NAC: Not So Fast - Merging standards
(
Page 3 of 3 )
Merging standards
Pintal noted that recent interoperability agreements between NAC vendors and Trusted Computing Group, a standards organization, have removed many prior adoption concerns and brought at least two of the three main NAC frameworks closer together. The two frameworks that cooperate are Microsoft’s NAP (Network Access Protection) and the
Trusted Computing Group’s TCG/TNC (Trusted Network Connect).
Cisco’s Network Admission Control, the other main framework, works only with Cisco gear. However, that may change over the next year or so.
TCG is a not-for-profit organization that develops, defines and promotes open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals and devices.
Open standards benefit VARs and customers. The biggest one: no vendor lock-in to a proprietary NAC, high prices and so on. Open standards enable one vendor’s NAC product to work with another vendor’s switch or server product and allow customers to reuse technology they already have.
Companies are more willing to adopt NAC solutions because standards are taking shape, said William Ketrenos, vice president of Structured Communications Systems, a VAR that resells NAC equipment from Cisco, ConSentry and Juniper.
“The various NAC solutions are becoming more viable for clients,” Ketrenos said. “The total cost of ownership used to be outrageous a few years ago—that has changed. Products are easier to use and can do a lot more.” Ketrenos added that NAC products are also relatively easy for VARs to learn, implement and manage.
The Cisco factor
“Cisco has validated the space and has invested a lot of money into its product,” said
Atrion’s Hebert, who credits much of the market’s growth to Cisco’s presence in it for the last four years. Cisco, an industry heavyweight with a strong channel strategy, entered the market when it acquired Perfigo and its CleanMachine technology.
“We have advanced our NAC technology considerably in response to customer demand,” said Susan Don, Cisco’s director of channel business development.
As examples of advances, Don cited the Cisco NAC Network Module for Integrated Services Routers and the Cisco NAC Profiler. The former is a modular security solution that is integrated into the network infrastructure, while the latter is endpoint-recognition technology that takes an inventory of networked devices so they can be evaluated before and during their connection to a network.
Despite Cisco’s advances, the rift between Cisco and nearly every other NAC vendor creates problems in mixed environments, where customers have some Cisco networking gear and some non-Cisco gear.
“Cisco’s NAC is finely tuned for Cisco infrastructure and works very well in those environments,” said Hebert. “But Cisco doesn’t work that well in non-Cisco environments.”
{mospagebreak title=The challenge
The challenge
With more than 30 vendors in the NAC space, VARs are not short on choice. However, choosing the right vendor or vendors can be tricky, since there are so many variables.
Atrion, for example, works with Bradford Networks and Cisco—for different reasons. Hebert said Cisco is a perfect fit for customers with existing Cisco networking equipment, and besides, the Cisco brand carries significant weight with many clients and prospects.
“Cisco provides a single-vendor solution for networking, which is attractive to a lot of companies,” said Hebert. “Working with Cisco products brings in more service and support work for my company.”
But, given his choice, Hebert said he prefers to sell Bradford Networks’ products—NAC Director and Campus Manager—because the technology is superior to Cisco’s, the margins are much better, and Bradford delivers peerless technical support. “The margins on the Bradford products are double what we make on the Cisco NAC,” he said.
Hebert said Bradford’s support people are always available to provide Atrion with knowledgeable advice. “Ninety percent of the people I deal with at Bradford have been there about eight years,” said Hebert.
For M&S Technologies, robust profit margins made Cisco rivals ConSentry and
Juniper irresistible, said Miller. In addition, Miller said he also was impressed by the simplicity of each vendor’s technology as well as its marketing and technical support.
The Future of NAC
As new devices—PC-based and non-PC-based—continually join networks, the future of NAC will almost certainly revolve around how much intelligence vendors can add to their products, said Cisco’s Don.
“The market will need to do a better job of detecting and provisioning non-PC-based devices such as HVAC machines and others that don’t have an operating system,” Don said.
IDC’s Pintal agreed that more intelligence is needed. “End-user companies are looking for more added value and functionality in NAC,” said Pintal.
“They want it to do more than merely detect devices. They want NAC to help them know what devices are doing, when they are doing it and how.” Pintal said companies are specifically looking for NAC to deliver identity management, application-level authorization, patch management and compliance reporting.
 |
Channel News and Analysis 
