Tuesday, August 21, 2007

Book Review - Cisco NAC Appliance Book

Title: Cisco NAC Appliance: Enforcing Host Security with Clean Access
Author: Jamey Heary, CCIE #7680

Contributing Authors: Jerry Lin, CCIE #6469, Chad Sullivan, CCIE #6493, and Alok Agrawal
Publisher: Cisco Press

I want to start out by saying that this book completely exceeded my expectations for the first NAC Appliance book. I wish this was published 3 years ago. The author clearly articulates the business benefits of NAC, including how NAC provides return on investment (ROI), which gives any reader the know-how to wisely purchase Cisco NAC Appliance. He also shows his technical expertise by diving extremely deep into the inner workings of Cisco NAC Appliance, which gives engineers, consultants, and operations the information they need to successfully deploy or maintain the product.

This book shows great details into the process flows of In-Band & Out-of-Band users, Clean Access Agent (CAA) users and network scanning users. The information on the different deployment options and how to use them in diverse environments is great to start your NAC Design. This book makes the confusing topics seem easy and manageable.

Some of the highlights that caught my eye and I thought everyone would like were:

  • Chapter on Host Security Policy – An amazing deal of information on how to design/create a Host Security Policy as it relates to NAC Appliance is invaluable to deployments
  • Exploration of High Availability and Load Balancing – Information on how to load balance Clean Access Servers using the CSM, CSS, ACE and PBR cannot be found anywhere else. This includes saving money on Failover Bundles by using N+1 Failover
  • Layer 3 OOB Deployment options – Walk through of the benefits of the different methods of deploying L3 OOB, e.g. PBR, ACLS, VPNs, etc.
  • Deployment Best Practices – An entire chapter on how to plan, schedule, and keep all parties happy for your NAC Appliance deployment
  • Monitoring & Troubleshooting information – detailed list of all logs located on the CAM and CAS, as well as the information on how to troubleshoot and monitor online users

All in all this is a great book and I would recommend it for all people interested in Buying, Deploying, Operating, or Troubleshooting Cisco NAC Appliance. This is definitely a great reference manual to have at your desk!

Buy it at amazon or ciscopress

No comments:

Post a Comment