Does this smell funny to you?
Saw an eWeek article by Peter Galli today that just struck me as off. It is a report from TechEd IT Forum in Barcelona about Microsoft NAP. The title is Microsoft adds NAP for Linux and Mac, but the under title is " Network Access Protection is now deployed in more than 150,000 desktops worldwide, including 70,000 at Microsoft". The whole article is on the Linux and Mac NAP stuff except for almost a footnoted afterthought at the end right before an ad for eWeeks Security Center and says that NAP is now deployed by more than 150,000 desktops, including 70,000 at Microsoft and points to a Microsoft case study detailing this. I think it great that Microsoft has pushed NAP to all of its desktops and another 70k of its closest friends and relatives, but why make this a secondary title of the article and give it no play?
But back to the main gist. If you all remember when we last left our hero, Microsoft, they said they were going to "license and make available" the code to develop NAP clients for non-Windows OSs. It seems true to their word that they in fact have. Two companies, UNETsystem and Avenda Systems will release NAP products for Linux and Macintosh next year. UNET will will release both Linux and Mac versions of its Anyclick for NAP and Avenda will release Avenda Linux Network Access Protection Agent. A third company, Celestix Networks will be releasing an appliance the the NAP policy-enforcement platform, shortly after Server 2008 and ships.
Here is where I smell something fishy though. First of all there is no mention of what the Celestix appliance will do or why one would want that over Server 2008. Second as to UNET and Avenda, Paul Mayfield (who I know and is generally an upfront guy) refused to give any specifics as to what these non-Windows NAC agents would test for. Obviously, it ain't Windows Hotfixes or Windows personal firewall, and most Mac and Linux users don't run anti-virus. Last I checked, that about exhausts NAPs out of the box health checking. They might check identity and services or ports, but I think you may need their own NAP policy server for that.
Here is what I smell. I think Microsoft wants to show they are playing nice on NAP. They want to show they have followed through on their promise and there is NAP for Macintosh and Linux. The pickings are kind of slim, but hey mention 150k desktops using it and trot out a couple of half-baked examples and some reported will write it up as we want to.
I think Microsoft would have been better off trotting out some TCG/TNC stuff. Show a TCG vendor that has a policy server and agent for Linux and/or Mac and show it inter-operating with NAP. OK so maybe it would not have proven the NAP on Linux and Mac stuff, but I think it would have showed some real functionality. Absent more information, what this article does show otherwise is not much!
Comments