NAC Appliance Buying Guide: Avenda Systems_2 - Page 2
Avenda’s eTIPS strives to fit NAC into any network, small or large.
Expanding beyond core capabilities
eTIPS appliances can support many use cases without additional components. However, customers can purchase add-ons to expand visibility or simplify deployment.
- GuestConnect is an optional eTIPS application that lets individuals sponsor guests, using custom captive portals for each sponsor. Users can also use GuestConnect to self-register themselves and their devices. GuestConnect portal pages can also perform agentless health assessments on Windows, Mac, and Linux endpoints.
- Insight is an optional advanced reporting module that complements basic eTIPS reports with another 20+ reporting templates, while extending the period during which archived data can be analyzed and viewed as though it were live data.
- Edge is an optional virtual appliance that delivers pass-through integration between eTIPS and VPN gateways. Edge can enable consistent location-independent policy enforcement, so that users experience the same access decisions when working remotely as they do when connected to an onsite LAN or WLAN.
Shoring up endpoints
Finally, endpoint diversity has been a thorn in NAC’s side for years. Avenda offers two optional products to ease that pain.
802.1X is a great way to enforce NAC decisions – except when it doesn’t exist or is not yet configured on unmanaged endpoints – including BYO phones and tablets. “Microsoft and Apple [endpoints] now have supplicants, so 802.1X is easier than it used to be,” said Fierro. “But configuration is still hard. Our Quick1X lets users [avoid configuration] by visiting our cloud server and entering a login/password. We then push 802.1X settings and any necessary client software to Windows, MacOS, iOS and Android endpoints.”
Another long-standing challenge has been striking a balance between persistent agents – capable of deeper endpoint health assessment – and dissolvable agents – usually more superficial, but a better fit for guests and other unmanaged endpoints. For customers that need endpoint health assessment, Avenda’s OnGuard offers both dissolvable and persistent agents for Windows, MacOS, and Linux endpoints. “On a Windows laptop, you can use Microsoft NAP to check whether [a device] is running firewall, anti-virus, anti-spam, etc. On Macbooks, you can use OnGuard to do the same thing, applying consistent policies to both, in 802.1X and non-1X environments,” explained Fierro.
OnGuard can also perform deeper-than-NAP assessments, such as checking for outdated client software, services like Skype, USB-connected peripherals or cloned endpoints running in VMware. “OnGuard is more granular and more powerful than NAP. It gives you the ability to remediate devices, message connected users, or bounce users off the network when needed to handle code of conduct violations,” said Fierro.
A related feature added in the 4.0 is mobility domain caching. “Travelers can maintain endpoint health status to avoid re-assessment so long as they stay in the same domain,” explained Fierro. “This helps to minimize data sent across WANs, especially important since users are now logging in with multiple devices per person.”
As a NAC Appliance, Avenda eTIPS is designed to drop into any network. “Our philosophy is to build products based on standards. We won’t force you to buy every [network element] from us to do NAC,” said Fierro. “We have strategic partners that sell network equipment (e.g., Meru, Xirrus, Aruba, Meraki). We give customers a NAC solution that can enforce policy consistently throughout multi-vendor networks.”
Options such as Quick1X and GuestConnect demonstrate how Avenda has moved to address operational pain points experienced by earlier NAC adopters. These capabilities create a springboard for enabling new BYOD endpoints, while new features like mobility domains and clustering help Avenda scale to meet even larger network needs.
To learn more about Avenda Systems NAC products, visit this link.
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years in the network industry, Lisa has reviewed, deployed, and tested network security products for nearly a decade.