Waiting on Microsoft

Fulton County in Georgia is about as far along as any place in implementing Microsoft's version of network access control. But even Fulton County won't be able to put Microsoft's Network Access Protection (NAP) into production for several more months.

The Microsoft endpoint protection architecture delivers what the county wants -- the ability to check the status of machines before they gain network access -- but the individual pieces aren't ready yet, says Robert Taylor, the county's CIO and director of IT.

Taylor has had Microsoft's Vista client, which enables NAP, on his PC since July 2005 as part of a Microsoft beta program. But the county is waiting for Longhorn Server and an upgrade to Microsoft System Management Server (SMS) that will make it possible to push Vista out to 5,000-plus users.

Without that SMS upgrade, deploying NAP would be too time consuming. "So what we have to end up doing is basically running around from PC to PC and doing it manually. I don't have enough resources to do that," Taylor says.

The county wants to take advantage of its Microsoft enterprise software license to add NAP protections without extra costs by leveraging Vista, which reports on the status of endpoints, and Active Directory in conjunction with Longhorn server, which supply and enforce NAP policies.

The county considered using Cisco's Network Admission Control, but the $170,000 bid was too expensive. "With Microsoft, NAP is bundled within the product itself, and so we don't have to pay the $170,000 to get it. It's strictly economics," Taylor says.