Thursday, October 26, 2006

Cisco NAC and CAS

I had the chance to attend Cisco Partner VT event for security this week and they had several sessions on the NAC CAS (Clean Access Solution - now the Cisco NAC Appliance) solution. This is the technology they picked up from Perfigo - not to be confused with their other acquistion of Protego Networks which is now the MARS product.
Cisco seems to really be ahead of almost everyone else in the NAC space in terms of having a product that is easy to implement, is robust and can do all aspects of what you would expect from a NAC Appliance. I think the hardest thing about this market is the lack of a common definition of NAC and what it really mean, but that is to be expected from a new technology.
At this time, points go to Cisco for a complete and quick to deploy solution. I think Microsoft will have some advantage once the install base of Vista becomes significant (2009?) and they are able to have a complete story around AD, IPSec, Federated Domains and running everying on IPv6. Doing something like NAP become much easier once all those items are in place.
I will expect to see more and more announcements come out as the 40+ vendors who are all trying to get mindshare in this space dook it out.
- Ed

Wednesday, October 04, 2006

Microsoft NAP / Cisco NAC

I have had some opportunities to listen to several early presentations on Microsoft NAP and Cisco NAC integration from folks who are working on the technologies in both the Microsoft and Cisco camps. Despite the typical cynical remarks regarding both companies and their far reaching marketing efforts I think there is a good chance that we will have a very cool integration story.
With the Vista client having a native NAP client built in to the OS and having Cisco NAC ACS solution work with Microsoft's backed services to do health and other checks there is a chance we could get the best of both worlds. True network access control from a Ethernet port level that authenticates you and moves you to appropriate network segments based on credentials and health and remediation based on client/server access requirements.
I will have to attempt to set up a lab running both. The biggest problem is getting access to all the third party products that work with both NAP and NAC. I can get the Cisco and Microsoft product lines to test but all the other add ons that really bring value to the solution are hard to come by. Maybe I will get luck and one or two will decide my user groups are a worthwhile cause and donate some software? Here's to dreaming.
- Ed