Microsoft delays access control technology

Microsoft again revised its Windows server roadmap, this time delaying for nearly two years the release of features for controlling network access - in part to implement a new plan to develop the technology in unison with similar technology from Cisco Systems.

The newest roadmap revisions follow changes made in July that pushed Windows Server 2003 Service Pack 1 and the 64-bit versions of the server from the end of this year into the first half of 2005.

Microsoft said the first pieces of Network Access Protection (NAP), a set of technologies for evaluating desktop computers for security compliance before letting them on a network, would not ship next year, but would instead be included in Longhorn Server, which is set to ship in 2007. Microsoft first announced NAP in July and intended to ship the first pieces of the technology as part of Windows Server 2003 Update, codenamed R2. In addition, R2, which had been planned for the first half of 2005, will now ship in the second half.

Eyebrows were raised by the NAP announcement because Microsoft's list of some 20 partners did not include Cisco, which is developing a similar technology called Network Admission Control.

In explaining the shift toward working together, both companies acknowledge it may take at least two to three years to achieve full interoperability and that both had no plans to scrap existing technologies.

The change of plans between Microsoft and Cisco comes after Friday's announcement that Cisco and IBM will work together on access control technology by linking IBM's Tivoli software with Cisco network gear to scan devices trying to connect to corporate networks.

"With Cisco, people have said that is a missing piece of the story," says Samm DiStasio, group product manager for the Windows Server division. "So we have worked to get where we can collaborate so that our two solutions can co-exist and interoperate, but make no mistake there are trade-offs that we have to make."

Out of R2 and now slated for Longhorn is the Policy Connection Server that will be built into the server operating system and act as a sort of mediator that enforces network policies on access control. Also delayed is a policy store that will be added to Microsoft's Internet Authentication Service (IAS), which is an implementation of the RADIUS protocol. The store will house IT-defined policies such as mandatory checks of current patch levels. The Policy Server also includes a set of APIs that would allow other vendors to link their products to the server.

On the upside, DiStasio said the delay in the technology would allow Microsoft to include support for IPSec certificate-based access, a capability that was not planned for the first version of NAP. DiStasio, however, could not say if wireless support would be added.

Microsoft says it will still offer its VPN Quarantine technology in Windows 2003 Service Pack 1, now slated to ship in the first half of 2005. The VPN technology, which requires uses to write their own rules and scripts, is the first taste of the NAP capabilities.

Microsoft said it will work with Cisco to develop interoperability between their respective technologies so that users could mix and match components into a single platform. The two also said they would help drive adoption of industry standards, although they did not mention anything in particular.

The Trusted Computing Group (TCG) is nearly finished with a technical specification called Trusted Network Connect for use in multi-vendor environments for compliance checks on anti-virus and patch updates.

In addition to the network access control work, Microsoft highlighted other additions and changes to its server roadmap.

The first release candidate of Windows Server 2003 Service Pack 1 will ship by the end of the year, and Microsoft also will offer a software development kit this fall for its Windows Server 2003 High Performance Computing edition, slated to ship in the second half of 2005.

Also, Windows Server 2003 64-bit editions for Intel and Advanced Micro Devices processors will ship in the first half of 2005.

In the second half of 2005, Microsoft will deliver R2 with new storage management capabilities and such already announced features as branch server management and Active Directory Federation Services. Also on tap is an R2 version of Windows Storage Server, a specially tuned OS to be made available to OEMs.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Advanced Micro Devices Far EastCiscoIBM AustraliaIntelMediatorMicrosoftTivoli

Show Comments