Filter
Top Products
54 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
3.2.2 Network access infrastructure
All users connect to enterprise resources via network access devices. The
topology varies depending on the size of the organization, but most networks can
be classified into LAN (local area network), WAN (wide area network), or remote
access. The LAN enables connectivity to users within a location. A WAN provides
connectivity to remote or branch office users who need connectivity to resources
that are centrally deployed. Remote access users access the enterprise
resources using dial-up or the Internet to connect. Virtual private network (VPN)
technology is generally deployed for remote access secure connectivity. VPN
connectivity is also used by remote and branch offices to provide a low-cost
secure access method. Enterprise users may use any of these methods to
access the enterprise resources.
Network access device
In the IBM Integrated Security Solution for Cisco Networks, the network enforces
the policy, so the network access device (NAD) becomes an integral part of the
solution. In our solution, Cisco switches, routers, VPN Concentrators, Adaptive
Security Appliances, and access points can be used as policy enforcement
devices.
3.2.3 IBM Integrated Security Solution for Cisco Networks servers
The servers are a set of centrally administered devices that enable creation,
deployment, and management of policies. They also provide a platform for
centralized validation and reporting.
Cisco Secure Access Control Server
The Cisco Secure Access Control Server (ACS) is a Cisco AAA server or an ACS
appliance that provides posture validation to the client. Posture credentials of the
client are then validated and network access is provided to clients depending on
the policy and their posture status. The ACS delivers network policy information
such as ACL and RADIUS parameters to the NAD that enforces the policy.
Security Compliance Manager server
The Security Compliance Manager server is an IBM-developed solution for the
complex problem of deploying and checking enterprise polices. The server
provides a platform for the creation of various client compliance policies that can
Note: Refer to the Cisco Web site for the latest list of supported hardware and
corresponding software for the NAC solution at:
http://www.cisco.com/go/nac