Jumping into open-source NAC with PacketFence ZEN

Computerworld -

In a previous article, I discussed some of the basic features of network access control (NAC) systems. While there are many commercial vendors of NAC systems, turning to an open-source product can often be a cost-effective functional alternative.

However, without a solid Linux systems administration background, properly installing and configuring open-source NAC applications can be extremely frustrating. One can get lost in getting separate dependent packages to work before even starting the NAC application.

At least that's how it was. The developers of one Linux-based open-source NAC application, PacketFence, have used another hot area in IT -- virtualization -- with their release of PacketFence Zen (PF ZEN). PF ZEN is a precompiled and configured VMware Inc. version of PacketFence built on Fedora Core 6.

The result is a Linux-based NAC system running on Windows that is almost too easy to install and doesn't require complex Linux administration skills. In fact, that was the primary motivator for developing the ZEN distribution of PacketFence, which stands for "Zero Effort NAC." PF ZEN was produced to "allow users to bring up a NAC solution with minimal effort and little to no Linux expertise", explains PacketFence developer David LaPorte.

Because installing PF ZEN involves NAC and virtual machine technologies, it provides an excellent introductory experience to both. The best part is that you don't have to spend hours on installing an operating system, loading dependent packages and configurating a basic NAC setup. The VMware appliance does it all, and not only with near zero effort, but also near zero cost.

Virtualization as an evaluation tool

Virtualization involves inserting an abstraction layer into the client/server path. Load balancers are a common form of virtualization to an extent; what the user sees as one server may in fact be one of several dozen machines, each performing the same delivery task.

A virtual machine can be looked at as load balancing in reverse. Instead of using multiple machines to deliver one application, one machine can host several virtualized machines. A client may access a company's Web page from one server, mail from another and calendar from a third, when in reality all three servers may be virtualized instances on a single hardware platform.

VMplayer is a free product from VMware to run virtualized machine packages called appliances. The concept is simple: Load the VMware player, download a virtual appliance file, and play it. VMplayer opens a window to the virtualized machine, and from there the virtualized machine acts like a stand-alone server.

A properly built appliance loads a separate precompiled and configured operating system on the existing computer's operating system. This allows for testing of operating systems and applications without dedicating hardware to it. Several appliances are available on the VMplayer Web site, including PF ZEN.