Nearly 80% of respondents to our third annual InformationWeek Analytics NAC poll are evaluating or deploying network access control technology, but IT still has a big beef with its lack of interoperability. So it's to Microsoft's credit that early on the company moved away from trying to develop a proprietary system. Instead, it built a framework; developed a set of APIs for third-party integration; and, most important, aligned itself with the most widely accepted standards body in the NAC space, the Trusted Computing Group.
Of course, the fact that Microsoft is offering its Network Access Protection technology free with a Windows Server 2008 license can only help drive adoption. In fact, according to our poll, NAP already is pulling equal with Cisco Network Admission Control in terms of framework familiarity.
Near term, the fruit of Microsoft's collaboration with the Trusted Computing Group is a new interoperability standard based on Microsoft's NAP and TCG's Trusted Network Connect. The spec defines a NAC industry-standard protocol, dubbed Statement of Health, or SoH, for reporting on the security profile of a given endpoint. SoH is a win-win for IT and vendors alike because it ensures that third-party clients can report and enforce system health with a Microsoft Network Policy Server (NPS). Conversely, the Microsoft NAP client built into Vista and Windows XP SP3 will, theoretically, seamlessly interoperate with third-party enforcement points.
2008 NAC SURVEY
Find out what peers and vendors think about the future of the NAC market.
We didn't test NAP head-to-head with Cisco NAC because it's just not an apples-to-apples comparison ... not yet, at least. If you're considering Cisco NAC vs. Microsoft NAP now, be aware of the functions that NAP does less well, if at all; these include enabling robust guest access enforcement, captive portals, and support for Mac OS. Additionally, the Cisco NAC agent provides the administrator with the ability to scan for specific registry keys or other system values, and make policy decisions based on those values. The NAP agent does not.
Still, for the price, Network Access Protection is sure to take a bite out of Cisco's bottom line.