Starting off, there are many supported clients. These include Windows 98 through Windows Vista. There is even a Mac client that operates on versions of 10.4 and 10.5 of the Mac OS. When it comes to non-standard images, Bradford uses a dissolvable client, which lasts as long as the browser is open and is removed from the system when the connection is idle.
It appears that the most secure NAC implementation with the suite is to use 802.1x with extensible authentication protocol.
A brief explanation of how this type of authentication takes place starts with the first step. Even before IP address assignment, the client communicates with the router, switch or wireless access point at the Data Link layer of the OSI model. Only data link authentication traffic is permitted. This means that AP, switches and routers all become a pseudo firewall to block all non-authentication traffic from the client. With the Bradford NAC device in place, the 802.1x traffic is further protected by the encryption between the NAC device and the RADIUS authentication server. This 802.1x network access control allows only data link authentication packets on the outside of the connection and encrypted packets protect the communication on the inside (LAN side).
The NAC Director can store logs on the primary server, but the logs can also be sent to a syslog or simple network management protocol (SNMP) manager to alert administrators of unusual events.
The installation of NAC was a breeze and the device was running well inside of a half hour. This includes the time needed to test a XP, Vista and Mac machine.
The documentation comes on a CD, but the system is easy enough to configure.
Support comes via phone, email and a website. Phone support is 18 percent of purchase price, premium support is 27 percent.
The pricing for the NAC Director is set to $9,995 for 250 users, and $27,275 for 1,000 users. These prices include the hardware appliance and user licensing. Services are additional. This makes it the highest priced device tested in the group.