End-to-end NAC remains difficult
Testing shows that completely interoperable, enterprise-class products could be coming soon.
By
Joel Snyder
,
Network World
, 05/01/2006
- Share/Email
- Tweet This
- Print
Network access control is a phrase on everyone's lips, but InteropLabs' testing shows that completely interoperable, enterprise-class
NAC products are not here yet - though they could be just around the corner.
The InteropLabs NAC team built three demonstration areas, each devoted to a single architectural model: Trusted Computing
Group's Trusted Network Connect (TCG-TNC), Microsoft's Network Access Protection (NAP) and Cisco's Network Admission Control (C-NAC). Our goal was to bring together interoperable products in each NAC silo and build a complete, end-to-end deployment. Overall,
we did find interoperable products within each silo, but no NAC architecture is completely filled out with products at this
time.
TNC, the simplest of our demonstration areas, came up in just a few hours, but NAP and C-NAC took several engineers and a
very long weekend to get to a stable state. In both these tough cases, we would not have been as successful as we were without
substantial onsite advice from vendor engineers who had been through the exercise in their own interoperability labs.
The world of NAC is full of all-in-one solutions from vendors that offer to solve some of a company's NAC problems most of
the time. The whole point of InteropLabs is interoperability, and we looked for products from multiple vendors that plug into open architectures.
Unfortunately for the enterprise buyer, InteropLabs' focus throws a blinding spotlight on the lack of interoperable solutions
in the NAC marketplace.
For example, Lockdown Networks came in to integrate its product into the NAP demonstration area. Lockdown offers a "complete,"
end-to-end NAC system, but it's complete only if you use its product and its strategy for everything from the server to the
client and every enforcement technology in between.
We tried to bolt the Lockdown system into the NAP policy decision point (the place in the network where NAC policy decisions
are made. But Lockdown quickly pulled back from full participation, but promised to come back at Interop for another grab
at the NAP ring.
In other cases our implementation was stalled merely by the fact there were no vendors from which to choose. In the NAP silo,
for example, not a single vendor came forward with client-posture data-collection and validation add-ins for the Microsoft
client.
This may not be such a big surprise, seeing that we are a nine months out from the release of Vista/Longhorn - the version
of Windows that will fully support NAP- but it is evidence of how new and untested this technology is. In the TNC test network,
we had three integrity-measurement validators available - but only because engineers at Juniper Networks had written all three.
Partner Content
Blue Stripe Software
www.bluestripe.com/
Improving Application Performance Troubleshooting
Diagnosing why an application is slow is hard, at times taking days or weeks to isolate and resolve. This paper explains the challenges involved using current management tools, provides a 'wish list' for application management and analysis, and explains the need for an application system-wide approach that monitors entire applications, not components.
Download Whitepaper
Virtual Vigilance: Managing Application Performance in Virtual Environments
This paper highlights the impact of virtualization on application performance. "Managing Application Performance in Virtual Environments" states: "Best-in-Class organizations are predominately taking actions around improving visibility across both physical and virtual systems, assessing the business impact of application performance and understanding interdependencies of applications in virtualized environments."
Download Whitepaper
Application Service Requests: The Missing Link for Pragmatic ITSM
Forrester Research analyst Glenn O'Donnell and BlueStripe co-founder Vic Nyman discuss a breakthrough approach to application problem management. Learn the new approach for ITSM problem management, which provides: Rapid isolation of application slow-downs to specific components for quick problem resolution, 24/7 monitoring for proactive notification of potential issues before end users are impacted and much more.
Register for Webcast
Comment