Juniper Brings Funk To Access Control
Juniper has cast its lot with the Trusted Computing Group's Trusted Network Connect standard, and Unified Access Control 2.0 banks heavily on the thinking that companies would prefer to protect existing network infrastructure investments by mixing and matching the remaining technologies needed to create a network-access control system. Taking on Cisco in the enterprise network market is an unenviable task, but with Infonetics Research projecting that worldwide manufacturer revenue for NAC enforcement will grow from last year's $323 million to $3.9 billion in 2008, it's certainly worth stepping in the ring.
Unified Access Control 2.0 is more flexible than Cisco's Network-Admission Control, which requires the use of Cisco networking equipment. When it begins shipping in December, version 2.0 will include Odyssey Access Client and Steel-Belted Radius software that Juniper bought as part of its $122 million acquisition of Funk Software in December 2005. Funk's Odyssey has proven to be a popular piece of client software, with Funk claiming to have sold 900,000 licenses for the product.
Funk's technology complements the access-control pieces that Juniper already had in place, including Infranet Controller, which serves as a centralized policy manager, as well as UAC Agent downloadable endpoint software and several policy enforcement components, including Juniper Networks firewalls, 802.1X-enabled switches, and wireless access points.
With a Radius server, companies can keep devices off their networks until they're approved to be there, whereas the previous version of Unified Access Control granted devices access to some network resources before putting up a chokepoint that kept infected devices from going any further. The UAC Agent is significant because it initiates the process of remediation, bringing devices up to the latest level of software patches and the newest antivirus protection. Version 2.0, whose hardware and software costs start at $15,000 for 100 concurrent users, can also be used without the agent, if your business partners or contract workers are wary of having software downloaded on their computers.
While Cisco's networking gear is much more pervasive throughout corporate networks, Juniper's approach to access control is significant for its efforts to let companies choose from among standardized components regardless of the vendor. In fact, Unified Access Control implementations "won't look exactly the same from client to client," says Oliver Tavakoli, VP of architecture and technology for Juniper's security products group.
Yet the success of the mix-and-match approach to access control relies heavily on adoption of Trusted Network Connect standards. Cisco has shunned the project, while tightening its relationship with Microsoft and Microsoft's Network Access Protection, or NAP, technology available next year with the Windows Vista PC and Windows Longhorn server operating systems.
A combined Cisco NAC and Microsoft NAP environment will include several client-side software applications that check and communicate the health of laptops, desktops, and other devices attempting to connect into a given network. On the network side, Cisco routers and switches, Cisco Secure Access Control Server, and Microsoft Network Policy Server work together to give the thumbs up or down to any device seeking to connect into that network. Combined NAC and NAP will work with policy servers from other vendors.
Still, Microsoft isn't looking to alienate technologies that adopt Trusted Network Connect and has for more than a year said that NAP will be compatible with the Trusted Computing Group's standard. Meanwhile, Trusted Computing Group board member Stephen Heil works for Microsoft's Windows Hardware Platform Evangelism group. As Microsoft showed with its recent dtente with Novell, a move to help companies using both Windows and Suse Linux while at the same time increasing competition against Microsoft rival Red Hat, Microsoft is not one to turn its back on a growing market.
Cisco and Juniper will continue to approach access control from opposite sides of the tracks. Juniper's strategy, as well as those of the dozens of other network-access control vendors, depends dearly on the market buying technology that adheres to Trusted Network Connect. Cisco's big enough to take on TNC's backers for now, but that's not exactly good news for Cisco's customers.