Support User Manuals

IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

Appendix A. Hints and tips 461

Scheduler

A platform-specific task scheduler (EG Windows Task Scheduler or Cron on

UNIX) is configured to run the Security Compliance Manager Client’s

statuscheck.exe on a periodic basis. This is required to create a

post-admission

polling cycle

that monitors the client for compliance after admission to the

network. A special scheduler.bat file is provided to create a scheduled task that

runs statuscheck.exe each minute. This script is appropriate for Windows clients.

kickrich.html

There are two versions of this HTML form provided, one that requires the user to

manually click a button to continue, and one that automatically submits the

request. Either one will work and it is up to the reader to decide which behavior is

desired. In either case, the selected version should be renamed to kickrich.html if

Note: A number of constraints exist at the time of this writing that affect the

processing of the NAC Appliance-specific policy collector. As a result, a

number of limitations exist in this version of the collector that can be corrected

in a supported version of this collector. In addition, this version of the collector

was written quickly in lab conditions and several issues should be corrected in

a production version.

Users of this protype version of the policy collector should be aware of the

following:

 There is very little error checking, so the collector behaves in unpredictable

manners if the configuration is not correct. For example, the policy

collector’s Handler_Attributes must contain a value called

NACAppliancekickUserCMD that must contain a command to invoke a

Web browser and open a pre-configured HTML form.

 The policy collector is written with JAVA 1.3 and does not have access to

the HTTPS classes provided in later JAVA versions. Since an HTTPS Post

is required to terminate the client’s network session, a special HTML Form

has been provided to issue the HTTPS Post request. This form is called by

the policy collector and should be customized according to the

environment.

 Various attributes required by this special policy collector have been

parameterized and can be configured either as parameters of the policy

collector or in the Security Compliance Manager Client’s handler.properties

file.

 All of the components assume that the Security Compliance Manager

Client is installed in the c:\Program Files\IBM\SCM\Client directory, which

is the default location.

previous next