RealTime IT News

Alcatel-Lucent Networking Embraces Linux, NAC

Sitting inside of every networking device is an operating system. In the case of Alcatel-Lucent, that operating system is the Alcatel-Lucent Operating System (AOS), which today is getting a significant new upgrade -- even though it could be one of the last AOS releases before the company moves it to Linux.

The new AOS version 6.3.4 integrates network access control (NAC) directly into the operating system, a move that comes as intelligence is becoming increasingly part of the network fabric, rather than an add-on.

The update -- as well as new revelations about Alcatel-Lucent (NYSE:ALU)'s plans to embrace Linux -- also comes amid the continuing evolution of networking operating systems in general, with Juniper, Cisco and others ramping up their own respective efforts.

AOS itself sits on top of an embedded operating system that Alcatel-Lucent uses on its switching gear. Currently, that operating system is VxWorks from Wind River, though that's set to change. Minka Nikolova, senior product manager at Alcatel-Lucent, told InternetNews.com that the plan is to shift from VxWorks to Linux by early next year.

Nikolova argued that from a user point of view, customers won't know the difference, as the operating system underneath AOS will be transparent.

That said, she did note that Linux will bring some new opportunities to AOS.

"There are great packages that are available on Linux and a lot of new packages we can integrate into our switches if we decide to do so," Nikolova said. "VxWorks is old and doesn't have a lot of movement in it. The packages that VxWorks provides really aren't the latest and greatest. But basically everyone is moving toward Linux."

A NAC for security

But the shift to a Linux underpinning still remains months away for AOS. For the time being, Alcatel-Lucent is concentrating on baking in enhancements -- particularly its integrated capabilities for NAC, which is seen as an increasingly important tool in enterprises' efforts to better secure their networks.

NAC works by including endpoint health checks that ensure the health of endpoint devices to which a switch is connecting, while also making sure they comply with security policy.

The new version now natively integrated NAC into AOS, an improvement the company described as a huge step forward in overall security.

"We now have an integrated solution, a Cybergatekeeper NAC module that is integrated with the Alcatel-Lucent operating system," Sarvesh Rao, senior product manager at Alcatel-Lucent told InternetNews.com. "Before this, we had an overlay solution, but we realized there was a gap in the sense that with an overlay the switch was not really participating in the security process. So we wanted to increase the participation of the switch in the security process."

CyberGatekeeper is actually developed by InfoExpress, a company that Alcatel-Lucent has had a strategic partnership on NAC with since 2007.

InfoExpress CEO Stacey Lum told InternetNews.com that with CyberGatekeeper integrated into AOS, it becomes easier for Alcatel-Lucent to provide NAC.

Lum explained that all an enterprise needs to do to NAC-enable their network is point their Alcatel-Lucent switches to a host interface check server to verify security policy. Lum claimed that as a result of the integration, no new software is needed as an end-user agent.

"The switch itself has the capability to change access policy without having to change the overall network or the server on the network," Lum explained. "I think that's a huge advantage to this combination -- the ease of use in maintaining the solution. NAC is very daunting for many organizations and this lowers the bar for allowing organizations to get NAC deployed."

NAC itself is evolving beyond just admission control to include post-admission access control as well. One of the emerging standards is something called IF-MAP(Interface for Metadata Access Point) which is now integrated on NAC gear from Juniper Networks

Rao noted that Alcatel-Lucent does not currently support IF-MAP, though he added that the company has its own security event framework based on a Bell Labs standard. Rao and Lum each noted that both Alcatel-Lucent and InfoExpress are looking at including new and emerging NAC standards over time.