Some Surprises in Novell’s Foray Into NAC

Novell is diving into the market for network access control (NAC) with its new
ZENworks Network Access Control solution. The launch isn’t without its quirks,

The idea behind Novell’s NAC is that it’s supposed to be easy to deploy and is
suitable for heterogeneous network environments. However, while Novell’s solution is a
software-based appliance built with a Linux kernel, ZENworks NAC does not yet support
Linux endpoints.

Additionally, while Novell as a company is supportive of open standards, ZENworks NAC
does not yet support the open Trusted Network Connect (TNC) standard. The TNC standard
had been created by the Trusted Computing Group, a vendor-neutral industry body, with the
goal of creating interoperability between access control solutions from different

Novell’s approach to NAC comes as the market for such solutions is
, with offerings from Microsoft, Cisco and Juniper, among others, already in
the market.

Such solutions provide preadmission controls that validate the integrity and security
of an endpoint before it’s allowed to get network access. Some solutions, including
Novell’s NAC, also perform post-connect access checks, which can ensure that the endpoint
remains in compliance with network policy.

“This rounds out our capabilities for the endpoint security market,” David Ferre,
product manager for Novell ZENworks, told “We are seeing a good
market for growth, and probably will be for at least the next three or four years.”

The ZENworks NAC builds on technology that Novell acquired with
the purchase of endpoint security vendor Senforce
in August 2008.

Ferre explained that Senforce’s previous version of the NAC product had been limited
to a single console for servers. In its new version, however, Novell has broken out the
management and enforcement server components. As a result, an enterprise can now blend
both DHCP (define)
and 802.1x (define)
modes of NAC enforcement, Ferre said.

“The focus is on minimizing the amount of investment required for deploying NAC and
for allowing it to all be controlled from a single, central location,” he added.

While ZENworks NAC uses the Linux operating system as its base, it’s not the flavor of
Linux one might expect, considering that Novell has its own SUSE Linux distribution as
well as a burgeoning initiative around promoting
SUSE appliances
. Instead of SUSE Linux, the NAC uses a customized version, Ferre

“The Linux kernel ‘in ZENworks NAC’ is actually proprietary to this solution,” he
said. “We are taking the packages individually and creating the Linux build, so it is not
the same structure as SUSE Linux.”

The surprises don’t end there. Although ZENworks NAC is built on top of a Linux
kernel, it does not actually support the OS as an enforcement endpoint. Ferre explained
that Linux support wasn’t a priority because Novell sees a higher demand for
Windows-compatible solutions, owing to the density of Windows devices in the

“It was a decision on coming to market,” Ferre said. “We needed to either deliver on
what is in the most demand and get to market sooner, or we could have held off and
release at a later date. Based on where the market is today, we wanted to move forward
immediately rather than wait for Linux compatibility.”

Still, he added that Linux support may be in the works.

“We are offering testing capability on Windows and Mac OS X,” Ferre said. “Linux is a
logical extension since we have SUSE Linux, and it is something we will be looking at in
the near term.”

Linux isn’t the only platform that might experience interoperability issues with
Novell’s NAC. Ferre also said that ZENworks NAC does yet support Microsoft’s (NASDAQ:
MSFT) Network Access Protection (NAP), either. NAP, Microsoft’s technology for access
control, ships as part of Windows Server 2008. It’s also compatible with the TNC
, which is supported by many other vendors, including Juniper.

Despite those pluses, Novell so far has not seen a lot of demand for it, Ferre said.
On the other hand, he added that TNC compatibility, while currently lacking in ZENworks
NAC, may also be in the cards for a later version.

“We have been actively watching ‘TNC’ and are interested in that,” Ferre said. “I see
no resistance and I do agree it’s the only open standard, and it is the way that things
will go. I do fully expect that it is something we will adopt on ZENworks NAC, but not
something that is in process at this point.”

Though lacking TNC support, ZENworks NAC does support Cisco’s NAC framework. Cisco
(NASDAQ: CSCO) currently does not support TNC, either, though an
Internet Engineering Task Force effort is currently underway
that might yield a
broader standard acceptable to both the Cisco and TNC communities.

Article courtesy of

Latest Articles

Follow Us On Social Media

Explore More