ProCurve Integrates With Microsoft NAP

Networking

The integration, announced Monday, comes as many end customers continue struggle with not only how to secure the network, but also the devices and the users that connect to it.

According to ProCurve chief security architect Mauricio Sanchez, the Palo Alto, Calif.-based vendor will complement NAP and add a layer of security policy enforcement at the edge. ProCurve's integration with Microsoft, Sanchez said, is a move to get in front of the ever-growing base of users that have or will soon deploy Server 2008, which comes with NAP functionality embedded.

Sanchez said ProCurve's IDM, a policy management solution, switches and wireless access points are now compatible with NAP, opening the door for customized network access policies for admission of users and clients in both wired and wireless environments.

"It's extending Microsoft NAP with stronger identity management capabilities," he said. "The NAC market emerged from the device health mantra but one of the missing pieces that customers are starting to question and ask for is the identity piece."

Sanchez said the integration falls in line with ProCurve's ProActive Defense strategy, which combines access control and network immunity with trusted architecture to defend against potential security threats.

Microsoft NAP is a policy enforcement technology built into Windows Vista and Windows Server 2008 operating systems to better protect user network assets from unhealthy devices by enforcing compliance with network health policies. NAP is currently available with Vista and Server 2008 and will also be available with Windows XP SP3.

Adding ProCurve IDM to the fold gives network administrators the ability to centrally define and apply policy-based network access rights that allow the network to automatically adapt to the needs of users and devices as they connect, enforcing network security while providing the appropriate level of access to users and their devices.

Policies can be set by group or by individual to dictate how the network looks and behaves to specific individuals. Sanchez added that IDM can be rolled out for policy-based access management before moving to Server 2008 and can integrate with the operating system once it is deployed.

He said "NAP is a nice baseline" for protection, but extra pieces are needed for robust access control. Sanchez later compared Microsoft to a bulldozer, noting it "moves slowly, but can cut a clean swath."

Under the hood, ProCurve's IDM is based on open security standards like RADIUS, 802.1x and LDAP.

Greg Huza, enterprise systems consultant for Heartland Business Systems, a Little Chute, Wis.-based solution provider, said ProCurve's integration with NAP will help him fill a void in customers' network security deployments and presents him an opportunity to offer security solutions that can be put in today and accommodate later security deployments.

"Customers are looking for ways to protect their networks and allow flexibility and access," he said. "I don't know any customers that aren't trying to secure their endpoints and entry points to the network."

Huza said from a professional services side, he'll also be able to help customers reign in network security. He added that the interoperability among solutions will help him "provide a network security offering that takes care of all of those things."