With their increasing use of part-time and contract workers, enterprises face new difficulties in limiting network access to secure, healthy machines. As a result, networking giant Cisco today is wagering that the time is right to deploy a new type of Network Access Control (NAC) server specifically designed to handle guest users.
“NAC Guest Server is a new dedicated appliance,” Niall El-Assaad, NAC product manager for Cisco, told InternetNews.com. “With a discrete appliance, users can leverage the existing network for guest access — that is, they don’t need a separate guest network — without unduly exposing the network.”
NAC offers a network-based approach to authenticating users and enabling access to services across a company’s infrastructure. El-Assaad explained that Cisco’s Guest Server delivers network access to guests in much the same way the company’s other NAC solutions function for in-house users — although it adds some key differences.
“The Guest Server deals with the other aspects of guest access, such as creating the user account, sending the account details to the guest, and reporting and auditing that guest’s access history,” El-Assaad said. These features “are things that every NAC solution needs but aren’t typically addressed in a seamless manner.”
Cisco has been promoting and selling NAC solutions into the marketplace for several years as part of its Self-Defending Network initiative. The new Guest Server marks the latest move in the company’s effort to support that initiative by introducing more NAC services.
To date, Cisco’s NAC services have included authentication for roles-based access, posture assessment (mainly for corporate assets) and profiling (for unknown assets). Now, that list includes guest access, which El-Assaad said is critical to fulfilling NAC’s promise.
“From the time NAC was introduced, most customers saw not only a policy enforcement mechanism, but a great way to separate known users from unknown users or guests,” El-Assaad said. “What happened, though, was that attention was shifted almost exclusively to enforcing specific anti-virus or spyware, especially as desktop vendors came into the market. But fundamentally, NAC is a way to introduce more and better criteria to the network access decision, and guest access is a key part of that.”
“This announcement is driven by the pieces of the guest puzzle that customers want before they can deliver a seamless guest experience — all the way from the sponsor to the guest,” he added.
Cisco NAC architecture competes in what has now become a crowded marketplace of vendors and standards including Microsoft’s NAP and the multi-vendor Trusted Computing Group’s Trusted Network Connect (TNC) approaches.
One way that Cisco contends with rivals is by working to evolve NAC for an increasing number of use cases and deployments. In September, Cisco rolled out a new NAC module for its widely deployed Integrated Services Router (ISR) platform.