11.3. What Are Your Best Practices?

You can plan a NAC rollout in many ways, but in each case, the best recommended practice involves careful planning, phased deployment, and leveraging experts in the field to ensure a smooth and successful project.

11.3.1. On location

You can phase in your NAC solution by location. Select a certain office, floor, or area where you can deploy NAC piece by piece, systematically rolling it out across your entire organization. This approach allows you to work with manageable segments of the user groups, network infrastructure, and endpoint machines. A location-based phase-in also allows for a kind of extended pilot — the user group simply grows over time.

Organizations that have attempted to roll out NAC to all their users all at the same time have often backtracked to roll out in smaller parts of their network before providing NAC to the whole user community. This allows the organizations to test and refine how they plan to roll out NAC with a smaller group of users before enforcing policies for everyone.

You can take a similar approach to this type of deployment by deploying NAC in public areas, such as lobbies and conference rooms, prior to deploying in the rest of the network. Figure 11-2 illustrates an approach that allows for gradual, controlled guest-user access in public areas, providing protection where the company is most vulnerable because ...

Get Network Access Control For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.