On Friday, I spoke with Samm Distasio, a Group Product Manager in the Windows Server Group, about changes the company is making to Windows Server 2003 Release 2 (R2), the upcoming revision to Windows 2003 that will ship in 2005. Originally slated to include a network quarantine feature called Network Access Protection (NAP), R2 will now ship without that feature. Instead, Microsoft will include NAP in Longhorn Server, currently expected in 2007.
  
"When we announced our Windows Server roadmap earlier this summer, one of the features we discussed was NAP, which included 25 industry partnerships," Distasio said. "However, customers told us that we had a hole in our strategy, and that hole is Cisco Systems. So \[today\], we're announcing a partnership with Cisco around NAP. We have an agreement with Cisco to make our quarantine technologies interoperate." To make that strategy work, however, Microsoft will need to delay NAP until the Windows Server release that follows R2.
  
Before Microsoft releases NAP and deploys the Cisco compatibility strategy, the company will ship VPN Quarantine, a limited quarantine feature, in Windows 2003 Service Pack 1 (SP1). This solution will let customers build VPN-based system-inspection tools that can quarantine machines--primarily laptops--that connect to an enterprise and don't meet the organization's security standards. While in quarantine, the systems won't be able to access any internal network resources but will be able to install security patches and other necessary updates. However, the VPN Quarantine feature will be difficult to implement and isn't expected to see wide deployment. NAP will solve this problem with simple deployment tools that make network quarantine a core part of the OS.
  
By integrating NAP with Cisco's Network Admissions Control (NAC) technology for network security and health assurance, Microsoft is ensuring that customers will be able to choose a single, integrated solution or mix and match the products and services they need, Distasio told me. "We'll pass policy decisions between the two \[technologies\] so that customers can deploy both and get the best of both worlds if they want. Customers who do so will get quarantine from us and switch-based enforcement from Cisco."
  
According to my sources, Microsoft also earlier decided to remove the upcoming Bear Paw version of Terminal Services from R2. That technology, which will now reportedly ship in Longhorn Server, offers major enhancements over today's Terminal Services functionality.