Filter
Top Products
444 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
Top-level sequence of events
The NAC process starts when the client tries to access a protected network.
When the Network Access Device (typically a switch or router) recognizes that a
client is attempting access, it issues a PostureQuery request to the client asking
the client to report its posture. The posture message is passed via the Cisco
Trust Agent to the Security Compliance Manager policy collector, which responds
with a PolicyVersion and a ViolationCount, the two attributes that have been
registered with the ACS for the use of client remediation. The values passed
along for these attributes are considered to define the client’s posture.
When the ACS has received the posture attributes from the client, it computes
these against defined policies and computes a posture (or posture token) for the
client. The two postures that are typically used are
Quarantine and Healthy. The
ACS sends a PostureNotification to the client; if the client is healthy, that is the
end of the NAC process. If the client is quarantined, then the notification also
includes an action, which is the URL to be used to request automated
remediation. In either case, the Cisco Trust Agent pops up a window on the client
that displays the current posture.
If a quarantine PostureNotification is received by the client, it will pass all of the
known remediation information in the posture cache to the remediation handler,
which includes a pop-up GUI that enables the user to see what the state of
compliance is and to manually address any problems that are reported. The
remediation handler UI includes a fully functional Web browser, and HTML
content can be customized for policies to provide users with directions or links to
Web sites where they can download remediation content. The remediation
handler also includes several buttons for the user to select the desired behavior:
The Rescan button forces an immediate rescan by all of the collectors, and all
of the data in the local posture cache is updated. This completes the current
process, and the client will wait for the network to poll it for changes, at which
time the process will be started again.
The Fix Now button initiates the automated remediation process.
The sequence diagram shown in Figure A-2 on page 445 shows the sequence of
events for the automated remediation process at the highest level.