Am I right in assuming that at a minimum, a NAC deployment must consist of 2 appliances - one server and one manager? or is the manager an application that can run on a Windows server? can the manager run on the same appliance as the server?
My second question regards Cisco Trust Agent and Clean Access Agent. Has CTA effectively been succeeded by CAA? from what I can see, CTA was part of the old NAC framework before they started using appliances.
Many Thanks in advance,
Both manager and server can run on two PCs or Cisco appliances, which are actually HP ProLiant DL140 G3 or HP ProLiant DL360 G5 PCs ;) You'll need two devices in any case.
As to second question - nobody knows what will happen with the whole technology in the future. Will it be completely replaced by MS NAP? Will the NAC Framework be canceled? Both Cisco solutions are not perfect. What customers actually need is to have all the NAC appliance features to run directly on Cisco switches and routers. No Clean Access Server will be needed in this case, only Manager! And OOB mode which is difficult to configure, support and troubleshoot will gone away. NAC framework is run directly on Cisco devices, but it is not as feature-reach as NAC Appliance.