The Sophos NAC Advanced Compliance Manager v3.2.2 is a software-based offering providing central management for policy, assessment, reporting/auditing/alerting, mitigation and enforcement, by user group, through integration with both Active Directory and LDAP.

Installation requires quite a bit of preparation and configuration. The installation of the NAC Advanced Compliance Application Server is a fully scripted install. A typical customer installs the Sophos NAC Advanced Compliance Manager on a dedicated Windows Server 2003/2008 Enterprise Edition server. You can use the SQL database that loads with the install or have a separate SQL 2005/2008 database running on dedicated servers.

Sophos NAC Advanced supports a combination of agent-based enforcement for managed endpoints and DHCP-based enforcement for unmanaged endpoints. There is also a web agent that is downloadable as a dissolvable Java component. The product offers support for 802.1X. Both pre- and post-authorization of managed endpoints is included and pre-authorization is available for guest endpoints when using the dissolvable Java agent. Sophos NAC Advanced also can provide NAC for IPsec and SSL VPNs.

The tool includes pre-defined compliance detections for almost 800 applications, as well as more than 1,600 OS patch detections. This provides more than 2,400 pre-defined detections for inclusion within policy just by clicking the mouse.

The reporting and alerting capabilities of the solution are very detailed. Compliance level details are readily available. A compliance dashboard clearly displays the overall status of the user population.
Standard 24/7 phone, email and web support are included. There are upgraded support options available for a 15 or 25 percent uplift.

The product takes some time to get running, but is easy to manage once set up.