Main Nav

Informal survey - If you are running NAC do you require an agent?

Any comments you wish to add regarding your experience one way or another would be appreciated.

Thanks

-- 
John Kaftan
IT Infrastructure Manager
Utica College

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Our NAC is only used within Reshalls and  agents are required for Windows and Mac OS (I believe these are the only OS’s supported).

 

If we did use NAC on the rest of campus I’m fairly sure that would be agent-less.

 

-Kent

 

We are currently using the Cisco Clean Access solution with the Agent and it is the #1 source of network issues in the dorms every single year. We are getting rid of it now. We have been researching NACs and all of the ones we looked at have an agent-less option. By name they are Cisco ISE, Bradford, Forescout and Impulse Safe connect. I don't think I would ever employ an agent again after our experiences. Example: When Mac OS 10.9 Mavericks launched, the Cisco Agent didn't support it right away so immediately close to 100 students broke. Same thing happened to Windows 8.1 . Cisco released a patch but it was too late. Students were already affected and offline. We also had issues with Java giving Mac OS clients a hard time over the years. On 11/15/2013 12:17 PM, John Kaftan wrote: > Informal survey - If you are running NAC do you require an agent? > > Any comments you wish to add regarding your experience one way or > another would be appreciated. > > Thanks > > -- > John Kaftan > IT Infrastructure Manager > Utica College > > ********** Participation and subscription information for this > EDUCAUSE Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
If you go agent-less the question then becomes is the NAC really protecting you? Users can easily uninstall or become infected after initial registration. Jason Rinne Systems Administrator 500 E. College Street - Marshall, MO. 65340 P 660.831.4088 rinnej@moval.edu This document may contain confidential information and is intended solely for the use of the addressee. If you received it in error, please contact the sender at once and destroy the document. The document may contain information subject to restrictions of the Family Educational Rights and Privacy and the Gramm-Leach-Bliley Acts. Such information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving the information.
Message from dannyeaton@rice.edu

We are currently running Cisco Clean Access, and require an agent first discovery.  Student MAC’s are cleared every semester, staff, well, so far hasn’t. 

 

We’re looking at a refresh to either Cisco ISE, Juniper UAC, or something else.  I’d be interested to hear all y’all’s experiences on the various clients. 

 

Message from dannyeaton@rice.edu

For us, the NAC isn't so much as "protecting" us, but putting devices in the correct network affinity group, or MPLS VPN/VRF.
My thought process is that we only really want to NAC for accountability anyway. We invested in a good IPS so that will automatically quarantine them due to major viruses. It might not stop day zero viruses but even having antivirus on the student PC won't guarantee that either. Once we go clientless next year, we will rely more on the infrastructure to mitigate threats as well. On 11/15/2013 3:02 PM, Jason Rinne wrote: > If you go agent-less the question then becomes is the NAC really protecting you? Users can easily uninstall or become infected after initial registration. > > Jason Rinne > Systems Administrator > 500 E. College Street - Marshall, MO. 65340 > P 660.831.4088 > rinnej@moval.edu > > > This document may contain confidential information and is intended solely for the use of the addressee. If you received it in error, please contact the sender at once and destroy the document. The document may contain information subject to restrictions of the Family Educational Rights and Privacy and the Gramm-Leach-Bliley Acts. Such information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving the information. > >
Message from iam@st-andrews.ac.uk

Well.. We don't run what you'd probably call NAC, but we do dot1x first on all our residence network ports (and increasingly across the campus) and fall back to a home-grown mac registration system. We run private vlans at the edge, and have L3 acls stopping inter-client communication. We decided long ago that if the students couldn't infest each other, and we firewalled them from the 'business' side of the campus, then we didn't really mind too much what they did with antivirus etc. That said, we do have IDS and netflows, and do '3 strikes' remediation for particularly nasty nasties, or things that are particularly antisocial. Best Regards, -- ian
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.