Educause Security Discussion mailing list archives
Re: NAC RFI/RFP
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Tue, 22 Jun 2010 16:28:28 -0400
NAC is a "very diverse" term these days, and very difficult to translate into a truly open RFI/RFP process unless you are truly open to potentially replacing your network infrastructure, security policy, and accumulated knowledge base. If your requirements dictate that "existing infrastructure" must be retained, you have eliminated some players. If you really need layer-2 isolation upon the point of admission and/or quarantine/remediation, you have eliminated some others. If you choose an inline solution, can you afford to replicate it on all of the required layer-2 segments of your network? If you choose dot-1X, is all of your network infrastructure really dot-1X aware, and truly interoperable? Will your NAC cover wireless? VPN? In our case, we were replacing Perfigo/CCA and had some lessons learned that we cared not to repeat that somewhat directed our goals. If you are starting from ground zero, you may be open to a more diverse study. Jeff
Current thread:
- NAC RFI/RFP Baker, Lori (Jun 21)
- Re: NAC RFI/RFP Terence Ma (Jun 21)
- Re: NAC RFI/RFP Bob Brown (Jun 22)
- Network Access Control and Privacy Yonesy F. Nunez (Jun 22)
- Re: Network Access Control and Privacy David Gillett (Jun 22)
- Re: NAC RFI/RFP Terence Ma (Jun 22)
- Re: NAC RFI/RFP Isabelle Graham (Jun 23)
- Network Access Control and Privacy Yonesy F. Nunez (Jun 22)
- <Possible follow-ups>
- Re: NAC RFI/RFP Jim Kieley (Jun 22)
- Re: NAC RFI/RFP Hall, Rand (Jun 22)
- Re: NAC RFI/RFP Jeff Kell (Jun 22)
- Re: NAC RFI/RFP Hall, Rand (Jun 22)