Crawford says part of Microsoft's challenge is that it has lots of moving parts on desktops, within network infrastructure and on a network's edge. "They want to get [those parts] better and more market ready before they actually go to market with this plan. They have bitten off an awful lot."
The plan is to integrate security products under the Forefront brand, offer software-as-a-service versions and present it all as an intelligent layered defense for corporate infrastructure.
That layer will be integrated with Active Directory and third-party products and tied together with the forthcoming Forefront Protection Manager console (formerly called Stirling), a centralized management panel for all the Forefront security products. The console is slated to ship in early 2010.
Microsoft officials say the identity and security message is a natural outgrowth of last year's corporate reorganization that merged two business groups -- Identity/Access and Security/Access -- into the Identity and Security Business Group.
"We don't see ourselves as providing the only solution that an enterprise customer needs for security, we see ourselves providing a broad foundation of security services that a company can rely upon," Muglia says. "Then we can work with the rest of the industry to meet the specific needs as they might have for their given organizations on a security basis."
The foundation starts with Active Directory and its ability to manage identities and credentials and to integrate with the cloud via Active Directory Federation Services (ADFS) and the Windows Identity Foundation (formerly Geneva), both of which will ship near the end of this year. Active Directory includes policies and privileges that extend to the edge of the network and are managed by Forefront Identity Manager.
On top of that is the protection layer Microsoft will add that includes among other tools antivirus and antimalware capabilities that stretch across Microsoft's server applications and network infrastructure.
Microsoft's Forefront lineup includes Forefront Endpoint Protection 2010, Forefront Protection 2010 for Exchange Server (formerly Forefront Security for Exchange Server), Forefront Protection 2010 for SharePoint (formerly Forefront Security for SharePoint), Forefront Online Protection for Exchange (formerly Forefront Online Security for Exchange) and Forefront Threat Management Gateway Web Security Service (successor to ISA Server 2006).
The unifying piece is Forefront Protection Manager console that ensures all the tiers are integrated and combined with security assessment data from third-party products.
Protection Manager also will tie in with System Center Management tools, including Operations Manager and Configuration Manager. And Microsoft has said third-party partners would develop for Protection Manager, including Brocade, Juniper Networks, Kaspersky, Tipping Point and RSA.
It's a heady slate of software and services, all built or acquired by Microsoft and its partners, that needs to come together into a logical whole.
Follow John on Twitter: twitter.com/johnfontana