Network access control, commonly referred to as NAC, has been one of the most hyped networking technologies in recent years.
But that’s changing, according to Juniper Networks. The networking vendor says that NAC — as embodied in a new version of its Unified Access Control (UAC) framework and new hardware — is well beyond the hype phase, and is actively solving enterprise access control needs.
The new UAC 2.2 release will also be the first from Juniper (NASDAQ: JNPR) to support Microsoft’s (NASDAQ: MSFT) Network Access Protection. It’s all part of Juniper’s larger effort to develop a comprehensive end-to-end security framework that competes effectively with rival Cisco’s Self Defending Network strategy.
“We’re at the point now where a lot of very large customers are deploying UAC,” Rich Campagna, senior product line manager with Juniper’s Access Solutions Group, told InternetNews.com. “At this stage of the market evolution for NAC where people are moving beyond pilot phases new types of requirements come up around usability, scalability and user experience.”
On the scalability front, the UAC 2.2 release is being accompanied by Juniper’s first hardware refresh for its Infranet controller (IC) product in three years. The new IC 4500 and IC6500 replace the older IC400 AND IC6000 appliances that debuted in 2005.
Back when they first appeared, the Infranet controllers were part of Juniper’s Infranet strategy, which has been supplanted in recent years by the newer UAC technology. The new IC’s according to Campagna offer greater scalability for policy control with the IC6500 able to support up to 30,000 users.
The need for increased scalability is a result of the wider deployments that UAC is now experiencing.
“One of the problems with NAC in the last couple of years is that because it has been billed as such a huge thing for so many different needs, it has caused confusion, and in some cases, customer hesitation,” Campagna said. “Now we’re seeing that it’s into people’s heads why they need NAC. We’re seeing people move beyond pilots into full enterprise-wide deployments of UAC across a lot of different verticals.”
Campagna explained that Juniper is seeing its UAC used as a solution for protection against insider threats as well as for guest access and compliance. UAC performs both pre- and post-admission access control, and in tandem with other Juniper security solutions, such as their their intrusion prevention system (IPS), it’s become part of a broader adaptive threat-management solution.
Next page: Broad threat response
Page 2 of 2
Broad threat response
In the UAC 2.2 solution, Juniper aimed to create a coordinated threat response mechanism that spans the Juniper product portfolio.
“With coordinated threat control when an attack comes in the IPS senses it and it sends a signal to the Infranet controller and identifies what user launched the attack and then actions can be taken against the user,” Campagna commented.
Juniper had also offered a degree of coordinated threat control with its UAC 2.1 solution that debuted in October 2007. Campagna noted that with UAC 2.2 the solution is more comprehensive in that it can co-ordinate with a broader set of security appliances and modules.
UAC 2.2 will also mark the first time that Juniper is fully supporting Microsoft’s NAP. Juniper has been a NAP partner for several years. NAP (Network Access Protection) debuted with Microsoft’s Window Server 2008 release and provides an approach for end point health check and pre-admission control. Microsoft’s NAP end point health check is also part of the Trusted Computing Group’s Trusted Network Connect (TNC) standards.
Juniper’s full embrace of NAP follows its competitors by several months. Hewlett-Packard’s ProCurve, for example, has supported NAP since April of this year.
As to why Juniper is just now providing support for NAP, Campagna brushed it off as timing.
“It’s just about fitting things into releases and doing the quality assurance, and that does sometimes take time,” Campagna said.
The key for Juniper, though, is that overall the timing is now right for network access control.
“People are now moving beyond the hype and the pilots and moving into deployments,” Campagna said. “I think that the rest of 2008 and 2009 will be an interesting time to be in this space and we’ll see adoption. The budgets are there — it’s just a matter of making a purchasing decision.”