Cisco Vs. Juniper Over Network Access Control

Juniper Networks last week sought to tip the scale in favor of an approach based on industry standards when it introduced the latest version of its Unified Access Control suite. UAC 2.0 provides access control security using networking components that adhere to the Trusted Network Connect standard from the Trusted Computing Group, a nonprofit organization formed in 2003. Juniper and Trusted Computing hope their use of standards-based technology will appeal to potential customers because of the flexibility it offers when buying the switches, policy-enforcement servers, and other components needed to improve network access control.

Users seem to be in the market for those components. Infonetics Research projects worldwide revenue for NAC-enforcement equipment will grow from $323 million last year to $3.9 billion in 2008.

When UAC 2.0 starts shipping next month, it will include the Odyssey Access Client and Steel-Belted Radius software Juniper got as part of its $122 million acquisition of Funk Software last year. Funk's technology complements Juniper's access control technology, including its Infranet Controller, which serves as a centralized policy manager, as well as its UAC Agent downloadable end-point software and several policy-enforcement components, such as firewalls.


Sponsored post

Unified Access Control 2.0 offers users the ability to mix and match hardware and software more readily than the NAC framework provided by network-hardware powerhouse Cisco Systems, which requires Cisco gear almost exclusively. Cisco isn't all proprietary; it sells an access control appliance that can be used as a policy manager within a larger NAC implementation. Also, Cisco NAC users can choose their own policy server and pick end-point health-checking software from vendors such as Altiris, McAfee, Microsoft, and Symantec. But when it comes to the switches, routers, and access server, which enforces the decision to grant or deny access based on a company's admission policies, in the Cisco NAC framework, all must come from Cisco.

This was a problem for Kamo Power, an electricity provider serving 17 co-ops in northeastern Oklahoma and southwestern Missouri. Kamo asked Cisco last year to help it build an access control infrastructure. Kamo had recently spent a half-million dollars on Extreme Networks' switches, but if the co-op went with Cisco's NAC, "Cisco was saying they'd have to rip them out," says Robert Lemm, Kamo's IS supervisor.

Juniper's UAC turned out to be more adaptable to Kamo's existing networking infrastructure, so Lemm took a chance. Not that it was easy giving the green light to a new, unproven product. "I'm here to tell you, I feel like Lewis and Clark," Lemm says. But as long as Juniper continues to invest in UAC, and other vendors adhere to the still-evolving Trusted Network Connect standard, Lemm likes the long-term prospects of Kamo's investment.

Cisco is ignoring Trusted Computing's proposed standard, but it's buddying up with Microsoft over its Network Access Protection technology, which will be available next year with the Windows Vista PC and Windows Longhorn server operating systems. Microsoft, though, apparently sees potential in Trusted Network Connect: It has said for more than a year that its NAP will be compatible with the standard. That's a solid endorsement for Juniper's approach. And while Cisco is big enough to take on Trusted Network Connect's backers by itself, at least for now, resistance to IT industry standards has a way of alienating customers. And that's never the best way to stay in control.