Nortel Bets on Microsoft NAP

What do you do when you're locked in a battle for network access market share with the world's largest networking provider? If you're Nortel, you team up with one of the world's largest software providers.

Nortel is strengthening its Microsoft integration by supporting Microsoft's Network Access Protection (NAP) and its critical Statement of Health (SOH) protocol. The move, Nortel said, is to help enterprises contend with one of the key barriers of access control adoption, namely complexity.

Nortel's Secure Network Access (SAN) technologies now fully support SOH, which helps determine the security posture of an endpoint. With the full embrace of NAP, Nortel is placing itself in the Microsoft camp as an alternative to Cisco's Network Access Control (NAC).

"We've picked a path to move forward and that path is the Microsoft paradigm," John Gray, portfolio leader of business optimized networking for Nortel, told InternetNews.com. "Customers have a choice they can make against Cisco, and we can now sit at the table shoulder to shoulder with Microsoft to help customers with that choice."

Microsoft's NAP access control architecture is part of the upcoming Windows Server 2008 release and will support both Windows Vista and XP desktops as endpoints.

Microsoft opened the SOH protocol in May to the Trusted Computing Group's Trusted Network Connect (TNC) access control architecture. Nortel's SNA access control solution is TNC-compliant and is expected to make use of Microsoft's protocol as an extension of Nortel's existing TNC compliance.

When it comes to NAP, Microsoft is building a large ecosystem of vendors that will support it as part of a bid to ensure its dominance. In February, Microsoft had already boasted that it had some 100 partners, with varying degrees of intent and support for NAP compatibility.

Nortel's full embrace of Microsoft's NAP will include support across a broad range of Nortel equipment. This week Nortel announced a number of new additions to its Ethernet Routing Switch Portfolio, including updates to the 2500, 4500 and 5500 series of Ethernet Routing Switches that will all support Nortel's SNA access control.

Gray said the Microsoft NAP solution in Windows Server 2008 is a less complex approach than going with a full Cisco NAC approach.

Where Nortel intends to add its own value on top of Microsoft's NAP and the SOH protocol is with full post-admission policy control. SOH is typically used as a pre-network admission control check and is not used as part of a post-admission policy.

Gray explained that Nortel's SNA also provides post-connect security protection by fully integrating with Nortel's line of Intrusion Detection Systems (IDS) and firewalls.

"So if an IDS sensor detects from a post connect something anomalous, it can enable an action to occur at the switch level, such as shutting off a port," Gray said.

For users who are connecting remotely to the enterprise, Nortel has just updated its VPN Gateway to provide additional security protections.

Nortel's VPN Gateway 7.0 is a blended IPsec and SSL VPN solution that lets users connect either via an IPsec client or through an SSL-encrypted interface. The solution now includes integration with Symantec's On Demand Protection tool for SSL VPN. The Symantec tool ensures that nothing stays on the endpoint in terms of cache or temporary files and that nothing can be pulled from the VPN session to the local device.

Even with its relationship with Microsoft and an expanded portfolio of switches and VPNs, Nortel is still facing an uphill battle against Cisco. A recent report from Synergy Research pegged Microsoft's share of the network switch space at just over 60 percent.

Gray, however, said Nortel is moving in the right direction.

"What's important is that for the last five quarters, quarter over quarter we've grown our business by double digits, and that's the litmus test from my perspective that we're doing the right thing."