lent its support to a popular method for securing networks when it endorsed
the Remote Authentication Dial-In User Service (RADIUS) protocol for its
pending Windows Server 2003.
RADIUS (define) is an official Internet Engineering Task Force (IETF)
authentication and accounting system used by many Internet Service Providers
(ISPs). It is widely used for authenticating, authorizing and auditing users
and devices in a network to defined permissions, based on existing policy.
The Redmond, Wash. software concern, which will make the announcement today
at Storage Networking World in Phoenix, already supports RADIUS in its
Internet Authentication Service (IAS) parcel of Windows 2000 and will
continue to do so in Windows Server 2003 release, but it will also integrate
it into the Microsoft Active Directory service to provide additional
security for storage area networks (SANs) (define). IAS through RADIUS
standard protocol and domain integration with Active Directory helps
administrators centrally manage network access policies based on group
membership, time of day and type of access.
Born out of the firm’s year-old Enterprise Storage Division, the RADIUS
effort is a small slice of Microsoft’s greater effort to bolster the
public’s perception that its software is indeed safe for business use. The
company has taken a beating over the last year or two for the numerous
vulnerabilities that have cropped up in a variety of its software
applications despite its Trustworthy Computing strategy. Microsoft is
working with fabric vendors such as Brocade Communications Systems, McDATA
Corp. and QLogic in the RADIUS endeavor.
The IETF working group ANSI T11 acknowledges the need for a protocol for
switch security and recommends RADIUS as that method. Because of the wide
ground RADIUS covers, Microsoft believes infusing the protocol in its
operating system as its mode of SAN security will make it easier for
customers to use it with existing enterprise security.
“RADIUS is a desirable element in a complete security strategy because it
serves as a trusted third party, providing access control, authentication
and authorization across the IT infrastructure,” said Robert Snively,
chairman of the INCITS Technical Committee T11.
To give the public a taste of what RADIUS can do, Brocade will demonstrate a
“first-of-its-kind” prototype of this technology at Microsoft’s pavilion.
The firms will secure the SAN infrastructure of an enterprise using the
Brocade Secure Fabric Operating System (Secure Fabric OS) and Microsoft’s
IAS implementation of RADIUS for security management.