NAC, a Lament
Jeff Boles writes this about NAC:
What we should be left with in NAC is an evolutionary development of current architectures, such as 802.1x, that are standardized and fully interoperable. There’s some discussion afoot about interoperability, but in reality the market has greatly fragmented itself with a bunch of different solutions and poor definition of what NAC is. We’re left without a solution set, but a lot of different packaged up products.
I think Jeff has this right. Cisco, Microsoft, and other big players have often touted proprietary protocols as a way to seed the market with an in-demand capability. Cisco did this correctly with the Hot-Standby Router Protocol (HSRP) and with some of its early extensions to IPsec. However, 802.1X is relatively new without being further encumbered by NAC. Cisco sees this and has begun positioning Cisco Clean Access as an alternative to 802.1X-based NAC.
While there seems to be widespread agreement that standards are necessary to get a functional and interoperable NAC architecture, standards are slow going. The IESG within the IETF finally received a submission from the Network Endpoint Assessment (NEA) mailing list to form a working group today. The chairs of the mailing list are representatives from Cisco and Juniper, two companies with substantial stake and influence in how all this shakes out. While I hope specifications move more quickly than the initial formation of the working group did, I’m not hopeful that the IETF’s sluggish tendencies can be easily remedied.