NAC Today And Tomorrow

If I can speculate on the future, functions such as NAC, QoS, configuration, etc., are poised to be pushed deeper into the network as an automated service rather than a feature or product that needs to be baby-sat. David Davis has a nice explanation on Tech Republic of Cisco's NAC Framework -- not the NAC appliance, but the whole infrastructure-based play. It's pretty high level and nothing new is presented, but it is certainly clearer than Cisco's own docs. :)If the first thought that you have after reading is how complicated the NAC framework is and how potentially fragile it is, then you're not alone. Complication (perceived or otherwise) isn't limited just to Cisco. Any large-scale project that involves integrating lots of components is bound to be complex. Having installed numerous frameworks over the years in relatively simple and stable environments, I can tell you the glue is far more messy that the sales pitch.

The obvious advantage of a NAC appliance is that an appliance is simpler to install and manage. Now whether that general statement is accurate remains to be seen, but on principle, let's just go with it.

All three of the big frameworks, Cisco's NAC, Microsoft's NAP, and the Trusted Computing Group's Trusted Network Connect, have a lot of moving parts. Cisco has the partner program, Microsoft has been rolling out NAP internally across its global network, and the TNC have all shown interoperable deployments. But how much heavy lifting is required and is the result worth it?

SpeculationIf I can speculate on the future, functions such as NAC, QoS, configuration, etc., are poised to be pushed deeper into the network as an automated service rather than a feature or product that needs to be baby-sat. Big initiatives progress along in fits and starts. Back in the '90s, Directory Enabled Networking as all the rage. The idea behind DEN is that a user or a computer attaches to a port and the network configures itself for the user such as granting rights, applying QoS, and configuration. It was a great idea and a lot of products were marketed. But the vision failed for a lot of reasons, some of which are that the standards didn???t exist for any of the parts, the integration that was available was fragile, and the implementation details were often so foreign to companies that they needed to expend a lot of resources just to figure out what they needed to deploy DEN.

Deploying an appliance is easier than re-architecting your network, but eventually, the networks you manage today will be radically different than what you manage tomorrow. The plumbing is built to support policy-based enforcement of access control, QoS, and configuration. The missing parts are the high-level design guides, practical management, integration protocols and products, and emergent best practices describing what works. The benefit is automated networking at the port level and better control that enhances productivity without affecting others. NAC is just a facet of a larger plan.