Despite an official demonstration last week, serious questions remain over the claimed interoperability of Cisco and Microsoft's network technologies, with one analyst claiming the companies were treating the symptom rather than the disease.
At The Security Standard conference, the two giants demonstrated interactions between Vista systems using Microsoft's Network Access Protection (NAP) and network hardware using Cisco's Network Admission Control (NAC) architecture. They also released a white paper describing how the two network access control systems can interoperate, and presented a road map for interoperable products.
But no one knows when those interoperable systems will be available and whether the solution will fit the needs of most enterprise networks. The announcement itself comes after a two-year integration effort that has been shrouded in mystery.
The two companies originally said in October 2004 that they would integrate NAC and NAP, but details since then have been so sparse that there has been increasing speculation that integration was more PR than reality.
Bob Gleichauf, CTO of Cisco's security technology group, acknowledged that NAC-NAP integration took longer than the companies planned. But, he claimed, the silence was more about getting the resources than in the technical hurdles.
Customers who use both Cisco and Microsoft products, and upgrade to both Vista on the desktop and Longhorn Server, will be able to use NAP, NAC, or an integrated NAP-NAC solution for client health screening, Microsoft said.
Vista's NAP System Health Agent will send system health status reports to Microsoft NPS (Network Policy Server) running on Longhorn. A Cisco Secure ACS (Access Control Server) will instruct the NAP agent on the client system about how to access the network after the health check is complete, according to Gleichauf and Mark Ashida of Microsoft.
But there is no indication yet of how this system will support third-party operating systems, network gear, and point security products. Ashida said Microsoft was focusing on NAC NAP for now but fully intends to support other 802.1x-compliant NAC infrastructure vendors.
The benefits of integrated NAC and NAP are at least a year away for enterprises, with Longhorn server months away from availability and widespread adoption of Vista on enterprise desktops also well off in the future, said John Pescatore, an analyst at Gartner.
Jon Oltsik, an analyst at Enterprise Strategy Group, said the Cisco-Microsoft partnership was creating uncertainty in an area that cries out for open standards and multi-vendor support. "They're treating the symptom but not the disease," Oltsik said. "Users want open solutions that support Linux clients and wireless and any kind of switch or router."
The integration between Microsoft and Cisco, while good for those companies, will hinder open standards efforts such as the Trusted Computing Group's Trusted Network Connect standard, Oltsik said. "This is a 1990s solution. It's a big step back for client security."