And now let’s take a look a little bit, and let’s add scale into perspective. Let’s take a look at a typical NAC deployment in a production environment.
When you’re looking at any type of scale, obviously one box will not be enough just from a redundancy perspective. But more so from a scaling perspective because you’ll need to distribute the load, you’ll need to load balance your authentications, your endpoint databases, and things like that.
So you’re typically looking at deploying a clustered solution, where you would have your policy or authentication nodes, or your brains of the solution, somewhere closer to your NAS devices, your APs and switches, so that they will authenticate clients, they will do the heavy lifting. And at the top, you would have a pair of management nodes. This is where you would configure your NAC policy. This is where you have the visibility logs and things like that.
So that’s the cluster deployment you’re going to look at. And obviously, in front of that, you’ll need to put a load balancer to actually load balance the authentication requests, the RADIUS requests that are come in coming in from various devices, so they would hit all these policy nodes respectively.
And today, this whole deployment is customer managed. It’s a customer problem to solve. You need to design for it. You need to scale for it. You need to make sure that you can change that when you need to add scale. You need to make sure that you will maintain this during software upgrades, maintenance windows, and things of that nature.
So that becomes a main challenge. These solutions are becoming complex very, very quickly. And with those solutions, they’re still lacking insights and end-to-end visibility. Because we’re still looking at a standalone NAC deployment, which is an overlay to your current network infrastructure.
So even vendors who have infrastructure and NAC from the same vendor, they will not give you end-to-end user connectivity experience visibility in one place. You’ll troubleshoot your NAC in one place. You’ll troubleshoot your network, your controller switch, your AP or whatever, in a totally different place.
And obviously, think of what will happen if you need to do maintenance, where you’ll just want to get a new feature. How would you upgrade this kind of deployment? That requires a lot of investment from the customer side.
Now, just as an example, I’ll put the reference here. We’ll take Clearpass as an example, but it’s the same for other vendors. Clearpass has a clustering tech note which is 50 pages long just on how to set up a cluster. Nothing else, not about the scaling– nothing else– it’s just about clustering. Think about the complexity here.
