The solution itself was a bit involved to get up and running, but once we understood the architecture, we were able to start testing fairly quickly. The NAC solution itself can work in-line or out-of-band, depending on the organization's needs. Enforcement of the endpoints and how they are managed can be accomplished through DHCP or by using 802.1x technologies.
The solution has many pre-configured policies and checks, but users also can create their own. The sheer number of components against which NAC can query is impressive. Comprehensive policy control is available when managing hosts post-admission as well.
Unmanaged hosts also can be secured by using the NAC appliance. Rogue systems can be detected at the network level and sent to a quarantined area of the network for updates. This is managed as a dissolvable Java applet. Treatment for endpoints can be based on the users' role on the network. These roles can be assigned or even integrated from an existing LDAP system. Overall, we were impressed with all the granular details both functionally and administratively. The system has many enterprise-class features, such as alerting, reporting and auto-remediation.
The supporting documentation is excellent, as is the McAfee customer support portal, which has pretty much everything a customer or prospect would need. Support is included for one year as part of the subscription. However many additional tiers of service are available beyond the first year.