IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

52 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

and any client components that would normally be installed on a Tivoli

Configuration Manager client are embedded within the Security Compliance

Manager Compliance policy.

For the IBM Integrated Security Solution for Cisco Networks, the Tivoli

Configuration Manager Software Distribution Server and Web Gateway

components are used. The Software Distribution server is extended with

administrative utilities that support the creation of remediation objects that are

designed to be invoked and installed based on requests from the compliance

client. These utilities also publish the remediation objects to the Web Gateway.

The Web Gateway is extended with a

Remediation Servlet that is designed to

accept the remediation requests from the client and provide the appropriate

remediation objects in response to these requests.

Remediation handler component

The remediation handler is a specific component for the IBM Integrated Security

Solution for Cisco Networks that handles the interface between the Security

Compliance Manager client for NAC and the Tivoli Configuration Manager server.

These components are shown in Figure 3-6 on page 56 and explained in the next

sections. This component is not actually installed on the client. Instead, it is

embedded into compliance policies as a special collector and is downloaded to

the clients as part of the compliance policy.

3.2 Physical components

The discussion so far has been focused on the various logical components that

make up the IBM Integrated Security Solution for Cisco Networks. In this section

we map the logical components into physical components that make up the IBM

Integrated Security Solution for Cisco Networks. The physical components of the

solution can be categorized into three types: client components, network

components, and server components. All three components work together to

effectively deploy polices that an enterprise would like to implement.

3.2.1 Network client

A network client is the end device that must comply with the policy. The client in

the current context of the solution can be a PC or mobile computer running

Windows 2000, Windows XP, or Windows NT®, and Red Hat Linux® Enterprise

Linux 3.x and 4.0. The network client must have the following software

components installed:

 Cisco Trust Agent client software

 Security Compliance Manager client

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual