Filter
Top Products
110 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
focus on how our posture policy, as established by the Tivoli Security Compliance
Manager, interrelates with the Cisco Secure Access Control Server and how its
associated polices form an interlocked security solution (Figure 5-12).
Figure 5-12 Simplified policy interrelations
Posture token
For all of the moving parts and pieces, at the time of this writing
1
, only two pieces
of posture status information are transmitted from the Security Compliance
Manager posture client to the network:
The
version of the posture policy the client is running. This parameter is a
string value and is established at the time of policy collection. We set this
value in “Establishing the policy collector parameters” on page 104.
The
violation count, which is the total sum of all violations found by the
posture collector policies assigned to the client.
1
Enhancements may be seen in future releases, including finer-grained posture data transmission.
Network
Resources
SCM
Policy
ACS
Policy
Client Sends posture status
Policy Version
Violation Count
ACS evaluates client status
y What is health status of workstation?
y What are the permissions for that
particular health status?
Network Access
Device
ACS
Workstation