Filter
Top Products
Chapter 5. Solution design 101
recommend that a process be in place for the normal notification and distribution
of required workstation updates and corporate policies; for all but the most
extreme cases, the life cycle management process includes a grace period.
The deployment of the NAC, along with the IBM Integrated Solution for Cisco
Networks, enables ABBC to
enforce policy by blocking the network access of
noncompliant systems after the expiration of this grace period. Figure 5-2
illustrates a client system in violation of the password quality check. Note that the
remediation handler interface provides the user with a description of the violation
and the steps necessary to resolve the issue. These may or may not include
calling the remote remediation server in order to download appropriate software
and execute the actions to get the workstation back to the compliant state.
Figure 5-2 Remediation process
5.3 Implementation architecture
Network Admission Control (NAC) is not a single product; NAC is an
industry-wide collaboration sponsored by Cisco Systems. As such, a NAC
implementation requires a multivendor collection of physical and logical
components.
As referenced in Figure 5-3 on page 102, the major Cisco components include a
client-side Cisco Trust Agent, a Cisco Network Access Device (NAD) running a
NAC-enabled version of Cisco’s IOS, and a Cisco Secure Access Control Server
(ACS) running Version 4.0 or later software. The major IBM components of the
SCM
Client
Production
Network
SCM
Remediation
Handler
Interface
TCM Server
Remediation
Request
Remediation
Updates &
Actions
Attempt
Allow
Deny
Quarantine
Notification
Cisco NAC