 |
By the InfoExpress Insider July 11, 2007 - Consolidation and Convergence It's been awhile since the last blog - more than a little, so I'm going to recap some of my thoughts on interesting tidbits since, NAC or not. Mostly the theme seems to be consolidation. Network Computing gets folded into InformationWeek by its parent, CMP Media (June). In the good old nostalgic days, a single postive NWC review could propel a company from obscurity into limelight. NWC certainly helped us out with their reviews of the CyberArmor personal firewall and network access control. Ironically, the Internet which NWC wrote so much about ultimately was its demise by moving advertising online. Will be missed. SonicWall completed the acquisition today of Aventail for $25M, a fraction of the $115M raised by Aventail over its decade of operation. Aventail competed against the InfoExpress VPN product when it started, but our product lines diverged. There was some potential competition when Aventail pitched itself as a NAC solution, but that was mostly positioning - how can a SSL VPN be a NAC product? If Aventail had known how many vendors were going to jump into the NAC space, maybe they would have found another niche. I just came back from a vacation in Laguna Beach, and Internet access was free at hotels and cafes, even the classy ones where I usually don't hang out. The phone calls were still expensive, but who needs them with cell phones? Access will be even less as Wi Fi is built into cell phones. Prediction: phone calls will be cheaper, quality will be worse, and of course there will be concern about protecting the network from mobile devices. All obvious, but I didn't promise to be a revolutionary. April 28, 2007 - Cool - Dynamic NAC wins in the CRN Tech Bakeoff A little known fact was that InfoExpress was the first company with remote access VPN NAC in 1999, the first with in-line NAC in early 2002, and the first to use VLAN based NAC quarantine in 2004. What's more is the products preceded others by about a year, a huge lead for technology markets. My point? The company has had time to learn what it takes to deploy NAC. Our conclusion years ago was NAC needed to be easier and more scalable. Not just incrementally easier, but vastly easier than current products. Having deployed our VPN and personal firewall software in huge enterprises, the company knew what a scalable solution needed to be. Although some organizations might have resources and funds for extra hardware or network reconfiguration, a large part of the market was passed over with approaches that were too difficult. From that conclusion and after many nights of brainstorming, the concept for Dynamic NAC arose. Although Dynamic NAC is referred to as a peer based solution, it's really a peer-less NAC because the enforcer is a peer but doesn't require a peer to enforce. Enforcers can block access to the network from rogue devices. Dynamic NAC has been a long time coming, and it's great to see that some of our conclusions being validated. I've recently seen articles based on Forrester Research and Yankee Group that indicate that ease of deployment is a major issue and stumbling block for NAC, but more about that in the next blog. April 19, 2007 - Vista status for InfoExpress products The Vista versions are moving along for all product lines, with releases scheduled for mid-2007. Most the beta testing and fixes should be wrapped up this month or early next, giving about two months for testing release candidates. We haven't encountered unexpected surprises with ports for Vista, including CyberArmor, Dynamic NAC, or VSClient - welcome news indeed. Most of the work is going into the installers. With Microsoft tightening up their operating system, the work to develop transparent upgrades to Vista is a paint in the b___. Other than that, Vista ports looks smooth so far for VPN, network access control, and the personal firewall. Whatever people may think about the Red giant, their efforts to keep the OS backwards compatible is decent. I've seen worse compatibility issues with Linux and MacOS in earlier days. On the other hand, if Microsoft hadn't added everything but the kitchen sink into their web browser, we probably wouldn't need patches as frequently. March 28, 2007 - Looking at the past to predict the future
of Network Access Control VPN products had just kicked off about 10 years ago, and proprietary solutions abounded at all layers of the stack. Customers wanted to standardize the protocol, so IPSec came along a few years later. Now, lots of vendors could use IPSec even though the nifty features in proprietary implementations were what sold products. Companies could use a VPN client from vendor X to interoperate with a VPN concentrator from vendor Y, but the loss of key proprietary features made that unsatisfactory. A few years later, SSL VPNs came along to fill the gap. What's interesting is that with SSL VPNs, we're back to proprietary implementations again. In the NAC space, we have a fuzzy problem too. Compliance checking, quarantining, and remediation. My guess is we'll end up in the same place as VPNs, with a a call by many companies to use standards like 802.1x or large vendor frameworks. But amidst the hype, companies are likely to find out that it's a lot of work and money to upgrade their network to support NAC. When that happens, they'll want a combination of standards based approaches and proprietary ones that can ease the transition. March 16, 2007 - The Voyage Begins InfoExpress.
Copyright © 2007. All Rights Reserved. |
|