NAC gear comes in many pieces, and one of the most important to check out is the management platform.

One of the cornerstones of all NAC schemes is determining the posture of the device that is trying to gain network access. This is the data that is compared to security policies to help decide whether a device gains access.

NAC vendors sell client software that reports the status of the endpoint to a policy server. In the case of Microsoft, that client software is part of Vista.

Regardless, these clients need to tap into other client software platforms that keep track of endpoint status' that the NAC scheme cares about. These are, for example, antivirus clients and change-management clients that have data NAC clients need.

In checking out NAC products, customers should see how well their NAC client talks to these other platforms, says Joel Snyder, a member of Network World’s Lab Alliance and a partner in Opus One. Snyder is running a NAC seminar at Interop Las Vegas this week.

Desktop policies - which include antivirus updates and change management platforms and other software NAC needs to poll to make good decisions - are the province of the desktop team. That is a different group from the network or security team working on NAC.

The NAC team shouldn’t get involved in the desktop, Snyder notes, but the NAC team’s client software should be configurable to tap desktop software for status reports.

Snyder says this type of management is key and likely to be a weak link in NAC gear. Look for that when evaluating NAC options.

Tim Greene is senior editor at Network World.