| NAC appliance is a dedicated, or turnkey, NAC deployment option that is implemented with dedicated server and management appliances. The option of a dedicated NAC appliance provides the ability to have a turnkey NAC deployment that does not use resources from existing network components like routers or switches. NAC appliance may also be considered to be a simpler NAC deployment option as a dedicated, self-contained appliance suite. For example, NAC appliance does not use a router or switch as the authentication client. NAC appliance also does not require 802.1x as a port-based user authentication mechanism and does not require an 802.1x authentication server. NAC appliance also does not require the customer to purchase third party vendor servers for policy validation, audit, and remediation. NAC appliance offers several features, including the following: Authenticates device attributes and users for network admission. Provides an all-in-one NAC deployment option with a dedicated server appliance, manager appliance, and optional appliance agent for Windows PCs and laptops. Scans PCs, servers, and laptops on the network to identify infected or vulnerable hosts. Identifies vulnerabilities and views registry key values with an optional client agent. At the time of this writing, the client agent is offered at no additional cost. Quarantines vulnerable machines and facilitates remediation. Provides DHCP, DHCP Relay, and Network Address Translation (NAT) services to users on untrusted networks. Supports floating devices like public kiosks that require each new user to authenticate after the logoff of the previous user. Terminates VLANs between trusted and untrusted networks. Supports "bump-in-the-wire" and acts like an Ethernet bridge in addition to IP gateway scenarios. Bump-in-the-wire means that the NAC appliance server acts in a pass-through mode and does not require IP readdressing. IP gateway provides a routed option for the NAC appliance deployment. Allows IP Security (IPSec), Layer 2 Transport Protocol (L2TP), and Point-to-Point Tunneling Protocol (PPTP) encryption from PCs and laptops to be terminated on NAC appliance server between untrusted and trusted networks. The IPSec/L2TP/PPTP functionality requires specific software on the client system. Provides exemption or filters so that certain devices (based upon Layer 2 MAC address) and users do not have to be authenticated. Denies a specific device (MAC address), user, IP address or subnet from authenticating to the network. Allows the enforcement of bandwidth restriction for certain user classes. Incorporates a native high availability (HA) solution between two servers. Provides NAC Message Information Block (MIB) to integrate with Hewlett-Packard Open View (HP OV) SNMP systems. Offers a subscription service for automatic Microsoft OS, antivirus, and antispyware updates. Allows single sign-on with remote-access VPN.
|
