Today’s panel on NAC was a blast! Mike Fratto mainly took questions from the audience. When there were slow spots, he asked some tough questions of his own. I prefer this approach to panels. Customers have the most interesting, real-world questions!
I was surprised how many of today’s questions focused on standards. The attendees were impatient with the delays in getting NAC standards implemented. I share their impatience. The TNC standards have been around for more than four years. They’ve been implemented by Juniper, Microsoft, and dozens of other vendors. Why don’t other vendors just implement them?
Steve Karkula of Nokia was a welcome addition to the usual cast of characters on a NAC panel: Cisco, Microsoft, and TCG. Steve is involved with Nokia’s SourceFire product. He pointed out the value of including behavior monitoring in a NAC system. I couldn’t agree more! These days, NAC is much more than checking the health of devices when they connect to your network. State-of-the-art NAC systems customize access for each user or role and monitor behavior so they can block misbehaving endpoints. Really cool systems link identity and behavior monitoring so that they know what behavior’s appropriate for each user!
An interesting followup question was how to monitor behavior when more network traffic is encrypted. The panelists had a variety of answers: doing monitoring on the servers, on the endpoints (only if you trust them!), or at the edge of the data center (if you terminate the encryption there, as is often done with load balancers, SSL offload devices, and such).
All in all, it was an interesting panel. I’m sorry if you couldn’t be there. I hope to see you at one of my upcoming talks!
I’m in NYC for Interop NY today. I’ll be speaking on a panel about NAC at 10:15 AM with Microsoft, Cisco, and Nokia reps and Mike Fratto as moderator. It should be entertaining and enlightening. At least, I hope it will be! I’ll blog about it this afternoon. If you’re at the show, please come by and say “Hi” or ask a question.
I wanted to point out Mike Fratto’s blog posting about the NAC Day panel. It sounds like a great discussion with customers pushing hard for vendors to support NAC standards. The TNC standards have been out for more than three years now and free for anyone to implement. Most vendors have done so or at least announced plans to do so. Cisco is the only holdout. I’m glad to see customers pushing hard for them to support these standards. I hope these words translate into actions. As they say, “money talks”! The only way to get some vendors’ attention is to put a requirement in your NAC RFP saying “must support the TNC standards”.
I recently returned from the IETF standards meeting in Dublin, Ireland. Watch this video to hear about the highlights of this meeting. Then come back here and leave a question or comment so we can discuss it more.
In July, I flew to India for my first visit. I visited Juniper's India Engineering Center in Bangalore, met with Juniper engineers there, and gave a talk. In this podcast, I share my observations on this fascinating country.
What have you been up to this summer? Relaxing at the beach? Hosting a BBQ for friends?
I have been traveling around the globe, talking to people about
Network Access Control and network security in general. My next few
posts will be a bit of a travelogue, a set of notes and observations
and photos from my travels. Enjoy!
Last week, I spoke about the TNC standards at Interop Tokyo. Then I went back to the TCG booth and talked with Japanese government and enterprise customers, researchers, manufacturers, and reporters about TCG technology. There’s an amazing amount of support for TCG technologies in Japan! On the flight home, I reflected on how far we’ve come in the last few years and what lessons we can draw from this growing wave of support for TCG standards.
A few years ago, TCG technologies like TPM and TNC were only concepts being discussed by a few people. How could we have trustworthy devices and networks? Now these technologies are globally accepted and widely used. Millions of people have a TPM in their laptop and a TNC client in their operating system. Organizations such as the U.S. Department of Defense require a TPM in every PC. How did this come about? Open standards unleashed the awesome power of human innovation and communities.
Open standards are not enough. There are many thousands of standards, most of which are unsuccessful. Successful standards solve a specific set of problems but allow extensions to encourage innovation and meet special needs. That’s what the TPM and TNC standards have done. And that’s why these standards have flourished. Vendors and customers see value in implementing the basic standards and opportunity in the many ways they can extend these standards. Eventually, communities of interest grow up. The TCG just announced the Japan Regional Forum, a place for Japanese discussion and promotion of TCG standards. This demonstrates the power of open standards.
Think about TCP/IP or WiFi. Having a single set of common standards has enabled a huge amount of innovation with products like the iPhone or iKan. That’s what TPM and TNC do: create an open platform for innovation and adaptation. Once that platform is established, then it’s just a matter of getting everyone on board and letting the innovation begin. The value of a standard is proportional to the square of the number of implementers. That exponential power is really starting to take off for TPM and TNC and other TCG technologies!
Message Edited by SteveHanna on 09-05-2008 03:39 PM