I spent last week working on the Interop Labs team. We were preparing for New York Interop, the week of September 17th, where we’ll have a NAC interoperability demonstration. Although we wanted to update things, our general goal was to replicate what we had done for Las Vegas Interop in May, and not to re-engineer everything. Despite that modest goal, we had almost 30 people swarming around, working on the Labs. That says to me that NAC has become one of the hottest technologies of the year and, as Alice Guthrie might say, “everyone wants to be in the newspaper article about it.” I learned three main things:
The Trusted Computing Group (TCG) team is quickly getting their act together. Everyone wants to play with Cisco and Microsoft, the powerhouses of the NAC business, but the lure of open protocols and industry standards is a strong one. While TCG’s work on NAC is still incomplete and in-process compared to Cisco’s more mature framework, we had no problem in getting enthusiastic support in building a full TCG-based solution.
In some ways, TCG is at a substantial advantage. For example, we had two different TCG policy servers, including an open-source one, while Cisco is struggling with a patched-up policy server badly in need of a redesign and Microsoft won’t release Longhorn until next year.
Cisco has an amazingly broad solution and great industry support. When most people talk about NAC, they end up waving their hands when it comes to the details. Unfortunately, that’s not good enough for a complete and successful deployment. Having a framework is a nice thing, but having answers for all the details is critical. Cisco has those answers, either from their own portfolio or from a broad set of supporting partners.
Cisco’s extensive experience in the enterprise counts for a lot, and should not be underestimated. We were even able to use the Cisco Clean Access (CCA) solution as part of the TCG demonstration, to fill in gaps where the TCG architecture doesn’t reach.
Microsoft is marshalling its forces. For a product that won’t be shipping for at least 6 months, we had an astonishing number of people gathered around the Microsoft table trying to make the Vista/Longhorn-based NAC solution working. You can see the full picture in New York at Interop, but we had hardware from Aruba, Cisco, Enterasys, Extreme, HP, and Nortel in the picture, along with software from Lockdown, Trend, and Symantec.
This tells me that when Microsoft does release Longhorn, they’re going to be strong out of the gate with solutions and partners. Of course, my own hope is that Microsoft and Cisco and TCG can come together so that there’s a single solution, rather than three almost identical but just slightly different approaches. In the long run, that’s going to be better for everyone.