Consentry's back-talking NAC
So, it appears that, as part of getting a new CEO, Consentry has re-entered the NAC space. Welcome back, though it still seems to me that they've pretty much abdicated the policy elements of NAC, and I'm still not sure I get the whole Intelligent Switching angle. As we continue our inexorable march down the standards path, the role of the switching layer seems clearly relegated to that of an enforcement point. Not that there's anything wrong with that. Enforcement of policy is crucial. It's just that the box they'll soon find themselves in (if they haven't already) is choosing between (a) being standards compliant but no more intelligent than any other switch and (b) being more "intelligent" than competitive switch vendors, but in a proprietary way. It's not an easy choice, and I'll be curious to watch which way they go.
By the by, is it too much to ask for an intelligent switch to implement an RFC that's 5 years old? Pretty please?
Grant - far be it from me to disparage another NAC vendor :-). I am glad to see ConSentry back in the mix at least for now, though from what I was told unless they raise some more money, I don't know for how long. I would also like to see Michelle come back from her maternity leave and start blogging again!
As to their technology and switches in general. When you are a hammer, everything looks like a nail. Don't be so sure that switches are just the enforcement point. Many of the switch vendors we work with have bigger plans than that!
Posted by: alan shimel | July 09, 2008 at 08:09 PM
Hi Alan
I've no doubt any number of switch vendors have aspirations beyond being an enforcement point, and at least two of them (Cisco, Juniper) have the backend pieces for that to make sense (ACS and SBR, respectively). My only point was that the switching layer itself, as critical as it is, will not be the policy store, any more than it would be the identity store for the auth elements.
Honestly, I expected them to go down more of a Rohati kind of path, where they ended up selling high-throughput identity-aware switches designed to sit in front of and protect critical assets. But, by all reports, Joe Golden is a smart guy so we'll see where he takes it.
Posted by: Grant Hartline | July 10, 2008 at 07:07 AM