macmon NAC: virtual appliance versus hardware appliance

About the product

The macmon NAC hardware appliance is a complete turnkey solution. It is supplied on powerful, customized hardware that can be installed as a server plug-in unit in standardized 19’ rack systems. There are server racks that fit easily under a desk, so that the solution can be used in a very space-saving manner. macmon NAC is pre-installed and can be integrated into a productive LAN independently of the other existing IT structure.

Deployment scenarios for hardware appliances

Cost savings in smaller network environments: Many companies now prefer the virtual appliance. Nevertheless, there are still network environments in which no virtualization is available on site, for example in smaller branch offices. Virtualization requires corresponding server performance, for which the necessary infrastructure may not exist at smaller facilities. For those who do not want to make a major investment in virtualization in order to protect the network with macmon NAC, the hardware appliance may be the more cost-effective option. It may also be advisable to implement a hardware appliance on site if you operate sites across national borders.

Specific security concepts: Some security concepts require that the NAC solution must run on a dedicated system so that no other solution can access this resource. This ensures that the service always has access to the resource and that responsibilities are clearly separated. This is one of the most common use cases for the macmon NAC hardware appliance.

Fail-safe: To be prepared for an extreme case in which the entire server landscape fails, it may be a requirement that the security solution continues to protect the network from external attacks. In this scenario the hardware appliance would still be accessible.

Management port: The hardware appliance has a management port from which the console and the VM's bios can be accessed. If this is configured and accessible remotely, physical access to the appliance is rarely or never required apart from a macmon migration.

Advantages and disadvantages

Advantages:

• Good and attractive solution for smaller businesses with a compact IT infrastructure
• High reliability
• Solution for implementing dedicated security concepts

Disadvantages:

• Physical dependencies: Physical on-site staff required for maintenance or system reset
• More complex maintenance: Long maintenance windows must be scheduled; hardware may be difficult to access
• New purchases required if Increased RAM is needed

About the product

The macmon NAC solution is also available as a virtual appliance. The pre-installed and pre-configured software and application solution has the same range of functions as a hardware appliance. There are no hardware costs. If server packs are used as part of the macmon scalability, there are no additional license costs for the virtual appliance. All license costs are covered by the licensing of the server pack. The virtual appliance is offered as an OVF file and can be run with VMware, Microsoft HyperV, Nutanix Acropolis Hypervisor.

Deployment scenarios for virtual appliance

Preferred solution: Hardware appliances from macmon NAC tend to be the exception. The trend towards virtualization is evident among customer companies. Around 90 percent of companies use the virtual appliance.

Remote access: Unlike the hardware appliance, access to the systems can always be enabled via the virtual appliance – remotely and right up to the command line.

With a configured management port, this is also possible with the hardware appliance.

Protected lab environment: With the virtual appliance, test environments can easily be set up away from the production environment to run through various application scenarios without jeopardizing operations.

Short recovery and maintenance times: Before an update is installed, a snapshot of the status of the system can be created in virtualization within a few seconds. If problems occur with the update, the system can be reset to the status prior to the update with just a few clicks. Both steps are more complicated and time-consuming with a hardware appliance. Update and maintenance scenarios are much easier to implement with virtualization and reduce the administrative workload.

Advantages and disadvantages

Advantages:

• No hardware costs, if virtualization hardware with sufficient resources is available
• Reduced complexity and flexibility
• Flexible resource allocation: CPU, RAM
• Remote access possible
• Shorter recovery and maintenance times
• Convenient setup of a protected test environment

Disadvantages:

• High initial costs for virtualization, but this is already available for almost all customers