The NAC train is leaving the station

Recently I spent a week with the InteropLabs team preparing a network access control interoperability demonstration for Interop New York, to be held Sept. 18-22. Although we wanted to update things from our initial round of testing conducted in the spring, our general objective was to replicate what we had done for Interop Las Vegas in May and not reengineer everything. Despite this modest goal we had almost 30 people, including our team and vendor engineers, working on the labs - more than we had for the Las Vegas show. This proves that NAC has become one of the hottest technologies of the year. I learned three main things from this latest round of testing:

The Trusted Computing Group (TCG) team is quickly getting its act together. Everyone wants to play with NAC powerhouses Cisco and Microsoft, but the lure of open protocols and industry standards is strong. TCG's work on NAC is ongoing, with most of the protocols defined. Still, compared with Cisco's more mature framework, we had no problem getting enthusiastic support to build a full TCG-based solution.

In some ways, TCG has a substantial advantage in terms of the number of products being developed in accordance with its specs. For example, we had two TCG policy servers, one from Juniper and an open source one. Meanwhile, Cisco is struggling with a patched-up policy server badly in need of a redesign, and Microsoft won't release Longhorn until next year.

Cisco has an amazingly broad solution and great industry support. When most people talk about NAC, they end up tongue-tied when it comes to the details. That's not good enough for a complete and successful deployment. Having a framework is nice, but having answers for all the details is critical. Cisco has those answers, either from its own portfolio or from a broad set of supporting partners.

Cisco's extensive enterprise experience should not be underestimated. Cisco is the big cheese of the LAN world and knows enough to cross NAC borders when the opportunity arises. For example, we were able to use the Cisco Clean Access appliance as part of the TCG demonstration, to fill in gaps in the TCG architecture.

Microsoft is marshalling its forces. For a product that won't ship for at least six months, we had an astonishing number of vendors gathered around the Microsoft table trying to make the Vista/Longhorn-based NAC solution work with their own products. This included hardware from Aruba Wireless Networks, Avaya, Cisco, Enterasys, Extreme Networks, HP and Nortel, along with software from Lockdown, Microsoft and Trend Micro. This tells me that when Microsoft does release Longhorn, it's going to be strong out of the gate with solutions and partners already in tow.

Even after spending all this time and energy taking in all three NAC schemes, I hope Microsoft, Cisco and TCG can come together on a single solution. In the long run, that would be better for everyone.

Latest NAC news.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey: The results are in