Network Access Control is a security technology that school IT leaders ideally don't have to spend a lot of time on. "The beauty of NAC is that it's mostly invisible," says Matt Scully, director of technology at the 1,550-student Providence Day School (PDS) in Charlotte, N.C. "When it's doing its job, you don't even notice."
That's certainly been the case for PDS, which has been implementing its NAC solution in phases over several years. "Five years ago, we had 500 computing devices on this campus," Scully explains. "We now have 900, with more and more kids bringing their own hardware to school. We needed a way to segment our traffic so students could be online without bringing down the whole network. We wanted a controller that would be robust, stable, flexible and scalable, that would allow us to grow into what we've been doing with digital learning and manage devices we didn't even know existed."
The IT department didn't have to look far. The bulk of the K–12 school's networking and communications infrastructure is composed of Cisco Systems technologies, and after seeing the Cisco Network Admission Control appliance in action at the company's Technology Center in nearby Research Triangle Park, team members were convinced that the investment would serve PDS well.
The comprehensive solution combines role-based authentication, vulnerability assessment, policy enforcement and distributed remediation in a single appliance, making it easy for network administrators to authenticate, authorize, evaluate and remediate users and their machines before those users are allowed on the network. "Our goal," Scully says, "is to balance network security and performance with ease of use."
To that end, the Cisco NAC is physically set up with two masters and two servers, says Network Administrator Kevin Todd. "They're paired, so if one goes down, the other kicks on."
When a user attempts to connect to his or her respective network, the NAC agent prompts them to log in and then checks the computer to ensure that "it's up to the standards that we have defined," Todd continues. "If it is, the user is signed in for the day and has whatever Internet access the network is configured to afford him. If there's a problem, we address it, but the NAC rarely denies service."
As Scully sees it, Network Access Control is crucial to any school's network security plan. Today's educators and students do a lot of things where they need to be online, he says. "If we couldn't control the devices that are on our network, we couldn't provide the type of stable environment that's necessary to support instruction. Cisco NAC is the big silent guardian that's protecting our network. It's just not a choice not to have it."
— Michael Clark, Help Desk Technician, Battle Ground (Wash.) Public Schools
— Thomas Gawczynski, Network Administrator, Crete-Monee School District 201-U, Crete, Ill.
— Jeff Crawford, Manager of Networking and Security, East Grand Rapids (Mich.) Public Schools