UIT is progressing with, and continually improving the process of, the implementation of network access control (NAC) at the University of Utah and University of Utah Health — and new resources should help speed things along.

NAC is an IT security control that restricts unauthorized users and devices from accessing the university’s network.

UIT’s Core Infrastructure Services and Project Management Office (PMO) began implementing NAC in spring 2025 as part of the university’s Cybersecurity Program, which is designed to create a more secure IT environment for the U’s students, patients, faculty, staff, and affiliates.

Earl Lewis, UIT senior project manager for the PMO, said the work should move even faster thanks to the addition of a project manager, Larry Jensen, for U of U Health implementation; close collaboration with the U’s Network Architecture Community of Practice; and the hiring of a contractor, which will hopefully reduce the amount of time it takes for outreach and preparation.

As of April 1, the project team had worked with more than 20 U organizations to deploy NAC in 12 areas, which have some 3,000 wired computers and Internet of Things (IoT) devices. And that’s only the tip of the iceberg as they say, as the project team still has 280 buildings to go.

Lewis said teams tackled the A. Ray Olpin Student Union’s lower level early on to understand the challenges of coordinating NAC deployment for an area that serves multiple organizations and to improve the deployment process.

“Not many buildings are complicated, but we did the Union intentionally because we wanted to see how difficult NAC deployment would be with multiple orgs in one area, a number of people to contact and coordinate with, etc.,” Lewis said.

Prior to NAC implementation, UIT asks local IT support teams and systems managers to prepare devices so users are not affected by the change.

“We could turn NAC on everywhere, but it would break a ton of stuff” if preparation work isn’t done first, said Ray Carsey, senior manager for the Network team. He said Core Infrastructure Services Director Abraham Kololli has a mantra: Do no harm. “So, we’re trying to ensure that end users don’t notice it’s happening.”

With the right preparation, NAC implementation goes smoothly, Carsey said.

Lewis said UIT has established and distributed standard operating procedures and a self-service workflow to help IoT system managers prep their devices (e.g., security cameras, card readers, and HVAC systems) for NAC. UIT also provides a range of assistance to local IT support teams so they can configure macOS and Windows devices before NAC implementation begins in their buildings.

IT support teams can use group policies to centrally manage Windows machines (assuming they also use the central Active Directory), but macOS devices do not have a native centralized management platform. If the organization does not have a mobile device management (MDM) solution for macOS devices, UIT offers Microsoft Intune at no cost.

An MDM tool is extremely helpful because macOS devices have IEEE 802.1X enabled by default, which prompts users to accept or identify a certificate when NAC is enabled — a disruption Carsey and Lewis want to avoid. With an MDM solution, local IT staff can configure those devices before NAC implementation so users don’t receive such prompts.

One challenge, Carsey noted, is figuring out how to authenticate devices as a group instead of one at a time, which would accelerate the implementation process. He and Lewis hope the CoP and contractor can help with that.

“We’re developing a plan to implement NAC across the university as quickly as we can without disrupting operations and user experience,” Lewis said.

 

Node 4 Search