Trusted Computing Group (TNG) leads effort to certify NAC products, but not all vendors are on board
The Trusted Computing Group’s Trusted Network Connect (TNC) is an industry-supported working group developing NAC architecture documents and standards. The first public documents came out of TCG’s TNC in 2005 after a year of work, and the group has continued to publish NAC standards and fill out their NAC architecture every year.
The Trusted Computing Group's Trusted Network Connect (TNC) is an industry-supported working group developing NAC architecture documents and standards. The first public documents came out of TCG's TNC in 2005 after a year of work, and the group has continued to publish NAC standards and fill out its NAC architecture every year.
One of the main attributes of the TNC architecture for NAC is that it combined authentication and end-point security posture checking into a single unified protocol. TNC defined the protocol to run over 802.1X (most useful in a one-device-per-switch-port or wireless environment) as well as SSL (useful in more generic environments, such as over VPN tunnels or in routed networks where switch management is undesirable).
When Microsoft released Windows Server 2008, the Microsoft NAP (Network Access Protection) and TNC NAC protocols were linked so that Windows Vista, Windows XP (with service pack 3, which includes the NAC client), and Windows 7 are all interoperable with products that follow the TNC NAC protocols.
This gave TNC significant legitimacy; because it means that every contemporary Windows client is now "TNC compatible" out of the box, which removes the need to install a specific NAC client on Windows devices. No additional client means faster and simpler deployment for network managers.
When TNC first started working on NAC architectures and protocols, Cisco refused to participate, insisting instead that it should take place in the IETF. This led to the founding of the IETF Network Endpoint Assessment (NEA) working group, co-chaired by Susan Thomson (of Cisco) and Stephen Hanna (of Juniper). Slowly, NEA has built their own NAC architecture and protocols, and released three RFCs. All the NEA work is being closely linked to the TNC work, so that the RFCs are compatible with the TNC protocol specifications.
Last month, TNC announced a certification program, which will allow participating vendors to receive a stamp of approval verifying that their products implement the TNC protocols correctly, and that their products are interoperable with other certified products.
Although we didn't find unanimous support for TNC standards among the vendors who participated in our head-to-head NAC testing, the work of the TNC (and the IETF NEA working group) is still important for two key reasons. First, it represents the main path forward for interoperable NAC products. With enterprise networks hosting more non-Windows devices than ever before, the need to have a multi-vendor approach to NAC continues to gain in importance.
The second reason is that these architectures are designed by security and network experts who are more interested in solving problems than getting a product to market quickly. While there are always commercial interests in any modern standards development, network managers can look to TNC and IETF-based products with some confidence that the primary design goal was security.
The standards wars that were so inflammatory five years ago have settled down to truce on all sides, and technically outstanding solutions from the best minds of Cisco, Microsoft, and the members of the TNC.
Learn more about this topic
If you have a wireless key fob for a car with a remote keyless system, then you might want to start...
It takes many tools to keep IT systems running smoothly, and tech pros have their personal favorites.
With all the public cloud storage offerings on the market today, many vendors just want customers to...
Sponsored by Broadview Networks
Google needs a tax break like Bill Gates needs food stamps, yet that isn’t stopping the search giant...
Michael Simon can't wait to see Apple bring Watch-first features like force taps and Digital Touch to...
How can Facebook's data center design apply to your data center plans?
While having instant access to your information via the cloud is a major bonus to productivity and...