Microsoft and Trusted Computing Group Announce Interoperability

Trusted Computing Group’s Trusted Network Connect architecture to incorporate Network Access Protection’s primary client-server protocol.

AS VEGAS.— Trusted Computing Group (TCG), which develops open standards for computing security, and Microsoft Corp., a TCG member and active participant, today announced at Interop Las Vegas 2007 that they will provide customers and partners interoperability of TCG’s Trusted Network Connect (TNC) architecture and Microsoft® Network Access Protection (NAP) for network access control (NAC). This interoperability means customers can use NAP products in TNC-protected networks and TNC products in NAP-protected networks. NAP partners can support TNC clients and servers, and TNC implementers can support NAP clients, servers and protocols.

The first step in the interoperability of NAP and TNC will be enabled by Microsoft’s contribution of its Statement of Health (SoH) protocol to the Trusted Computing Group. A new specification, the IF-TNCCS-SOH, is being released today as part of the TNC architecture. Vendors can begin implementing the IF-TNCCS-SOH specification immediately. Several demonstrations of the new specification will be shown on the Interop show floor this week in TCG’s booth #211 and in Microsoft’s booth #1548.

With this interoperability, customers of both Microsoft and TNC-enabled networks can realize significant benefits:

Interoperability and customer choice: Customers are now provided with a choice of architectural and product options. They will be able to choose components, infrastructure and technology as best serves their business needs while being assured of interoperability.

Simplification, clarity, and confidence: The interoperability of NAP and TNC provides helpful guidance for customers considering network access control architectures and products and offers assurance that a wide variety of products will work together.

Investment protection: The interoperability of TNC and NAP platforms enables customer reuse and investment protection of their TNC and/or NAP deployments. For example, customers can begin deploying products based on TNC specifications today and integrate NAP into the environment concurrent with their deployment of Windows Vista® and Windows Server® 2008.

Single agent included in Windows®: Computers running Windows Vista, Windows Server 2008, and future versions of Windows XP will include the NAP Agent component as part of the core operating system. The NAP Agent will be used for both NAP and TNC.

As products supporting the new IF-TNCCS-SOH specification become available in the coming months, customers will be able to start implementing portions of NAP-TNC interoperability. TNC servers that support the SoH protocol can interoperate with Windows Vista and other NAP clients without requiring any extra software to be downloaded or installed on the client. TNC clients that support the SoH protocol can participate in NAP-protected networks, authenticating and participating in health checks.

“The contribution of the Statement of Health, Microsoft’s primary client-server protocol, to the TNC architecture enables a wide variety of network access control implementations for customers and for vendors, ultimately helping provide significantly better protection of corporate information and assets,” said Steve Hanna, co-chair of the TCG TNC work group and distinguished engineer, Juniper Networks. “Agreeing on common security standards provides a solid foundation on which we can build a more secure computing future.”

“With this interoperability, Microsoft has reaffirmed its commitment to the Trusted Computing Group and to the development of industry standards that benefit all users,” said Henry Sanders, general manager, Windows Networking and a Distinguished Engineer. “TCG is providing both the IT community and the networking industry with the benefits of integration and interoperability.”

TCG and Microsoft have published a technical white paper that describes how Microsoft NAP and TCG TNC interoperate for security policy enforcement and health assessment. The white paper can be downloaded at https://www.trustedcomputinggroup.org/news/events/interop_2007. Leading networking and security companies expressed their support for the announcement:

“The inclusion of the statement of health capability in the TNC specification and resulting interoperability with the Microsoft NAP architecture allows organizations to deploy NAC solutions with confidence today — without worrying about which standard will win,” noted Paul Sangster, TCG TNC work group co-chair and distinguished engineer, Symantec. “As a leading security provider, Symantec welcomes the interoperability of these leading NAC architectures and will continue to support the TNC architecture.”

“As a TNC contributor, TCG director and a Microsoft NAP partner, Wave Systems Corp. is very pleased to see the convergence of these capabilities that delivers an interoperable trustworthy solution,” said Brian Berger, executive vice president of marketing and sales at Wave Systems. “By providing a trusted endpoint and the use of the Trusted Platform Module for end-point integrity, these NAC solutions provide the enterprise assurance that the endpoint is authentic and trustworthy.”

“TCG continues to play a key role in creating and evangelizing open standards for trusted platform security, and the interoperability of Microsoft Network Access Protection with the TCG’s Trusted Network Connect architecture for network access control broadens the impact of industry standards in infrastructure security, while offering customers more choice on how they implement NAC,” said Mark Schiller, president of the TCG and director of HP’s Trusted Computing Strategy. “This interoperability will help accelerate the development of products and the deployment of network access control towards better security of systems, networks and mission-critical data.”