Interop: Microsoft Touts Next Phase Of Security Evolution

At Interop 2007 this week in Las Vegas, Microsoft highlighted new features of the beta for Intelligent Application Gateway service pack 1, one of the first products that shows how the vendor intends to achieve these goals.

The beta service pack is the first major update to the SSL VPN product the Redmond, Wash.-based vendor gained in its acquisition last July of Whale Communications. IAG 2007 marries Whale's SSL VPN and Web application firewall technologies with Microsoft's Internet Security and Acceleration Server.

IAG 2007 service pack 1 adds support for Windows Mobile 5, which includes Exchange 2007 push e-mail, as well as for Forefront Client Security, which Microsoft released earlier this month, said Joel Sloss, senior product manager for the ISA Server business unit at Microsoft.

IAG service pack 1 integrates well with existing infrastructure, tying neatly into Active Directory Federation Services, said Sloss.

Sponsored post

"Through ADFS, it's easier to provision users and set up trusted relationships," said Sloss.

IAG is particularly useful for creating extranet portals and dynamically customizing user accounts, said Sloss. "With ADFS, we can broaden that capability to provide a customized portal experience," he said.

IAG service pack 1 doubles both HTTP throughput and the number of users that IAG can support, said Sloss.

IAG currently ships only as a hardware appliance, but Microsoft plans to add a software version after the release of Windows 2008, formerly known as Longhorn, which is slated for later this year, Sloss said.

Six new OEM partners, including SurfControl, will work with Microsoft to develop products ranging from entry level ISA Server devices to high-end IAG devices, according to Sloss.

Microsoft this week also revealed plans to support interoperability between Microsoft's Network Access Protection and the Trusted Computing Group's Trusted Network Connect NAC standard.

The TNC has accepted and added Microsoft's proposed statement of health protocol to the TNC standard, which means automatic interoperability with NAP infrastructure for all TCG vendors, said Mike Schutz, director of product management for Microsoft's Infrastructure Marketing group.

Regardless of whether the customer decides to deploy NAP or TNC, Microsoft's vendor partners now can write to the NAP agent that's built into Vista, said Schutz. "NAP and TNC are very similar, and they now share this protocol," he said.

Clients in Windows Vista and XP can now either connect to a TNC server or use a TNC-developed client to connect to a Microsoft Network Policy Server, according to Schutz.

Although the move could be seen as a shot across Cisco's bow, Schutz pointed out that Cisco has already standardized on the Microsoft client for interoperability between its version of NAC and NAP, and that the vendors remain committed to making their NAC technologies work together.