Sophos NAC Advanced is a software NAC solution typically deployed on dedicated Windows 2003/2008 environments using Microsoft SQL 2005/2008. The solution uses a combination of software agents deployed to endpoints for enforcement and DHCP integration to control unmanaged assets.
Installing the software and ensuring all the components can communicate as necessary does take a bit of work. However, once one understands the prerequisites with regard to what services are being used and how the solution needs to be configured, getting things up and running from there is fairly straightforward.
NAC Advanced primarily uses a persistent agent that must be deployed to all the managed assets. Still, once they are deployed, the agents provide granular control over pre- and post-admission management. This includes how the machines are handled if they are in or out of compliance, and the types of checks against which the solution can interrogate (operating systems, patches, application levels, anti-virus, etc.).
Additionally, enforcement of the NAC component integrates well with other existing technologies, including Cisco NAC, DHCP, 802.1x and VPN. The solution has granular policy enforcement and robust reporting mechanisms as well. The tool treats unmanaged assets through an agentless Java console, which queries the unmanaged host for compliance status. Overall, we were impressed with the product's number of features.
Documentation for NAC Advanced is solid. Information is available in PDF, as well as within the management console. Also, the Sophos website has an abundance of helpful information within its customer section.
Standard support includes 24/7 phone, web and email assistance and is included in the price (three-year term for the license). Additional support packages are also available.