Napera licenses the NAP protocol, embeds enforcement within a gigabit Ethernet switch, and uses Amazon Web Services (AWS) and a Web-based application for configuration and reporting. The result is a compelling solution targeting SMB, but providing features that will be attractive for branch offices and other pockets of need within a large organization.
[ Microsoft NAP has compelling advantages, and severe shortcomings. See the . ]
The concept is brilliantly executed: all configuration, administration, and reporting of the NAP functions are managed by a Web application on AWS that talks directly to the Napera switch, meaning that you need only a Web browser on a computer plugged into the switch to configure the system. The switch communicates directly with the AWS application, getting its NAP policies and enforcement instructions, as well as providing clear, graphical, Web-based reporting.
Setting up the Napera N24 is a snap. It looks like a typical 24-port Ethernet switch, and if you simply plug it in and turn it on, it behaves as one, too. However, once you configure its NAP services, additional capabilities come alive. Simply connect any computer to the switch and browse to mynapera.com, where you'll find a clean GUI and a simple, straightforward, and even informational . During setup, the capabilities of the switch are clear, including the methods of enforcement, the types of clients it sees on your network, and the general status of the environment.
Unlike Microsoft NAP, Napera allows for the configuration of granular policies based not only on device posture, such as whether anti-virus, antispyware, and firewall are running, but also on identity and port. This is a superset of the NAP policies available in the native Windows Network Policy Service.
The N24 immediately begins reporting the , and any NAP-enabled system is automatically listed with its . Macs can receive similar capabilities with the installation of a Napera-supplied client. Although the reporting is not extensive, it provides a so that you can check into any unexpected issues.
For example, you can quickly tell which users and which operating systems are connected through the switch, how many are in compliance, and how many are out of compliance. The N24 does not, however, provide detailed information on the traffic passing through the switch, so it is not simple to determine a zero-day traffic pattern.
Another advantage of the Napera solution: Although the N24 uses the NAP protocols, it does not require deploying Windows Server 2008. All of the NAP functions that Windows Server 2008 brings to a Windows network are provided by the N24 appliance instead. The N24 is able to join a domain and use Active Directory Service information for authentication, or it can provide a captive portal, guest access, or local database option for authentication.
In addition to unhitching NAP from Windows Server 2008, Napera's outstanding freshman offering combines a simple installation with the power of a SaaS back end. The larger providers of networking equipment would do well to review Napera's approach and recognize the power of the cloud for configuration and reporting.
Napera N24 is a 24-port switch and Amazon-based Web application that allow you to easily configure and enforce a superset of the Network Access Protection policies available in the native Windows Network Policy Service. It's an exceptionally easy-to-deploy policy-based security solution for SMBs, branch offices, and pockets within larger organizations.