- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Juniper Networks' EX switches announced this week -- the company's first for the enterprise market -- support a homemade version of network-access control that may be a helpful selling point, industry experts say.
"You can't come into the LAN switch market and say, "I've got something that's just as good as everybody else," says Phil Hochmuth, an analyst with the Yankee Group. "You need something to set it apart. I think it's the NAC integration."
"If Juniper wants to displace the current vendors -- Cisco and HP ProCurve in particular -- then it needs an equally strong access-control story," says Rob Whiteley, an analyst with Forrester Research. "I think Juniper's UAC [Unified Access Control] delivers that, especially with the standards-based emphasis Juniper has been pushing for a while now." (Learn more about Switch Products from our Switch Buyer's Guide.)
Juniper's UAC policy-control server already could use any 802.1X-standard switches as enforcement points that set access rights via virtual LAN (VLAN) assignment. Now, with its own switches, the company can impose Layer 4 restrictions on access, not just Layer 2, the company says. So, the switches can enforce policies linked to a user's role in a company using access-control lists in addition to VLAN assignments.
The switches can define QoS as part of a user's access rights, making it possible to assign guests a lower QoS than full-time employees receive, for example.
With Juniper EX edge and core switches in a network, edge switch traffic can be mirrored via generic routing encapsulation tunnels to a data center where it can be monitored by Juniper's intrusion-detection gear to provide a form of postadmission NAC.
To this end, Juniper says it plans to evolve its NetScreen Security Manager software into a central policy-control platform. Users would set policies centrally and have them distributed throughout the network infrastructure. This will put UAC in perspective as an element of a coordinated network-security deployment that takes into account users' machines, identities, roles and access methods.
This echoes to some degree Cisco's recently announced TrustSec architecture for identity- and role-aware networks that impose access policies. Products to support TrustSec completely are still rolling out.
The Leader in Network Knowledge
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find Out More
Disk and Tape Square Off
Discover what disk and tape really cost and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download this White Paper
Don't Fall for the Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Review this information
information examination
An examination of information security issues, methods and securing data with LTO-4 tape drive encryption
Read this analysis
Comments (1)
Juniper's EX gives NetScreen a bigger roleBy Cisco Subnet on January 31, 2008, 5:54 pmIs Juniper's new EX switch a me-too device when compared to those from the competition? Analysts reckon that Juniper's home-grown version of network-access...
Reply | Read entire comment
View all comments