Comments on: Trusted Network Connect (TNC)

By: shanna

shanna — Wed, 06 Feb 2008 15:42:33 +0000

Yes, a standard is only valuable if lots of people implement it. I completely agree. But you’re wrong about the number of vendors that have implemented the TNC specs. We have dozens of vendors now and four open source implementations. See the list posted on the TCG web site.

You mentioned Microsoft. As I noted in my blog posting above, they have embraced the TNC standards and built them into Windows Server 2008, Windows Vista, and Windows XP SP 3. Customers find that very attractive. They want to be able to health check ANY system using software built into the operating system. The only way that can happen is with open standards like TNC.

Of course, there’s still more work to do. Last spring, we did an interoperability test that included Colubris, Enterasys, HP, Juniper, PatchLink, Q1 Labs, Symantec, Trapeze, and Wave Systems. We tested our products in real-world environments to make sure they work together. This spring, we’ll be adding some new vendors to the mix. And, oh yes, marketing. As a standards group, TCG doesn’t have a big marketing budget. We do our best but it’s always a challenge. Thanks for your support.

By: Tarek

Tarek — Sun, 27 Jan 2008 10:11:03 +0000

As you said, TNC is a NAC standard where muli-vendors can interoperate.

“When you buy products that support the TNC standards, you can use a NAC server from one vendor with an enforcement device from another vendor. A NAC client from one vendor can be health checked by a NAC server from another vendor. And you can add assessment and evaluation components from other vendors, plugging those into the NAC client and NAC server”.

But in fact, as far as I see, no one is implementing such standard except Juniper. I’ve never seen and TNC based Controllers, or Agents from other vendors. Ehmm, these is an Open Source dot1x supplicant that tries to implement this standard which is OpenSEA, but so far it’s the only one I know.

Some NAC vendors are saying that their products will interoperate with this standard such as Symantec, and ConSentry. But you know those guys are planning to interoperate with CNAC and MS-NAP. So I think they just miss an end to end network solutions, so they have no other choice but to interoperate with other vendors.

From a technical point of view, I believe that TNC is simple, reliable, and more secure than other non standard NAC flavours. But the point is that this is not enough, other vendors, especially Mr. C and Ms. M are pushing their solutions to be de-fact standard especially that they some how dominate the market. And that’s why TCG has to market and polish TNC a bit more.

By: Ruediger

Ruediger — Thu, 10 Jan 2008 00:00:03 +0000

Hi Steve,
congratulations, this is a very nice blog with some cool topics!

I am a consultant in Germany, and I we use very much juniper-devices. But we use only the firewalls at the moment, so I am very interested in this blog, because the whole nac-thing will become more and more important.

thanks so far