这有点像读一篇关于美国最好的意大利餐厅才发现那赢家的选择是因为他们还担任过印度和泰国美食。嗯?是,我撰写这本书思科NAC设备(NACA)我参加过分析处理NAC产品结果的任何烘烤个人利益。我相信我的意见将是有争议的(哦也),这反应是我个人的反应不是我的雇主。因此,这里是我的网络世界的NAC测试结果个人分析。有个足球雷竞技app如果你还没有看到该测试还去这里://m.amiribrahem.com/reviews/2007/073007-test-nac-main.html。底线是,本次测试排名NAC“神盒有”以上现实世界的客户NAC要求的方式。看来这个测试是真正关于寻找NAC厂商谁酿的最部件到一个机箱中,并调用它NAC。而不是寻找的NAC厂商是练成了执行普遍接受的NAC功能,验证,状态评估,隔离,修复和报告功能。首先,让我们与他们的整体供应商的排名结果开始。 They ranked Symantec on top and Cisco NACA almost at the bottom. This result just doesn’t add up with the other industry data, reviews or customer surveys out there. For example, NACA won the 2007 product GOLD award at searchnetworking.com (see here http://searchnetworking.techtarget.com/productsOfTheYearWinner/0,296407,sid7_gci1244774_tax306254_ayr2007,00.html ) Symantec wasn’t even a finalist. And if you look at customer satisfaction surveys or poll data Cisco’s solution consistently ranks above the others ( see here http://www.networkcomputing.com/galleries/showImage.jhtml?galleryID=17&imageID=4&articleID=199201086 and here http://www.networkcomputing.com/showArticle.jhtml?articleID=199204304&pgno=7 .) And finally, Cisco’s NAC Appliance holds a commanding 47% market share in the cluttered NAC space. So I ask you, are that many customers making horrid buying decisions? The NW NAC test results ask us to believe that they are. However, when we look at customer satisfaction rating for NAC Appliance we just don’t see this, in fact we see the opposite. In general, customers are happy with the Cisco NAC solution. Second, let’s analyze the scoring criteria the NW test relied on. The test weighted authentication less than endpoint security posture. But wait, the endpoint posture checking process depends on the authentication process to tell it what checks it should perform. In fact, almost every NAC process relies on data gathered during the initial authentication process. Without a rock solid authentication foundation on which to build, all other NAC features will suffer. Additionally, a majority of customers consider the ability to enforce user authentication at the network layer to be the most compelling reason to implement a NAC solution. The NW NAC test criteria didn’t focus on real world customer requirements for NAC solutions. Top of mind issues that drive the need for NAC, like controlling guest access, non-corporate owned PCs, contractors, and rogue devices (like APs), weren’t addressed in any meaningful way. Additionally, the effectiveness of dealing with non-user devices, like IP Phones, was given only passing consideration in the test. Third, let’s analyze the test bed topology itself. The only deployment method used in the test was inline deployment. Again, real world considerations were not taken into account here. The easiest path, not the most likely path, was taken. Most customers do not want to deploy NAC inline in a LAN environment due to performance and high-availability concerns among others. If given the choice almost all customers would choose an out-of-band solution for wired ports. The NW NAC test doesn’t mention OOB results because they were not tested, in fact they call out-of-band a controversial option. Huh?? If OOB options would have been tested I guarantee you that all of the 802.1x solutions would have performed less than admirably. Deploying 802.1x for wired is riddled with issues on all sides, the client supplicant, the switches need to support it, guest access support, non-dot1x enabled client support, certificates, OS support, the list goes on and on. Can it be done, yes, but it is a huge undertaking with many caveats, the omission of this info from the test docs is telling. Cisco NAC Appliance should have gotten points just for its ability to deploy OOB without the need for 802.1x! Using OOB can reduce the cost of deployments by requiring fewer servers. Fourth, where was the focus on remediation at the host? I felt that very little weight or focus was put on the NAC solutions ability to remediate the issues a posture assessment found. This is a critical piece in the real world. A poor remediation solution results in increased, not fewer, help desk calls. Just simply stating that a vendor can provide a link, launch a program, etc is not enough information. More should be said regarding how that information is presented to the user and how it integrates with 3rd party apps like AV, AS, and WSUS. My final point is that the review failed to focus on, or score, the deployment options available, their functionality, and their ease of use. Most customers ask for and make buying decisions on a NAC solutions deployment flexibility, functionality, and ease of use. Here are a couple of the things that the NW test team reported incorrectly in their results write-up of Cisco NAC Appliance:
- “另外,思科API需要分析评估结果。”不对,每个主机通过和失败检查的完整报告可以在Manager软件中本机获得。
- 代理软件收集关于每个终端用户角色以及IP和MAC地址的最小信息。”再次简单地不准确,NAC经理也收集OS类型/版本信息,用户信息,机器信息,OS指纹,AV版本信息,作为版本信息,等等。
- 审查陈述如下“对于客户,专属门户用于登录和分发思科的可解散代理。”在这里看到的:http://www.itbusiness.ca/it/client/en/home/news.asp?思科甚至还没有一个可溶解的代理。这只是传闻,是我们未来路线图的特色。会不会是因为思科的NAC从未真正经受过全面考验?会不会是思科的配置和营销材料严重依赖他们的结果?谁知道呢。
我知道这是NAC测试审稿人的第一篇关于NAC的文章,也是她的第一篇产品评论文章之一,但这篇评论仍然缺乏NW读者和NAC客户真正需要的现实世界标准和测试结果。NAC不应该是,也从来没有打算是,一个做一切“上帝盒”单一供应商解决方案。在我看来,以NAC产品评审为主要主题,结果是有致命缺陷的。你说呢?