Trusted Computing Group

Peace and Love in NAC-land

by Steve Hanna, Juniper Networks, TNC Co-chair

For the last five years, customers and vendors have faced a dilemma with NAC (Network Access Control): whose architecture to support? Early on, there were three major players with three competing, incompatible architectures: Cisco with its Network Admission Control effort, Microsoft with Network Access Protection (NAP), and a bunch of vendors supporting the Trusted Computing Group's [link that page to the Network Solutions web page]. Customers and vendors were faced with the unhappy prospect of choosing which effort to support. Which horse should you bet on? Choose the wrong one and your NAC deployment or product could become an orphan.

 

In 2007, Microsoft contributed their key NAC protocols to TCG and endorsed the TNC standards. They added support for the TNC standards to Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008. Clearly, that was a big win for the TNC standards! Customers and vendors began to flock to the TNC architecture.

 

I'm pleased to announce the next step in the process of unifying NAC architectures. This week, the Internet Engineering Task Force (IETF) and TCG [link that phrase to our press release] that bring all the key NAC vendors together. These standards were jointly edited by Cisco, Intel, Juniper, Microsoft, and Symantec employees.

 

With all the NAC vendors backing these standards, customers and vendors no longer need to worry about which NAC architecture to back. There's only one NAC architecture: the IETF/TCG standards. Once vendors move their products to these new standards, we will finally get interoperability among NAC clients and servers from all the vendors. Products will support the standards out of the box and NAC will be easier to use.

 

Of course, NAC has come a long way in the last five years. During that time, the TNC architecture has added features like behavior monitoring, automated handling for guests and legacy devices, hardware health checks, and other cool features. The TCG has published standards for all of these and best practices for using them.

 

How can you take advantage of these joint IETF/TCG standards? Adopt the TNC standards as part of your security architecture. Require TNC support as you acquire and upgrade products. You'll get a complete network security architecture and standards with widespread support. Why specify TNC and not IETF? Because NAC has come a long way in the last five years. During that time, the TNC architecture has added features like behavior monitoring, automated handling for guests and legacy devices, hardware health checks, and other cool features. The joint IETF/TCG work has not yet reached those areas and won't for several more years. Requesting TNC support now lets you support the latest NAC features in a standard, vendor-neutral way.

Isn't it nice that all the NAC vendors finally worked things out? Now maybe there's hope for peace in the Middle East!

 

Network Security, News & Events

Read Post