Cisco's TrustSec framework learned a great number of lessons from the Cisco NAC framework failures of the past. Oh and the lessons they've learned, let me count the ways.

Start Cisco Centric, Stay Cisco Centric

Cisco NAC espoused ambitions of creating an ecosystem of partners, security companies from across the industry, who would support the Cisco NAC framework, partner with Cisco and add value to Cisco's products and customers. Cisco may be one heck of an acquisition and assimilation machine, but an ecosystem partner they are not. NAC proved that. Many a vendor signed up with their money to get on the NAC bandwagon along with Cisco, have their products certified, only to find out Cisco's sales organization doesn't know how to partner and make money with all these other vendors. This time, Cisco decided it best to leave things alone and create a framework that is; 1 doable and 2 promotes Cisco's products.

Don't Tell Them They'll Have To Upgrade

To get Cisco's NAC framework customers had to upgrade the software on their Cisco switch hardware. Problem was the current switch products in customers' networks weren't powerful enough to run the upgrade. Time for new hardware. Good news for Cisco, but bad news for customers and Cisco NAC. Cisco TrustSec will require software upgrades too but it's much more likely that the switches in place now will be able to run new software upgrades. Or will they by 2008? We'll have to see what TrustSec's impact is to the existing switching fabric hardware, or if hardware upgrades will be required. I'm guessing Cisco learned their lesson and will work within the hardware footprint of most customers' switch hardware.

Sell Customers Products They Want

Cisco NAC was a concept, a conceptual framework, not a product that worked on Cisco's gear. Problem with NAC was that other vendors had products working that did what Cisco NAC might do in future years. That's opportunity knocking, but more so for other vendors rather than Cisco. Cisco had to catch up by buying what was arguably a less the stellar product to sell as the Cisco NAC Appliance in place of Cisco's NAC framework. This time around, TrustSec is something customers are asking for, not a concept from Cisco. Customers want to be able to control where users go on the network, dynamically, not through static ACLs or firewall rules.

Brand It So You Can Control It

TrustSec is Cisco TrustSec, not a TLA the industry can adopt and each vendor can redefine for their own purposes.

As you can see, I don't think the Cisco NAC Framework served Cisco very well, though it created a great opportunity for me to bring a product already in development to market much more quickly thanks to Cisco NAC. This time around TrustSec will serve Cisco's interests much more directly.

Like this? Here are more recent posts.
Virtualization Center Series: Microsoft’s Vision – Diversity of Virtualization
Virtualization Predictions Forrester Forgot
VoIP Security Lessons Microsoft OCS Can Learn From Vonage and Others
Windows Mobile Office 6.1 - Upgrade Done Right
Why the Vista Backlash Growing Rapidly

Visit Microsoft Subnet for more news, blogs, opinion from around the Web.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)