Aruba Networks is teaming up with Bradford Networks to supply all the equipment needed to apply NAC to any device logging into a network, regardless of connection method.

The relationship adds to Aruba’s offerings a NAC policy server, which houses the policies needed to enforce access controls on wired, wireless and remote access endpoints.

Aruba gear could support NAC but it relied on servers made by other vendors to dictate policy. The addition of the Bradford network server offers an advantage to customers when they add NAC to their networks, they deal with one less vendor if they already have Aruba products deployed.

Aruba calls the Bradford equipment Aruba Endpoint Compliance System (ECS), which manage identities of individuals by associating them with MAC addresses, the users' roles in the company, IP addresses, how the device is attached to the network, and time of day.

Policies issued by the ECS can be enforced by separate Aruba gear called Aruba Mobility Controller, which includes a stateful Layer 3 firewall. Imposing a set of firewall rules on endpoints based on ECS policies can restrict network access.

Mobility Controllers can tap data from endpoints and network devices such as intrusion prevention systems and use the data to help determine what access policies should be applied.

The Mobility Controller can also push enforcement to Aruba wireless access points, and using a feature called Remote AP, an access point can extend NAC to remote access users. If the remote user accesses the Internet via an Aruba access point, the access point will grant access as dictated by the NAC policy server.

ECS comes in three models to support varying numbers of end users. The E-50 supports up to 1,000 users, the E-100 supports up to 6,000 users and the Network Security Manager can manage groups of E-100 devices to support tens of thousands of end users, Aruba says.

Tim Greene is senior editor at Network World.