It may appear that I’ve been a quiet on the blogging side for a bit but I’ve been working quietly away producing a total of four new blogs for Juniper J-Net. The first is already up, the other will be up in the next couple of weeks.
The first are a trilogy (another one!) on taking a tactical approach to deploying network access control in the Enterprise. I’ve seen this done wrong plenty of times and projects either flame out before they get anywhere near the purchase stage or worse, end up with going very Pete-Tong at the implementation and send a significant part of the network into Cardiac arrest. It’s not the “fault” of the technology at all; it’s a complex beast and interacts with the network in a hundreds of tiny ways. Most networks of any size rumble along with a variety of nasties lurking in the undergrowth; incorrect duplex, poorly conceived network routing, hideously out of date firmware, no reverse DNS etc. Apply NAC to a network which doesn’t have all these things dove tailed perfectly and you’re headed for a career limiting FAIL.
The blog also further skirts around issues of control around BYOD. It’s still not an idea I’m completely in Love with, but there are some evils I’m learning to live with. Applying NAC techniques and technologies to support BYOD is a significant step forward in doing BYOD “right”. I suppose my biggest issue is that there really isn’t much in the way of “best practice” yet; the technology on the enpoint is moving very fast indeed. Developing up to date client agents of major platforms Android, iOS, Windows Mobile and Symbian is a major PITA as the release platform release cycle is so fast. Not every vendor is opening up there API completely, not every platform has a guaranteed lifespan and some vendors have a torturously opaque application submission process (no prizes for guessing that one).
I am going to blog more about BYOD when I get a chance, but please take a look when you’ve a moment!