After promising to turn the client software for its CTA (Cisco Trust Agent) into an open-source application, Bob Gleichauf, CTO of Cisco's Security Technology Group, said that the company has not made up its mind yet about the future of the software.
"Where I misspoke was speaking in terms of CTA going open source as if that's a given, and that was incorrect. That was my mistake," Gleichauf told InfoWorld last week. "It has been part of a discussion of a number of different options available to us, but it's not a viable option at this time," he said.
A more circumspect Gleichauf said that in earlier comments he was just speculating that CTA might be turned into an open-source component. "Open source was one thing that's a way of dealing with various components as work toward an integrated solution," he noted
He declined to discuss the pros and cons of going open source with the CTA client, a desktop software agent that is used to enforce security policies on machines that seek access to networks.
However, Gleichauf did say that he was concerned about the reaction of Cisco customers to comments he made to InfoWorld at the RSA Conference in early February, saying that Cisco would "open up" CTA within two months so it could devote development resources to other areas of NAC.
"We don't want partners and customers to think we're pursuing that. That was a mistake," he said. "Customers need to know how to prepare for any new initiative or technology or product. What I did a disservice to on everyone was stating something as a fact that wasn't a fact and that can affect planning, whether a funding decision or a build decision or a partner decision. "
As for the future of NAC, Gleichauf said that Cisco is looking for ways to tie Cisco's NAC appliance, formerly known as Cisco "Clean Access," with the company's NAC "framework," a larger NAC solution, which relies on Cisco routers and switches to do policy enforcement.
"Cisco's in the process of leveraging its best of breed product, which is Cisco Clean Access, and the framework product and migrating toward an integrated solution that gives customers a lot of choices. As we do that, we're going to be continually evaluating where the focus is and how we manage the investment in terms of the engineering," Gleichauf said.
Cisco's divided appliance and framework approaches are the most pressing issue for the company, not the CTA client, said Russell Rice, director of marketing in the Security Technology Unit.
"What we want to deliver to the market is the ability to have those be tied together technologically so that they use common components. That's what we don't have in the marketplace, and that's what our customers are asking us to achieve," Rice said.
Cisco is wrestling with the uncomfortable fact that adoption of the NAC framework lags far behind use of the NAC appliance, Rice said.
"We have 1,500 clients who we talk about using NAC. The majority of those have been going down the appliance route. A lot of people look at framework and say, 'There are a lot of features that are valuable, but how do you put these together?'" Rice said.
In the end, Cisco may end up throwing the CTA client open source as a way to differentiate itself from Microsoft's NAP technology, which is integrated in the Vista operating system, said Zeus Kerravala, an analyst at Yankee.