Reality IT: So You Think You're NAC Compliant? Think Again - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
Commentary
7/12/2007
09:45 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Reality IT: So You Think You're NAC Compliant? Think Again

The lack of a certification program makes it tricky to get NAC right.

As network access control evolves from an interesting concept to a technology that most enterprises are actively evaluating, a couple of points are becoming clear. First, getting network access control wrong is risky for IT--this is a highly invasive technology that touches end users and requires buy-in at all levels of the business. And second, the lack of a certification program for compliance makes getting NAC right needlessly tricky. If you're looking to combine products from multiple vendors to create your system, it's up to you to verify that everything interoperates.

Because NAC integration is a crapshoot, adoption is slower than it otherwise would be. If that's to change, the three primary NAC standards creators--Cisco Systems, Microsoft, and the Trusted Computing Group--need to step up and create certification programs with logos that offer the assurance of interoperability. Certainly, Cisco and Microsoft have plenty of experience creating such programs, each having done so for other partner ventures. They also have a significant incentive--neither company makes every piece required to complete the NAC puzzle, so assembling a broad, trusted set of vendor partners is obviously good for selling the overall vision.

InformationWeek Download

As for the Trusted Computing Group's Trusted Network Connect initiative, until recently I wouldn't have put much credence in a TNC logo program. There just hasn't been market interest, and a recent reader poll found that TNC had by far the lowest recognition of the three major NAC standards. I say "until recently" because Microsoft gave TNC a shot in the arm when it announced at Interop that it would submit its Statement of Health protocol for inclusion in TNC. The Microsoft protocol is used to send host health information to policy servers.

NETWORK ACCESS CONTROL
Immersion Center

NEWS | REVIEWS | BLOGS | FORUMS TUTORIALS | STRATEGY | MORE
Acceptance of the Statement of Health protocol by the TCG/TNC is a huge win for both parties. The TCG gets instant Windows compatibility, while Microsoft can make its desktop and server operating systems TNC-compliant without having to do a lick of extra development. In addition, anyone with a Web browser can download the TNC specifications and integrate with Windows. This is a boon to NAC vendors, which have never wanted to develop, maintain, or manage their own Windows client software.

SEAL OF APPROVAL
IT pros needn't look far for instances where the presence of a logo program has driven a market--and where the lack of one has had a stifling effect. SIP has no logo program, though ironically the SIP Forum does compatibility testing. The event is called SIPit, but the Forum refuses to publish its findings. The result? Such a limited compatible feature set that proprietary protocols still dominate the VoIP market.

In contrast, the Wi-Fi Alliance requires its members to submit products to a functional, albeit somewhat limited, set of tests. When was the last time your laptop didn't seamlessly work with any Wi-Fi infrastructure you encountered?

So why don't vendors get moving? Both Cisco and Microsoft say that the myriad configuration options possible with NAC make exhaustively vetting conformance impossible. They contend it's best not to promise something that can't be delivered--the same argument made by the SIP Forum. Members of the TCG/TNC say the idea has come up, but so far, nothing concrete is in the offing.

I know testing is complex since it's what I do most of the day. And exhaustively checking boxes on a feature matrix isn't what's needed. Testing the most common feature sets, as the Wi-Fi Alliance does, would be immeasurably better than what IT groups get now.

Interoperability conformance claims, no matter how well-intentioned, are just that: claims. Bake-offs offer some proof of conformance, but the testing is done under controlled conditions, with engineers and developers twisting the knobs. They don't reflect today's real-world data center. The time has come for framework owners to institute conformance testing so that customers will know they're buying a workable system. NAC is too important to leave interoperability to chance.

Mike Fratto,
Managing Editor, Labs

[email protected]

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Data Science Salary Survey Reveals Market Shift
Jessica Davis, Senior Editor, Enterprise Apps,  6/27/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Slideshows
How to Land a Job in Cloud Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/19/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll