Extreme Networks ExtremeControl: NAC Product Review

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

As a leader in wireless and wired large area network (LAN) infrastructure, Extreme Networks deeply understands the operational requirements for networks and the IT teams managing them. To aid in reducing IT labor requirements and to improve security, Extreme Networks created their ExtremeControl network access solution.

To compare ExtremeControl against competitors, see our complete list of top network access control (NAC) solutions.

Who is Extreme Networks?

Founded in 1996 and based in San Jose, California, Extreme Networks delivers software-driven networking solutions. It serves more than 50,000 customers through 9,000 partners in more than 80 countries. Extreme Networks trades publicly under the stock symbol EXTR on the NASDAQ stock exchange.

ExtremeControl

ExtremeControl builds off of Extreme Networks’ core network management capabilities to enable granular policy controls over both wired and wireless networks. Users, guests and internet-of-things (IoT) devices can be located, on-boarded, authenticated, and evaluated for compliance.

ExtremeControl integrates into the customer’s major third party ecosystems for private cloud orchestration, mobile device management (MDM), enterprise mobility management (EMM), content filter, and firewall solutions.

Agents

Both agent-based and agentless assessment options are available. A persistent or dissolvable agent can be installed on the client end system for assessment. This can be downloaded via a captive portal website or installed via a software distribution system such as group policy or system center configuration manager. The agentless assessment does not require installation or running of any software on the end system.

The ExtremeControl Assessment Agent requires minimum hardware capabilities for Windows and macOS:

  • WIndows
    • Versions: Vista, XP, 2008, 2003, 7, 8, 8.1, 10
    • 80 MB of disk space
    • 40 MB (80 MB with service agent) of available memory
  • macOS
    • Versions: Tiger, Snow Leopard, Lion, Mountain Lion Mavericks, Yosemite, El Capitan, Sierra
    • 10 MB of disk space
    • 120 MB of available memory

Applicable Metrics

ExtremeControl physical appliances support up to 12,000 users or 24,000 users. Extreme Networks does not publish the user limitations for virtual ExtremeControl instances, but seems to require deployment of ExtremeCloud  Virtual Appliances, which is limited based upon the deployed size from 50 – 400 switches or from 1,000 – 32,000 users depending upon mode.

Using an Extreme Management Center an organization can manage 35 individual physical appliances or 75-100 pairs of virtual ExtremeControl appliances.

Security Qualifications

Although ExtremeControl can help satisfy many of the requirements of various compliance and certification processes, Extreme Networks has not obtained formal certification for the ExtremeControl solutions.

Features

  • Uses Granular Policies to control user and device access
  • Third party integration with many third-party security tools such as firewalls, security information and event management (SIEM) tools, mobile device management (MDM), and enterprise mobility management (EMM) solutions
  • Guest and IoT onboarding (additional license required) manages expiration, account validity and time control without requiring IT oversight or approval
  • Device profiling of type, security posture (additional license required), OS patching state, etc.
  • Automatic performance alerting to reduce monitoring requirements and proactively detect potential service disruptions

Pros

  • Wired and wireless network access control
  • Onboarding is secure and simple
  • Context-based policies that consider security posture of endpoints
  • Detailed profiling with access and app analytics data
  • Balances security and usability by enabling secure, but limited, access even for non-compliant devices
  • Per user pricing available

Cons

  • Some users complain that the cloud-based solution contains more robust features than on-premises appliances
  • Poor information on virtual appliance licensing and capabilities
  • Not widely reviewed

Intelligence

Extreme Networks integrates with other security tools to provide user and device information to SIEMs and other security monitoring solutions.

Delivery

ExtremeControl installs as physical or virtual appliances. The rack-mountable physical appliance comes in either a 12,000 endpoint or 24,000 endpoint version. The virtual appliance requires VMWare or Hyper-V servers with VHDX disk formats. The virtual engine installation guide seems to require previous installation of the ExtremeCloud IQ software.

Pricing

Extreme Networks does not publish pricing directly, but resellers list suggested pricing. Note that the pricing below does not reflect potential partner programs, bulk pricing, or other incentives.

  • Physical appliance
    • $15,300 for 12,000 endpoints IA-A-25
    • $24,800 for 24,000 endpoints IA-A-305
  • Perpetual NAC licenses
    • $8,000 for 1k end systems IA-ES-1K
    • $22,500 for 3k end systems IA-ES-3K
    • $85,000 for 12k end systems IA-ES-12K
  • Optional Perpetual Posture Assessment licenses
    • $12,000 for 3k end systems IA-PA-3K
    • $48,000 for 12k end systems IA-PA-12K
  • Optional Guest and IoT Onboarding license
    • $3,000 for 1k end systems IA-GIM-1K
    • $6,000 for 3k end systems IA-GIM-31K
    • $12,000 for 12k end systems IA-GIM-12K
  • Subscription license (97207-27001)
    • Includes an unlimited number of end-system licenses up to the performance limit plus Extreme works
    • Priced at $12 per user per year
    • Requires appliance ownership

Extreme Networks professional services, product service, and support will require additional fees. Virtual deployment appears to require additional software and licenses.

Bottom Line: Best for Balancing Security and Operations

Gartner named Extreme Networks as a leader for Enterprise Wired and Wireless LAN infrastructure from 2018 to 2022. With an enterprise-grade subscription tier (not including appliances), ExtremeControl offers predictable subscription pricing for larger organizations.

However, Extreme Networks’ experience in networking adds additional advantages to balancing operations and security concerns. Alerts from ExtremeControl provide advanced warnings to both security and IT teams of potential threats to enable proactive management of a wide variety of threats that could jeopardize the network.

This article was originally written by Drew Robb on July 7, 2017, and updated by Chad Kime on April 5, 2023.

Chad Kime Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required