Northern Arizona U Reduces NAC Overhead
- By Dian Schaffhauser
- 03/21/11
Northern Arizona University has shifted its network access control (NAC) software in an effort to tackle network security issues more rapidly and to cut maintenance time and costs. In 2010 the university moved to Impulse Point Safe Connect from a legacy Cisco Systems NAC product to manage the network access of nearly 24,000 students.
The university first implemented the legacy product in 2004 to control the kinds of devices that students were using to gain admission to the network. That setup included implementations of the software on 20 servers, one in each residence hall, as well as a central management server. Challenges proliferated.
The old vendor wasn't speedy, according to the university, about upgrading its software to recognize new operating systems or anti-virus software, which meant the machines running new versions would have to be exempted from the NAC's policy checks, thereby leading to security vulnerabilities. Updating the large number of servers running the NAC when Cisco updated its software--two to four times a year--was time-consuming. Also, the development team supplemented the system with custom code, which needed to be painfully recoded every time Cisco updated its product. According to Heather Bell, senior systems administrator, when the NAC would fail on one of those machines, it would bring down the network in that location. Bell estimated that she spent about a third of her time dealing with issues related to Clean Access.
When the IT organization began shopping for a replacement, it was Dell that recommended Impulse Point products to Northern Arizona. "Dell has a lot of credibility here at NAU, so we added Impulse Point to our shortlist for consideration," said John Campbell, director of Academic Computing. "After evaluating multiple options, we selected Safe Connect. Our procurement department appreciated being able to purchase the solution through Dell."
Now the university runs Safe Connect on three campus-based Dell PowerEdge R610 servers with CentOS Linux. However, the NAC servers are managed by Impulse Point through a service agreement. The vendor delivers hardware and software maintenance, including updates and problem resolution. The university maintains control of its policies and enforcement rules via a policy management console. For customization, IT uses a Safe Connect API.
The move has resulted in several areas of improvement: NAC administration and maintenance has dropped by 50 hours per month; NAC-related help desk calls have dropped by half during move-in week; and energy costs have dropped by 86 percent owing to the reduction in servers.
About the Author
Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.