Campus Manager

Bradford Networks' flagship offering is Campus Manager, an appliance-based offering targeted specifically to educational institutions. Campus Manager provides automated registration, validation, and tracking capabilities for endpoint machines.

The Campus Manager appliances themselves are 2U (each) offerings. The full deployment consists of both a Network Control Server (Network Sentry 1200), which handles overall control functions such as device mapping, validation security, VLAN assignments, and switch communications; while the Network Application Server (Network Sentry 8200) executes individual functionality such as the authentication and registration process, security vulnerability scans, and bandwidth monitoring. The Application server includes the supporting application technology for the platform, including a DNS server, Web server, the open source Nessus engine for performing security vulnerability scans of endpoint machines, and a DHCP server.

A third appliance, the Network Sentry 500, combines the functionality of both servers described above (minus the Nessus scanning engine). The NS 500 is targeted specifically to smaller deployements; sites with less than 1000 users. Finally, the Network Sentry 550 appliance provides for the management of multiple control servers in a deployment; i.e., the NS 550 acts as a central management node for other control servers.

The Campus Manager platform takes a three-pronged approach to the management of end user machines: Access control, through initial endpoint registration; security management, through client validation and network vulnerability scanning; and network usage management.

The Access Control component provides an automated registration process for all unrecognized machines when they first attempt to connect to the network. Such machines are automatically routed to a registration VLAN, where they must successfully identify themselves and register their actual gear to the Campus Manager platform before they are allowed to access the network. Such registration establishes a link between the user themselves and their connection information--such as MAC address and IP address--allowing for further policy based management and, if necessary, user-specific forensics at a later time. Features of the Access Control component of the platform include a Web-browser based interface, the ability of the administrator to designate how frequently such registrations must take place, forced re-registrations (again, at designated time intervals), automated tracking of historical connection activity for forensic purposes, and the ability to further serve as an authentication proxy for existing Active Directory, LDAP, Novell, or RADIUS authentication platforms.

Security Management capabilities of the platform allow for the automated, policy-based scan of end-user machines for required software configurations before allowing network connectivity. Configurations can include the existence of anti-virus or spyware tools (Symantec, McAfee, Webroot SpySweeper, and more are supported), updated Windows operating systems, or the presence or absence of administrator-specific defined applications. In addition to endpoint compliance scans, an embedded version of Nessus can also execute a security vulnerability scan against the endpoint when it connects to the network. Non-compliant machines are forced/restricted to a designated VLAN where they are presented with self-remediation tools to assist them in getting their machines up to code.

Finally, Campus Manager can also provide usage monitoring controls (such as the usage of specific file sharing applications, for example), when used in combination with 3rd party application analysis tools.

New features in the latest release of Campus Manager include support for VPNs (Cisco and Juniper Networks); enhanced role-based access controls, in which access policies can control who accesses the network based on parameters including identity, device, location, and time; expanded support for IPS systems (TippingPoint and Internet Security Systems) enabling the platform to access inspection data from these platforms; and the ability to automatically update user computers with the latest virus definition files for nearly 40 different security vendors, including Symantec, McAfee, and Trend Micro.

Campus Manager is available now; list prices start at $7,495. The new release is expected to be available in December. Visit the Bradford Networks Web site for further information.