its lead in the Network Admission Control space (NAC) with
the rollout of its NAC 4.0 appliance.
The new technology comes as other vendors, both complementary and
competitive, strengthen their own network control initiatives.
NAC is a network-based approach to authenticating and
enabling access to users and services across a network.
Cisco’s latest NAC appliance handles various network connection
methods, including remote access, wireless and traditional
wired network deployments.
Rohit Khetrapal, Cisco’s director in charge of NAC
Appliance, said that the new device now allows for
deployment both inline or out of band.
“What we’ve done is added layer 3 out of band and what
that does is allow for a centralized deployment model,”
Khetrapal told internetnews.com.
The new device also provides for single sign on for VPN
clients, as well as Windows Active Directory domains.
Microsoft has its own NAC-like initiative, called NAP (Network Address Protection), which is set to appear in Windows Vista.
Thanks to a 2004 deal, NAP and NAC will work with each other. But there are also competitive NAC solutions from other vendors.
Among them are Juniper Networks and the Trusted Network Computing (TNC) Group, which provides Cisco NAC alternatives.
requires some form of hardware to help implement it. But NAC vendor InfoExpress has a Dynamic NAC offering (DNAC) that takes a peer-to-peer approach.
Cisco’s Khetrapal isn’t overly concerned about the competition.
“From an early market capture we’re already on our way,” Khetrapal said. “We feel that Cisco NAC is already making inroads into the customer base. In comparison, we don’t see that much from our competitors.”
Khetrapal doesn’t think that either Juniper or its
partners at TCS have a holistic true NAC solution in
“From an assessment perspective it has some serious gaps,” Khetrapal said. “From a deployment within an infrastructure approach, it has
significant gaps, and I can touch upon them until the cows
In general, other vendors have the basic NAC approach, but Khetrapal’s thinks they’re missing some critical
“Are you truly assessing the device? Are you identifying
the user? And once you’ve taken care of the identity of the
user and the asset, are you able to fix that machine right
there or are you just passing the problem to the help
“We don’t think the entire block problem is being
addressed by all parties,” Khetrapal said.
For a “true” NAC, as defined by Khetrapal, the network has to recognize the identity of the user and the asset, as well as guarantee enforceability.
Khetrapal admitted that the various NAC-like technologies
do provide some confusion.
“Anytime there is a mass technology rollout or something
that comes in from a new-definition perspective, at first
we’re going to have everybody coming up with their own
approach to it,” Khetrapal said.
“The good thing is that
Cisco defined it very early in the process.”