NAC, wireless convergence still works in progress

Interop speakers also expose network management’s weaknesses.

NEW YORK - Hot topics such as network access control and convergence of cellular and Wi-Fi voice lured IT decision-makers to Interop last week, where they got to see the latest advances but also were warned that technology shortcomings mean they should proceed slowly with rollouts.

For the second year in a row, Interop took place in New York as a complement to the main Las Vegas show held in the spring. Show planners were hoping for 7,000 attendees, but had no final count last week. CA, Juniper and Symantec executives delivered keynote addresses, and more than 150 vendors exhibited — though big names such as Cisco and IBM did not.

Getting plenty of attention at the show was NAC, which involves checking devices for compliance with security policies before being granted network access. At issue is how different NAC approaches will be integrated and how long it will take for standards, such as those being developed by the Trusted Networking Group (TCG), to gel.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

NEW YORK - Hot topics such as network access control and convergence of cellular and Wi-Fi voice lured IT decision-makers to Interop last week, where they got to see the latest advances but also were warned that technology shortcomings mean they should proceed slowly with rollouts.

For the second year in a row, Interop took place in New York as a complement to the main Las Vegas show held in the spring. Show planners were hoping for 7,000 attendees, but had no final count last week. CA, Juniper and Symantec executives delivered keynote addresses, and more than 150 vendors exhibited — though big names such as Cisco and IBM did not.

Getting plenty of attention at the show was NAC, which involves checking devices for compliance with security policies before being granted network access. At issue is how different NAC approaches will be integrated and how long it will take for standards, such as those being developed by the Trusted Networking Group (TCG), to gel.

“It will be a gradual process over time," said TCG supporter Steve Hannah, a distinguished engineer with Juniper who participated on a NAC panel at the show.

A representative on the panel from Cisco, which promotes its own NAC architecture and does not work with TCG, said even over time the variety of corporate networks will preclude a simple solution for all cases. “You’re always going to have so many corner cases. You’ll never have a magic [endpoint-checking] agent that tells you everything," said Thomas Howard, security solutions engineer for Cisco.

Click to see: While a final tally wasn’t available, show planners were hoping for 7,000 attendees at the Interop show in New York last week.

Customers may need to rein in their enthusiasm for NAC and perform a basic evaluation of whether they need it, experts said. “People don’t even know what they want. It’s really scary," Howard said.

Employees working in business functions at corporations need to define how much access groups of employees need so IT staff can write the appropriate policies, said Denzil Wessels, technical marketing manager for Juniper. “Get people in the right groups. You need business maturity to do this," he said.

Panelist David Greenstein, chief architect for StillSecure, agreed that such policies should be created at the outset of designing an NAC infrastructure. “You need to say what your policy is, and this usually waits until the end," he said. Often customers wind up identifying their greatest risk and protecting against that without creating a broader hierarchy of threats, he said.

That is not necessarily a bad idea, Hanna said. “Decide what is your greatest pain. Start with particular users working with high-value assets," he said.

Wireless convergence trouble

Delivering the latest technology to high-value users is what customers of Wi-Fi-cellular converged phone networks want to do, but they are running into issues, Interop speakers said. For instance, some vendors can’t support both Code Division Multiple Access (CDMA) and GSM forms of cellular traffic.

The Visiting Nurse Services (VNS) of New York, which runs an Avaya VoIP network and a Cisco wireless LAN (WLAN), extends its VoIP network to cellular phones, but Avaya’s nascent Wi-Fi/cellular handoff lacks a key element. “It’s all GSM-based," said Randy Cleghorne, director of IT planning and management for the VNS, whose employees use CDMA mobile technology. “I would really like to see that cell option come along," she said.