Extreme, Foundry and Juniper leaders speak on access control
Dear Vorticians,
This week I took to the halls at Interop in Las Vegas, where I had the opportunity to talk with a number of senior executives and customers about network access control - a major topic at the network industry's top conference.
As an aside, I've been going to Vegas long enough to remember when the City of Sin was tacky and cheap. Now, it's tacky in a new and completely different way and it's expensive as hell. Case in point: I acquired (it seemed like an acquisition) four cocktails - not all for myself, of course - at one of the swank eateries inside a major casino for the princely sum of nearly $55, prior to tip. That was the prelude to a meal nearly requiring a mortgage application.
Everything is so over-designed and so over-marketed to make you feel that you're among the world's young and hip and having an "experience" that it comes off feeling deeply manipulative. We're not having a wild night of abandon. We're having steaks after a day pounding the show floor. There's nothing for us to tell about what happened in Vegas when we leave Vegas because we're not really doing anything all that different than we do at home. Oh well, give me cheap and tacky Vegas any time. There was something about the raw seediness that I found more enjoyable.
Okay, I'm back.
While pounding that show floor, I met with leaders of three of Cisco's enterprise rivals and really pushed them on the issue of whether network access control provides an opportunity for them to make inroads against the 800-pound-gorilla of the network market. Surprisingly, they're split on the issue.
Put Extreme Networks and Juniper, which I've discussed in an earlier missive, firmly in the 'Yes' camp.
Gordon Stitt, CEO of Extreme Networks, believes that when customers understand how complicated and costly the move to Cisco's NAS could be, they'll be open to exploring other alternatives to building a secure network infrastructure. He, like many others in the industry, also believe that Cisco is putting itself at risk by taking a proprietary approach to NAC. (Cisco continues to leave this issue on the table by not announcing support for the Trusted Computing Group standards.)
For itself, Extreme is taking an interesting architectural approach to building a secure infrastructure. Rather than encouraging customers to put security appliances along network pathways, Extreme wants to create an ecosystem of "virtual security resources," which are devices that hang off the switch and are called into action when the switch detects unusual traffic or events. The benefit of creating this virtual security environment is that customers could, in theory, need far fewer security devices and dramatically reduce the cost and complexity of security. Also, this architecture may provide for better security because, as Extreme says, "The network is everywhere, in-line security resources aren't."
To back up the plan, Extreme announced partnerships with StillSecure for network access management, CipherOptics for encryption, and Internet Security Systems for intrusion detection and prevention.
Rob Sturgeon, Juniper's top enterprise security executive, says that Cisco's marketing around NAC is actually opening up market opportunities for Juniper. He claims that Cisco is "breaking the ice" with IT executives on the importance and value of access control, but those customers then balk at the - you guessed it - proprietary nature of NAC and its complexity. At Interop, Juniper committed to supporting the Trusted Computing Group's NAC standards in future releases around its Unified Access Control strategy.
In a description that echoed with familiar themes sounded by Cisco's with its larger Services Oriented Network Architecture (SONA) plan, Sturgeon explained that Juniper sees UAC as going beyond network access control in the future. UAC could play a role in supporting services beyond security, such as ensuring compliance with critical regulations like HIPAA. Sturgeon said UAC isn't a SONA alternative but it will support greater intelligence that could improve application performance. (Juniper recently joined SAP's Enterprise Services Community, which is a new organization focused on "fostering collaboration in creating, consuming and running enterprise services and helping guarantee the utilization quality of enterprise services through ES Ready certification. Member companies will have their software and infrastructure products certified against the same set of enterprise services and within the business processes that use the services."
The naysayer in the crowd at Interop was Foundry Networks CEO Bobby Johnson, who seems far more interested in beating both Juniper and Cisco in the service provider market with new high-end routing technology than in battling over access control. Johnson doesn't see NAC as the kind of "paradigm shift" that could unseat Cisco. In his words: "You have to have many more arrows in the air than NAC if you want to get Cisco."
Johnson believes that total cost of ownership is the key to tripping up Chambers and company, and that NAC is just a part of creating a better TCO for customers. But you also have to excel in: support for standards; wireless; management; price/performance; service and support; and VoIP, among other things. No mean feat to handle all of those well. Foundry has rolled out an umbrella security architecture called IronShield 360 to explain how the company will help customers build a secure infrastructure. But Johnson doesn't expect NAC to be the silver bullet that some of his competitors are clearly hoping it becomes.
That's it for now.
Back to Vortex Blog
Comments
Post a comment
