Security architecture to enable customers and partners to deploy interoperable Cisco Network Admission Control and Microsoft Network Access Protection.


BOSTON - Sept. 6, 2006 - Cisco Systems Inc. and Microsoft Corp. are delivering on their previously stated commitment to provide customers and partners with clear guidance on how Cisco Network Admission Control (NAC) and Microsoft® Network Access Protection (NAP) will interoperate. The two companies are demonstrating the new interoperable architecture at The Security Standard conference (http://www.thesecuritystandard.net), which opened today in Boston.

A technical white paper released today by the two companies describes how Cisco NAC and Microsoft NAP interoperate for security policy enforcement and health assessment. The white paper describes the architecture and provides details on how to integrate the embedded security capabilities of Cisco’s network infrastructure with those of Microsoft Windows Vista™ and the future version of Windows Server®, code-named “Longhorn.” The white paper can be downloaded at http://www.cisco.com/go/nac and http://www.microsoft.com/nap.

In addition, the two companies have revealed a general road map for bringing Cisco NAC and Microsoft NAP interoperability to market, including a limited beta program set to start later this calendar year. Customers will be able to start deploying the Cisco NAC-Microsoft NAP interoperable solution once Windows Server “Longhorn” is available in the second half of 2007. Cisco and Microsoft have cross-licensed the Cisco NAC and Microsoft NAP protocols to help ensure interoperability and to enable both companies to respond to future market and customer requirements.

“This is exactly what is needed in the market as businesses attempt to understand how to implement a network access control infrastructure in order to increase security amid an increasingly mobile work force and increasingly aggressive threat environment,” said Zeus Kerravala, vice president of security and networking research at Yankee Group. “Microsoft and Cisco must work together on this, and I’m pleased to see these two companies make the investment and the engineering commitment for interoperability.”

Although both companies will continue delivering their individual solutions, customers now have a choice between Cisco NAC, Microsoft NAP, or the interoperable solution from both companies. The joint architecture allows communication and policy enforcement across Cisco NAC and Microsoft NAP, enabling an end-to-end solution to be built around the Cisco and Microsoft interoperability. Technology partners of the Microsoft NAP and Cisco NAC ecosystems can also refer to the joint architecture for building or marketing solutions that work within the joint framework.

“The need for secure systems has dramatically increased over the past five years. Our relationship with Microsoft has enabled us to design this joint architecture and interoperability to enhance network security for businesses around the world,” said Charlie Giancarlo, chief development officer for Cisco. “This collaborative innovation represents a significant step in delivering Self-Defending Networks that protect IT resources across enterprise organisations of all sizes. Interoperability provides the flexibility customers need to deploy a comprehensive solution that fits their business needs and hardens their IT infrastructure against security threats - threats that today are more complex and require greater coordinated protection throughout the network.”

“Microsoft and Cisco are committed to work together to help our customers achieve the necessary balance between securing their IT infrastructure while enabling access to critical network resources,” said Bob Muglia, senior vice president of the Server and Tools Business at Microsoft. “This is yet another milestone in our promise to IT customers that we will protect information and control access by providing a comprehensive, integrated and easy-to-manage security infrastructure of both Microsoft and third-party solutions.”

With this joint architecture, customers and partners are not forced to choose between Cisco NAC and Microsoft NAP but can realise the benefits of both:

  • Interoperability and customer choice. Customers are now provided with a choice of architectural and product options. They will be able to choose components, infrastructure and technology that best serve their needs while implementing a single, interoperable solution.
  • Investment protection. The interoperability architecture enables customers to protect their investment in their Cisco NAC and/or Microsoft NAP deployments. For example, customers can continue to deploy Cisco NAC today and then integrate Microsoft NAP with their deployment of Windows Vista and Windows Server “Longhorn.”
  • Single agent included in Windows Vista. Computers running Windows Vista or Windows Server “Longhorn” will include the Microsoft NAP Agent component as part of the core operating system, which will be used for both Cisco NAC and Microsoft NAP.
  • Independent software vendor integration ecosystem. To simplify the development of third-party health agent and health enforcement components for clients running Windows Vista, the NAP client APIs will serve as the single programmatic interface used for health reporting for both Cisco NAC and Microsoft NAP.
  • Cross-platform support. To support client operating systems other than Windows®, Microsoft will license elements of its NAP client technology to third-party software developers. Cisco will continue to support and develop its NAC client (the Cisco Trust Agent) for non-Windows Vista and non-Windows Server “Longhorn” platforms and will continue to execute on its publicly stated direction to submit the Cisco NAC protocols for standardisation through open standards processes.
  • Agent deployment and update support. The customer experience and process for deploying the required agent components for interoperability with Windows Vista and Windows Server “Longhorn” will be similar to deploying typical Windows operating system services and Windows Update and Windows Server Update Services client component distribution mechanisms.

This announcement is the latest milestone in an ongoing relationship between the two industry leaders, which have been partners in networking for several years. In the security arena specifically, Cisco and Microsoft have been collaborating on virtual private networks and wireless security, in addition to NAC-NAP interoperability.