Aruba Networks Applications
Network Access Control (NAC)

Aruba Mobile NAC - an Open NAC Infrastructure that Delivers Mobility with Granular Network Control

In a global enterprise environment, a NAC deployment requires mobility. An employee whose device is managed by IT needs a simple process for getting on the network anywhere and doing business. Guest users with unmanaged machines need to be restricted to guest authorization policies. Remote workers, mobile employees and other business associates need to have unique NAC policies enforced as well. With many different policies to enforce, IT staff cannot afford to deploy and mange multiple systems.

Aruba's user-centric architecture enables a new level of security, control and operational simplicity because it works over wireless and wired infrastructure with no changes to the network, no changes to the applications, and no additional tasks for end users. Aruba's Mobile NAC enables:

• Unified authentication over wired or wireless networks
• Consistent policy enforcement for remote users without additional configuration
• True identity- and location-based policy enforcement
• Continuous threat assessment and enforcement: pre-connect, intra-session, and forensic reports

Aruba's NAC solution is widely deployed today for network-based authentication and authorization policy enforcement. Aruba has proven that NAC is possible, even easy, to deploy. Seamless integration with existing RADIUS based systems and with the upcoming Microsoft NAP system removes the barriers to rolling out user and machine based AAA policy enforcement. Aruba's mobile NAC solution supports:

• Client posture-based assessment
• User-based and traffic inspection based access privilege correlation
• Policy-based access control across all entry points of a network
• Dynamic policies that adjust automatically to changing user and device characteristics

Aruba's NAC solution interoperates with best-in-class security systems, utilizing standard protocols and open APIs, such as RADIUS, Microsoft NAP Specifications, and Aruba's XML API, to provision network access privileges based on user identity attributes, client posture attributes and traffic inspection. Aruba NAC addresses the full range of risks that users and endpoints can pose to the enterprise network. This allows enterprises to conduct deep and broad security assessments before provisioning a network connection. It also allows NAC policies for application specific devices such as voice-over-WiFi handsets.

A critical component of NAC is the method of network enforcement. With Aruba, network access is enforced via layer 2 and via an ICSA-certified user firewall, which are integrated into a single device, making NAC more secure and far more manageable than VLAN-based NAC solutions.

Together with security and network partners, Aruba provides an open NAC infrastructure that delivers mobility with granular network control.