15.9. Maintenance and Upgrades
After you roll out NAC in your network, your NAC deployment will undoubtedly need some sort of maintenance and upgrades eventually. A few steps can save hours of headaches:
Set up a small lab that's a miniature version of your production NAC deployment. Before you upgrade your production network, always test it in the lab to make sure that it's going to work and not introduce any problems. In other words, always test before rolling it out. Test such components as the endpoint software, policies, enforcement, and so on.
Do upgrades in phases. Depending on your NAC solution, you may want to upgrade the endpoint clients first; then, you can try to upgrade the policy engine. Ask your NAC vendor for their recommendations on how you can successfully upgrade the various components of the NAC solution.
Have a rollback plan. If the upgrade is unsuccessful, you need to roll back — and you need to have a plan for that rollback. Instead of allowing your network to block all productivity, you may want to roll back and do further tests in a lab before you try to upgrade again.
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
