Filter
Top Products
Chapter 2. Architecting the solution 15
In general, the IBM Integrated Security Solution for Cisco Networks consists of
three subsystems or logical components, as shown in Figure 2-1 on page 14:
Network Admission Control (NAC) subsystem based on Cisco technology
Compliance subsystem based on IBM Tivoli Security Compliance Manager
(SCM)
Remediation subsystem based on IBM Tivoli Configuration Manager
Figure 2-2 depicts all involved subsystems and components in a physical
network representation. It shows the involved stationary and portable clients, the
different network segregations, the server components, and the required
networking equipment.
Figure 2-2 IBM and Cisco architecture overview
Network Admission Control
Network Admission Control (NAC) is a Cisco-sponsored industry initiative that
uses the network infrastructure to enforce security policy compliance on all
Mobile Users
Internet
Data Center Network
AAA
Corporate
Resources
SCM Server
Corporate VLAN
Branch Office
Quarantine VLAN
Remediation VLAN
TCM Server
ACS
Web Server
SCM Policy Enabled Clients
NAC Enabled Devices
Router
Remote Access Server
VPN Wireless Access Point
WAN