NAC is an ever evolving topic in its
definition and understanding. For me, NAC remains a curiosity. Our clients
crave deploying it, but remain stymied by its ever evolving nature. NAC today
is about enforcement, policy, and posture. Adding to the mix of these features
is better identity for your users and asset management for your non-computing
network attached end points. This last issue is actually becoming a real sore
point as more IP enabled devices start to show up on your network. IT managers
are brainstorming ways to track, monitor and manage end point devices such as
printers, faxes, IP phones, badge readers, HVAC systems, wireless access
points, etc. Yet most NAC solutions
today don’t adequately extend access control to these non-computing endpoints.
In fact, many just require you create a white-list and allow these devices to
bypass any authentication and access control framework.
On May 12th, 2008 VMware announced that nine storage replication vendors have tested and certified their technology with VMware’s long awaited Site Recovery Manager (SRM) offering. SRM is an important step forward in DR (DR) preparedness because it automates the process of restarting virtual machines (VM) at an alternate data center. Of course, your data and your VM configuration files must be present at the alternate site, hence the necessary integration with replication vendors. SRM not only automates the restart of VMs at an alternate data center, it can automate other aspects of DR. For example, it can shutdown other VMs before it recovers others. You can also integrate scripts for other tasks and insert checkpoints where a manual procedure is required. This is useful if you are using the redundant infrastructure at the alternate data center for other workloads such as application development and testing (a very common scenario). When you recover an application to an alternate site, especially if your redundant infrastructure supports other workloads, you have to think about how you will repurpose between secondary and production workloads. You also have to think about the entire ecosystem, such as network and storage settings, not just simply recovering a VM.
Essentially, VMware wants you to replace manual DR runbook with the automated recovery plans in SRM. It might not completely replace your DR runbook but it can automate enough of it. So much so that DR service providers such as SunGard are productizing new service offerings based on SRM.