Roadmap

The following diagram shows the MAC-address based heritage of NAC and its planned future.

FreeNAC version 1 was based on OpenVMPS, with a MySQL back end that generated a configuration file for OpenVMPS and with a Windows GUI. Version 2 uses the 'external' plugin interface of OpenVMPS, has some advanced PHP control scripts, scalability, redundancy and alerting.

Going OpenSource

Since making NAC available under the GPL in June 2006, existing code has been reviewed; proprietary sections removed/replaced, documentation significantly improved and the mechanisms put in place to allow a community to grow around FreeNAC (website, forum, mailing lists, RSS feed, Virtual Appliance download, etc.).

The complete re-vamp of the Website in 2007 with more multi-lingual and community features will hopefully also help the community to grow.

Roadmap Version 3.0 (currently in beta)

See also the Roadmap Forum topic Features being implemented

• Programming of the switch ports from the NAC Gui (i.e. setting of VMPS, 802.1x parameters from the GUI, rather than via ssh/telnet). DB schema changes will be needed.
• Create general (Object Oriented) policy interface, with pre and post connect functions. Existing policy decisions in vmpsd_external will be broken up into individual objects.
• Display of the Port status (up/down, auth mechanism, 802.1x details) in the GUI
• Add Microsoft Wsus and McAfee ePO interface modules
• 'Emergency off' feature
• Display of the switch status (ping up/down) in the GUI.
• 802.1x with sample CA+CRL + FreeRadius + Vlan assignment by MAC: create a reference installation
• use ".php" filenames for phpDocumentor
• Adopt GPL v3?

Roadmap: medium term ideas

The features added really depend on resources, contributions, and what people ask for. In the Roadmap Forum there is a sticky post called 'Feature ideas' and thread discussion for the various topics.

1. SNMP querying of 3COM, HP switches to documented un-managed systems.
2. Create a TNC interface once the OO changes for vmpsd_external have been written above. Integrate TNC modules/interfaces (e.g. with FHHannover), implementation of TNC interfaces (policy, IMV).
3. Microsoft NAP: create an SOH interface to FreeNAC?
4. Quarantining of systems based on (McAfee) Anti-Virus, Windows Patches (WMI interface and/or WSUS ?), nmap scan (not very effective?)
5. Use autoconf for installation?
6. Replace rad2vmps with a rpc-xml interface.
7. Make the install & doc more OS independent (it is current oriented to Suse, and we'll probably migrate to Ubuntu LTS, but it should also be documented such that it works on RedHat, Fedora, Suse Enterprise, Gentoo...)
8. Formal testing methodology, automated test tools
9. 802.1x compatibility tests for 3COM or HP pro-curve switches
10. Support for Trend-Micro anti-virus (and others?): create a interface to the TrendMicro server as we did for McAfee.
11. Multilingual GUI (de/fr/es..)
12. Better web GUI: rewrite, with at least the same feature set as the windows GUI
13. Improve the documentation (the new website should help here, but community help needed..)
14. Better control/documentation on "learning mode"
15. Improve auto inventory: add PC hardware, software, process etc..
16. Logging of netbios names and last logged in user on end-pcs. [WMI and/or SNMP for basic verification of hostname, MAC, etc. (Simple protection against MAC spoofing?]
17. Scalability: Currently the design is effectively for a single vtp domain. Allow multiple domains with each their own vlan numbers/names system?

Features implemented so far (since Jul'06)

• New SNMP scanning module [v2.2 RC3, Aug'07]
• New English/French/German/Spanish webiste with community focus and improved doc [Done July'07]
• Enterprise version: Emergency 'NAC off' tool, WSUS integration [done v2.2]
• 802.1x authentication and Vlan assignment is being added by integrating FreeRadius. Initially Clients are to be authenticated by Windows domain logon, with Vlan being assigned based on the Mac address (from the NAC Database). This will also allow non-Cisco switches to be supported and Wireless LAN to be included too. [Pilot]
• Attribute Vlan based on device *and* switch location. [done v2.2]
• Enterprise version: Release of modules for with McAfee Epo, SNMP scanning of non-managed devices and MS-SMS integration [Done: Dec 2006]
• Sync user details from active directory (to replace proprietary code in the original release) [Done: Dec 2006]
• A port scanning / Operating System identification module, to improve auto inventory. [Done: August 2006]
• Database redesign [Done V2.2]
• All configuration settings (in config.inc) to be moved to a config table, abstracted by a 'Settings' object in PHP. These global settings are to be changeable via the Windows interface too. [Done V2.2 RC2]
• Display of the Port info (auth mechanism, vlan, last used) in the GUI [Done V2.2 RC2]