Deploying the Cisco
® Network Admission Control (NAC) solution helps organizations protect productivity, information, and business resources from external and insider threats. As NAC continues to gain customer acceptance, design and implementation planning takes center stage. Most customers have two considerations in mind when they prepare for NAC adoption and deployment:
• They want to select a NAC solution that fits into their existing infrastructure
• They want to have flexible deployment options and choices to allow future growth and adjustments
Cisco NAC is designed to serve these customer goals by delivering comprehensive interoperability capabilities and by collaborating with the industry to develop NAC technology standards.
Interoperability is critical because it ensures that NAC technology can work with other security components and the rest of the infrastructure. For instance, built-in support for endpoint security applications will greatly simplify NAC implementations and improve operational efficiency. Interoperability also means that a NAC solution from one vendor may work with another, therefore providing customers with flexibility in their deployment options.
Cisco NAC integrates with a wide range of endpoint security applications and patch management tools. Today, Cisco NAC supports built-in policies for more than 350 applications from leading antivirus and other security and management software solution providers. Cisco NAC enforces an organization's security policy by ensuring that an organization's required security software and desktop applications are installed, enabled, and up-to-date. In addition, Cisco NAC offers deployment options supporting existing network infrastructure, both Cisco and third-party products, so that comprehensive upgrades are not required.
Cisco NAC also delivers interoperability by providing strong integration with Microsoft products and Microsoft Network Access Protection (NAP). Single-Sign-On (SSO) for Windows Server Active Directory, Windows Server Update Services (WSUS) automated remediation, and preconfigured Critical Hotfix checks are some of the major features Cisco already provides today. Cisco NAC and Microsoft NAP interoperability is firmly committed and supported by both companies, as confirmed by a
joint NAC/NAP architecture announced in September 2006 (Ref. 1). Beta customers are already testing NAP traffic on Cisco NAC equipment. Cisco is committed to provide full NAP support when it ships with Microsoft Longhorn server, giving customers the choice to use NAC and NAP either individually or in combination.
NAC Technology Standards
If interoperability provides ease and choices for customers today, then NAC technology standards will build a solid foundation for long-term technology advancement and even more product and solution options for customers to choose from. NAC standards also help provide customers with investment protection because what they deploy today can accommodate future adjustments or expansions.
Cisco is committed to NAC technology standardization by working with the Internet Engineering Task Force (IETF) forum. Unlike a fee-based consortium of vendors, the IETF is a large, open international community of network designers, operators, vendors, and researchers devoted to the Internet architecture and its smooth operation. Specifically, Cisco is working with IETF's Network Endpoint Assessment (NEA) working group to promote NAC standards. Cisco and Juniper are co-chairs of the NEA workgroup with broad industry participation. All
NEA's work history and achievements have been openly documented on its Website (Ref 2).
With clear commitment to interoperability and standards, Cisco continues to help customers effectively adopt and deploy NAC with choices that fit into their existing infrastructure and investment protection that enables future growth.