As a leader in wireless and wired large area network (LAN) infrastructure, Extreme Networks deeply understands the operational requirements for networks and the IT teams managing them. To aid in reducing IT labor requirements and to improve security, Extreme Networks created their ExtremeControl network access solution.
To compare ExtremeControl against competitors, see our complete list of top network access control (NAC) solutions.
Who is Extreme Networks?
Founded in 1996 and based in San Jose, California, Extreme Networks delivers software-driven networking solutions. It serves more than 50,000 customers through 9,000 partners in more than 80 countries. Extreme Networks trades publicly under the stock symbol EXTR on the NASDAQ stock exchange.
ExtremeControl
ExtremeControl builds off of Extreme Networks’ core network management capabilities to enable granular policy controls over both wired and wireless networks. Users, guests and internet-of-things (IoT) devices can be located, on-boarded, authenticated, and evaluated for compliance.
ExtremeControl integrates into the customer’s major third party ecosystems for private cloud orchestration, mobile device management (MDM), enterprise mobility management (EMM), content filter, and firewall solutions.
Agents
Both agent-based and agentless assessment options are available. A persistent or dissolvable agent can be installed on the client end system for assessment. This can be downloaded via a captive portal website or installed via a software distribution system such as group policy or system center configuration manager. The agentless assessment does not require installation or running of any software on the end system.
The ExtremeControl Assessment Agent requires minimum hardware capabilities for Windows and macOS:
- WIndows
- Versions: Vista, XP, 2008, 2003, 7, 8, 8.1, 10
- 80 MB of disk space
- 40 MB (80 MB with service agent) of available memory
- macOS
- Versions: Tiger, Snow Leopard, Lion, Mountain Lion Mavericks, Yosemite, El Capitan, Sierra
- 10 MB of disk space
- 120 MB of available memory
Applicable Metrics
ExtremeControl physical appliances support up to 12,000 users or 24,000 users. Extreme Networks does not publish the user limitations for virtual ExtremeControl instances, but seems to require deployment of ExtremeCloud Virtual Appliances, which is limited based upon the deployed size from 50 – 400 switches or from 1,000 – 32,000 users depending upon mode.
Using an Extreme Management Center an organization can manage 35 individual physical appliances or 75-100 pairs of virtual ExtremeControl appliances.
Security Qualifications
Although ExtremeControl can help satisfy many of the requirements of various compliance and certification processes, Extreme Networks has not obtained formal certification for the ExtremeControl solutions.
Features
- Uses Granular Policies to control user and device access
- Third party integration with many third-party security tools such as firewalls, security information and event management (SIEM) tools, mobile device management (MDM), and enterprise mobility management (EMM) solutions
- Guest and IoT onboarding (additional license required) manages expiration, account validity and time control without requiring IT oversight or approval
- Device profiling of type, security posture (additional license required), OS patching state, etc.
- Automatic performance alerting to reduce monitoring requirements and proactively detect potential service disruptions
Pros
- Wired and wireless network access control
- Onboarding is secure and simple
- Context-based policies that consider security posture of endpoints
- Detailed profiling with access and app analytics data
- Balances security and usability by enabling secure, but limited, access even for non-compliant devices
- Per user pricing available
Cons
- Some users complain that the cloud-based solution contains more robust features than on-premises appliances
- Poor information on virtual appliance licensing and capabilities
- Not widely reviewed
Intelligence
Extreme Networks integrates with other security tools to provide user and device information to SIEMs and other security monitoring solutions.
Delivery
ExtremeControl installs as physical or virtual appliances. The rack-mountable physical appliance comes in either a 12,000 endpoint or 24,000 endpoint version. The virtual appliance requires VMWare or Hyper-V servers with VHDX disk formats. The virtual engine installation guide seems to require previous installation of the ExtremeCloud IQ software.
Pricing
Extreme Networks does not publish pricing directly, but resellers list suggested pricing. Note that the pricing below does not reflect potential partner programs, bulk pricing, or other incentives.
- Physical appliance
- $15,300 for 12,000 endpoints IA-A-25
- $24,800 for 24,000 endpoints IA-A-305
- Perpetual NAC licenses
- $8,000 for 1k end systems IA-ES-1K
- $22,500 for 3k end systems IA-ES-3K
- $85,000 for 12k end systems IA-ES-12K
- Optional Perpetual Posture Assessment licenses
- $12,000 for 3k end systems IA-PA-3K
- $48,000 for 12k end systems IA-PA-12K
- Optional Guest and IoT Onboarding license
- $3,000 for 1k end systems IA-GIM-1K
- $6,000 for 3k end systems IA-GIM-31K
- $12,000 for 12k end systems IA-GIM-12K
- Subscription license (97207-27001)
- Includes an unlimited number of end-system licenses up to the performance limit plus Extreme works
- Priced at $12 per user per year
- Requires appliance ownership
Extreme Networks professional services, product service, and support will require additional fees. Virtual deployment appears to require additional software and licenses.
Bottom Line: Best for Balancing Security and Operations
Gartner named Extreme Networks as a leader for Enterprise Wired and Wireless LAN infrastructure from 2018 to 2022. With an enterprise-grade subscription tier (not including appliances), ExtremeControl offers predictable subscription pricing for larger organizations.
However, Extreme Networks’ experience in networking adds additional advantages to balancing operations and security concerns. Alerts from ExtremeControl provide advanced warnings to both security and IT teams of potential threats to enable proactive management of a wide variety of threats that could jeopardize the network.
This article was originally written by Drew Robb on July 7, 2017, and updated by Chad Kime on April 5, 2023.
