Merging standardsBy Herman Mehling | Print
Network Access Control may have come a long way since inception, but much opportunity for solution providers remains.
Pintal noted that recent interoperability agreements between NAC vendors and Trusted Computing Group, a standards organization, have removed many prior adoption concerns and brought at least two of the three main NAC frameworks closer together. The two frameworks that cooperate are Microsoft’s NAP (Network Access Protection) and the
Trusted Computing Group’s TCG/TNC (Trusted Network Connect).
Cisco’s Network Admission Control, the other main framework, works only with Cisco gear. However, that may change over the next year or so.
TCG is a not-for-profit organization that develops, defines and promotes open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals and devices.
Open standards benefit VARs and customers. The biggest one: no vendor lock-in to a proprietary NAC, high prices and so on. Open standards enable one vendor’s NAC product to work with another vendor’s switch or server product and allow customers to reuse technology they already have.
Companies are more willing to adopt NAC solutions because standards are taking shape, said William Ketrenos, vice president of Structured Communications Systems, a VAR that resells NAC equipment from Cisco, ConSentry and Juniper.
"The various NAC solutions are becoming more viable for clients," Ketrenos said. "The total cost of ownership used to be outrageous a few years ago—that has changed. Products are easier to use and can do a lot more." Ketrenos added that NAC products are also relatively easy for VARs to learn, implement and manage.
The Cisco factor
"Cisco has validated the space and has invested a lot of money into its product," said
Atrion’s Hebert, who credits much of the market’s growth to Cisco’s presence in it for the last four years. Cisco, an industry heavyweight with a strong channel strategy, entered the market when it acquired Perfigo and its CleanMachine technology.
"We have advanced our NAC technology considerably in response to customer demand," said Susan Don, Cisco’s director of channel business development.
As examples of advances, Don cited the Cisco NAC Network Module for Integrated Services Routers and the Cisco NAC Profiler. The former is a modular security solution that is integrated into the network infrastructure, while the latter is endpoint-recognition technology that takes an inventory of networked devices so they can be evaluated before and during their connection to a network.
Despite Cisco’s advances, the rift between Cisco and nearly every other NAC vendor creates problems in mixed environments, where customers have some Cisco networking gear and some non-Cisco gear.
"Cisco’s NAC is finely tuned for Cisco infrastructure and works very well in those environments," said Hebert. "But Cisco doesn’t work that well in non-Cisco environments."