By Tim Greene, Network World, 08/15/07
Sponsored by:
Aruba Networks can now supply all the network access control gear needed to support devices accessing corporate networks regardless of whether they connect via wired, wireless or remote access.
Through an OEM relationship with NAC vendor Bradford Networks, the company now offers a NAC policy server of its own that establishes what policies need to be enforced based on endpoint assessment, connection method and behavior of the device.
Previously, Aruba’s Mobility Controller gear could enforce policies dictated by other vendor’s NAC servers, but Aruba didn’t sell a policy server.
The relabeled Bradford gear, called Aruba Endpoint Compliance System (ECS), comes in three models to support varying numbers of users. The E-50 supports up to 1,000 users, the E-100 supports up to 6,000 users and the Network Security Manager can manage groups of E-100 devices to support tens of thousands of users, Aruba says.
ECS can manage identities of individuals by associating them with media access control addresses, the users' roles in the company, IP addresses, how the device is attached to the network and time of day.
Stateful Layer 3 firewalls within Aruba Mobility Controllers enforce policies based on data they gather from endpoints and other security devices such as intrusion-prevention systems.
The Controller can also push enforcement to Aruba wireless access points, and using a feature called Remote AP, this can extend NAC to remote access users. If the remote user accesses the Internet via an Aruba access point, the access point will grant access as dictated by the NAC policy server.
As the status of a user and the user’s machine changes, the policy being enforced can also change. So if a student logged into the college network from the library moves into a classroom, that change of location can trigger a policy change that blocks peer-to-peer and Internet traffic, Aruba says.
Aruba is also announcing that its gear supports both Cisco’s and Microsoft’s NAC architectures and has issued application notes to help customers configure the gear to work together. Aruba also recently joined Trusted Computing Group, which is working on standards for interoperability of NAC gear. The company hasn’t issued application notes for TCG compliance.
Pricing for Aruba’s E-50 starts at $10,500 and for E-100 at $21,000. A Network Security Manger costs $17,500.
Aruba adds NAC policy server
