operate in both NAP- and [Trusted Computing Group]-based nets.”

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.