NAC policy management wags the watchdog

Friendly administration is critical to successful network access control

The most critical element of a NAC system is the policy management system. As every administrative interface that an administrator must use requires specialized focus and understanding, the ease with which an administrator can launch the policy management system, make the changes desired, view reports, and perform other management tasks is critical. No administrator is likely to have hours to devote to these systems each day, so the simplification and visualization provided by the system should be a primary consideration for shoppers (and a prime opportunity for differentiation among the vendors).

The policy definitions for any of these systems are complex, and the more variables introduced as options, the more complex the interactions. As a result, the user interface should provide at-a-glance visualization for network access system status and issues, intuitive policy configuration, and easy device configuration that offers replication, policy defaults, and other simplifications to speed the deployment process.

The policy management systems reviewed here have all made progress in these areas, but each has room for improvement. The more comprehensive policy management systems tended to feature more complex user interfaces. The key for buyers, however, is to remember that policy management is an occasional process, so administrators will use the system infrequently. As a result, administrators will not be highly familiar with the interface when they need to use it. Choose a system based on the approach that you have taken with your policies, so that they are as intuitive as they can be for your administrators. As you test systems, be sure to leave some time between the definition of policies so that you can test the usability of the system when it is infrequently used.