The biggest concern when we put together configurations with a level of complexity that we’ve done for the NAC demonstrations is code rot. Code rot is the inexplicable degradation of a demonstration that occurs while the equipment is powered off and trekking across country in a truck. Now, we all know that nothing changes while the gear is packed up, right? As long as everything is physically fine when it arrives, we should plug in, turn on, and be ready to go.

…but it doesn’t always happen that way…

Continue Reading »

The time is approaching when we’ll re-deply all of the InteropLabs NAC demonstrations in NY. Most of us will arrive tomorrow (although some team members are already on the ground) and expect to start set-up on Sunday morning. Interestingly, I’ve spent the past month tearing into NAC solutions from other vendors (for an upcoming InfoWorld Test Center review) that are an adjunct to the work we’re doing at the event. The attention that NAC is getting from the wide range of companies that are presenting various NAC solutions is fascinating, and demonstrates how the concept of “protecting your network from the devices” (as I like to say) is gaining a lot of traction.

From solutions developed by the traditional security teams like Symantec and McAfee and Trend Micro to those developed by the companies that make networking gear like Extreme, Enterasys, and Cisco, the interest in and development on these solutions knows almost no bounds.

What better reason to drop into the show and see the standards-based solutions that we’ve deployed and have available for you to spend some hands-on time reviewing?

See you there…

Even on day one for a number of the InteropLabs engineers, they are already pushing themselves beyond typical effort. It really does go beyond typical focus, with Chris writing code into Xsupplicant tonight even after a coast-to-coast early morning flight from Boston. He and Mike have been exchanging e-mail most of the day, making sure that Radiator and Xsupplicant are working well with the latest TNC updates.

Kevin is ready to stay here all night, but I’ve reminded him that this is day one and we need to pace ourselves to make it through.

The InteropLabs are different from the InteropNet here at Hot Stage due to the characteristics of the Labs. As a multi-vendor standards-based lab environment, we spend the first few days here at Hot Stage creating an infrastructure. After we’ve made sure that we have the components that we need (both hardware and software) and that we’ve set up what we need to get started, contributor engineers join us. They will spend two or three days with us helping us get the environment set up, demos completed, and documentation outlined, at least.

Then, we’ll pack it up, making sure that it’s as straight-forward as possible when we get to New York. It’s going to be especially challenging this time, since we will have two fewer days than usual to install on-site (we move in on Saturday).

By the time I’m likely to be able to post again, it’ll be Sunday night and we’ll be ready for the contributor engineers to arrive on Monday (although a few will sneak in over the weekend).

We’re grateful to the companies and engineers who invest in this experiment. Please plan to drop by the booth in New York, learn about these technologies, and let them know how vital the interoperability demonstrations are for you.

Steve Hultquist is a Contributing Editor with InfoWorld Magazine and is an independent consultant. For Interop New York he is responsible for leading the InteropLabs Network Access Control team.

Well, the InteropNet gang has been lazing around the joint since they showed up for their periodic sabbatical, but the InteropLabs team is arriving now, so we’ll get down to work.

Since there is only one InteropLab in New York, I discovered today that there are a number of elements that we normally support in the common “core” ped that now require gear in ours. Most notably, the termination of the cable from the InteropNet to the InteropLab–which is fiber. We didn’t have any fiber ports or GBICs in our gear (didn’t need them until we were asked to take the lab to New York), and so we had to go rummaging…

One nice thing about the warehouse, of course, is that there is stuff to be found when you go rummaging. So, after a bit of looking with help from Padre, we found a Summit 24 with a fiber GBIC. After figuring out that there was a bit of Gigamon reconfiguration to do, we got the link up. Now, to get the switch reconfigured and installed in our rack…

The rest of the Lab team arrives tomorrow, and we’ll start gearing up. Getting the tables set up as they will be set up in New York, running cable, etc. We should have all of the Las Vegas stuff operational by the end of the day tomorrow. I’ll let you know..

Steve Hultquist is a Contributing Editor with InfoWorld Magazine and is an independent consultant. For Interop New York he is responsible for leading the InteropLabs Network Access Control team.

It’s hard to believe that it’s already rolling around for time to prepare for the Interop New York event, but it is. The Hot Stage event will be at the beginning of August, and we’ll be rolling the InteropLabs Network Access Control (NAC) team into Belmont for it.

Our planned demonstrations for the New York event parallel the Las Vegas demonstrations, with updates planned where they are viable. Once again, we’ll have demonstrations of the standards-based Trusted Computing Group’s Trusted Network Connect (TNC), plus demonstrations of the evolving Microsoft Network Access Protection (NAP) code that will ship with Vista/Longhorn and Cisco’s Network Admission Control (C NAC). We also hope to once again show open source systems using the TNC specification.

If you were in ‘Vegas–or if you followed the blog even though you weren’t able to attend–we’d love to hear your thoughts and suggestions for New York. We won’t have a ton of time to redesign or develop new demonstrations, but we would like to know the aspects that you find compelling to see if we can accommodate some of them.

Network Access Control continues to draw interest in enterprises desiring to protect their infrastructure from rogue devices, infected systems, and other inappropriate access. We aim to provide you an environment to “kick the tires” of this technology, find out how we roll it out, and get some “hands-on” insights.

See you there!

It is with the normal bittersweet sense of another show behind us that the InteropLabs teams wrapped up the day today. Since I am flying to another seminar this weekend, I’m sitting at McCarron airport typing this to you after the final day of the show and teardown. We had great response from the folks who dropped by the InteropLabs area on the show floor (although none of you admitted to reading the blog!), and the interest in NAC is very strong and growing.

I am deeply appreciative to the NAC team for allowing me to take on the leadership role this year, and they’ve been incredible: Karen O’Donoghue (our Educator, whose name I managed to misspell on the signs, even though I’ve known her for about 10 years, and who has led the previous incarnations of this lab), Joel Snyder (Network World writer, consultant, and a stickler for details), Jan Trumbo (consultant and the person responsible for the great graphics we had), Craig Watkins (long-time NOC Team member, consultant, and a guy willing to take on whatever we needed), Kevin Koster (NAC developer and the guy who took on the creation of the great Flash presentation in the area as well as diving into NAP), Brett “Thor” Thorson (IPv6 jock and the guy who took on the Cisco NAC work), Chris Hessing and Mike McCauley (open/full source authors who took on creating a TNC-compliant open source project for the NAC area of the InteropLabs), and the great engineers from the various contributing companies who joined us and took on all of the weird requests that we made of them.

Thank you all…

At this point, we have torn down all of the gear, boxed it up, placed it into the custom-designed “D-crates”, and left them to be shipped back to the Interop warehouse in California. At this point, our plan is to set the NAC Lab up again sometime in late July or early August in hot staging for Interop New York in September.

Will you be there? If you didn’t make it to Las Vegas, you really should plan to join us in NY.

Who do you let onto your network? How do you know that they are acceptable? How do you know you’re keeping the “bad guys” off your network? All of these questions and more will be the focus of the NAC education that you’ll see at Interop New York.

Until then… Cheers!

As mentioned last night, Brian “Skipper” Chee was leading the final Tuesday tour. He was due to be at the Labs at 4, after spending 30 minutes showing the tour participants the various InteropNet sights. I kept watching for him…

…and a bit after 5pm (when the show closed for the day!), he walked up with a few weary attendees and a couple of additional InteropNet team members. After castigating him for the “three hour tour” (OK, so it was only an hour and a half, but you get the point!), we were able to give the attendees a brief tour of the InteropLabs, even as the lights dimmed for the evening.

Given that we have three technology areas here in the Labs, there is a lot to see. We also create demonstrations that you can actually play with yourself. Where else can you get your hands on standards-based Voice-over-IP phones interoperating across firewalls and SSL, Open Source systems that are integrated to demonstrate how the technology can be used to run the services of an enterprise, and also compare and contrast the three leading approaches to Network Access Control (Cisco’s NAC, Microsoft’s NAP (running on Vista clients and Longhorn server), and the emerging standards-based Trusted Computing Group’s Trusted Network Connect)?

So, pick an InteropNet tour today or tomorrow, join up with one of the InteropNet NOC Team members, learn how the network works on the show floor, and end your tour here at the InteropLabs where you can get hands-on with these technologies.

…and if you get “Skipper”, tell him I sent you…

Well, if Brian’s going to lead the next tour, I’d better get this written before they get here to the InteropLabs and I step out of the green room to give the crew a verbal tour of our area.

It’s booth crawl time, with a number of the booths on the floor offering food and drink to the attendees who are spending time here today. It’s a great opportunity to see who is doing what and to wander the floor during a more relaxed time.

The show opened with a bang this morning, with a typical Las Vegas cover band slamming out hard-core headbanger tunes–to the dismay of nearby booths. They were close enough to us that I was wondering just exactly how we were going to talk over them, since we’re low-tech in the AV department, and can’t compete with their sound-reinforcement. But, they have sinced toned it down.

Of course, Kevin didn’t like the low-tech look, so he pushed through and built a Flash presentation for us, so you can now get a clearer picture of the NAC Interop Labs initiative by watching the plasma at the front of the NAC table.

The good news for us is that everything is working, the class (free to all attendees) has been well-attended and interesting, and those who make their way here to the labs are very complimentary about what they are able to learn–with one attendee going so far as to say that it’s his favorite part of the show (of course, he didn’t get to see Brian and Kathy reaffirm their vows).

Drop by and see us. Get your hands on the machines. Try to break the demos if you want. But, don’t let this opportunity go by without actually getting your hands onto the NAC technologies that are out there.

Ok, so I think the show opens tomorrow. In about 12 hours. Fortunately, we’re (mostly) ready. We have a few final things to take care of in the morning (like finding our white papers, putting them into the racks, and hanging some additional placards around for you to find when you visit us–which we really hope you will do).

Today, we nailed down all of the demos, created a small additional demo to allow you to view a packet cpature of NAC traffic (between the Microsoft NAP clients and server), cleaned up, and got everything ready.

I hope you’ll drop by. If you do, ask for me. I’d love to meet anyone who is reading the Interop Insider Blog. Or anyone else, for that matter.

See you at the InteropLabs booth!

“I love it when a plan comes together.”

We had a number of occurrences like that yesterday. After going backwards for a few days, all three demonstration groups made dramatic progress yesterday. After resolving an issue in policy configuration, the Cisco NAC demonstration began working again, and Brett reports that he is at about 95% of his Belmont situation. Of course, that’s a bit misleading, since he’s also added a new wireless component to the demonstration here in Las Vegas that was only rudimentary in Belmont.

Meanwhile, the NAP team at Microsoft provided us with exceptional support yesterday as together the InteropLabs and Microsoft NAP teams generated an e-mail thread for the ages, including over 70 messages with multiple trace files flowing back and forth. The resolution came late last night when we discovered that we had tickled a known (and fixed in Beta 2) bug in the Longhorn server that caused cached credential information on the client to trigger a failure in the authentication communication. After blowing away the appropriate key in the client registries, viola! it works!

If you drop by the booth, be sure and look at some of the cool stuff that Enterasys is enabling for us, as well. Their per-port policy capabilities are enabling very interesting demonstrations in the TNC area.

Interesting to me is the collaboration between Mike and Chris as they have created a fully TNC-compliant open source demonstration using Radiator and Xsupplicant. Mike and Chris (the respective authors of those open source components) are here and available to speak with you when you visit the booth.

Be sure and come to pick up our glossy-ary, with both a terminology map and a demonstration diagram for each area.

…and you can wander over to the other labs after you’ve learned at ours…