If you're a small to midsize business with a bare-bones infrastructure budget for 2009, chances are that investing in network access control is near the bottom of your priority list. But what if you could get a 24-port Gigabit Ethernet switch, with built-in firewall, DHCP server, captive portal for guest access, and network access control designed for the SMB market--all in one box? That's the niche market that Napera Networks, founded in late 2006, is targeting with its 24-port NAC appliances.

The Napera N24 can be deployed as a single device handling all the core networking and security services needed to run a small business. For larger environments, as many as eight N24 NAC appliances can be stacked, with centralized management of all eight switches and up to 800 client devices. For shops that already have a capable core switch, the N24 shines at the edge of the network, where it can apply security policy and quarantine threats before they reach the core.

The N24 integrates with Microsoft's Network Access Protection, or NAP, agent and the Windows Security Center service in order to provide health checks and auto-remediation for Windows firewalls, anti-spyware/antivirus installation and update status, and operating system update status.

As a device connects to the N24, the administrator has several options for authentication, all of which can be defined on a per-port basis. Using the N24's captive portal capabilities, guest access can be accomplished via direct integration with your Active Directory infrastructure or via user accounts within the N24's database.

For Active Directory authentication, the N24 joins itself to your domain and passes authentication requests to back-end domain controllers. Access points linked to the N24 support Radius authentication via Wi-Fi Protected Access for guests connecting to your network via Wi-Fi. And 802.1x is supported for device and user authentication.

Assuming you're running XP SP3 or Vista with the NAP agent installed, Napera provides an automated script that turns up all services and agents necessary for access control as well as auto-remediation.

Health Updates

One of our favorite features included on the N24 is the ability to do health checks on incoming remote access sessions via the built-in PPTP VPN server. The DHCP server and built-in firewall, although basic, are adequate for most branch and small-office security and network address translation needs.

The only real gripe we have with the N24 is its lack of detailed reporting. Basic system health reports indicate the antivirus software each system is running, for example, but they don't report the version of the software or virus signature version. The Microsoft NAP agent determines what the most recent software version is via vendor-supplied Windows Management Instrumentation providers, so it's possible to obtain a clean bill of health even if you're not running the latest version of antivirus software.

From a budget perspective, if you're planning to spend a couple of thousand dollars on a lower-end 24-port Gigabit Ethernet switch and firewall, it might make sense to pony up a little more cash and get the turnkey NAC and captive portal features that N24 provides. If you're upgrading to Windows Server 2008 just to add NAP to your mix of security tools, the N24 makes even more sense once you factor in the hardware and licensing costs.

The N24 lists for $3,495, with annual subscription and maintenance costs of $695 after the first year. The N24S stackable expansion switch (which we didn't test) lists for $995 with maintenance costs of $195 after the first year.

Randy George is CEO of IT Analytics Solutions, a provider of custom research for enterprise IT.