IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

66 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

 Remote offices and branch offices can use the Internet as a primary method

of access or for backup if the primary access method fails.

 Organizations can provide partners access over the Internet and exchange

data over VPN.

Controlled zone - external network-facing DMZ

One controlled, semi-trusted network zone is called the DMZ. It provides a buffer

zone between the Internet and internal networks. This zone can realize the

following benefits:

 DMZ can terminate partner traffic or any other WAN traffic before it enters any

restricted production zone.

 This zone terminates all dial-up users and VPN traffic.

 The Tivoli Configuration Manager Web Gateway is typically located in the

DMZ.

Controlled zone - intranet

The intranet is the other controlled zone. Local client users on the LAN

infrastructure and remote office users, using WAN-technologies to connect to

various enterprise resources, are participants of this zone.

Restricted zone - production network

One or more network zones may be designated as restricted zones in systems to

which access must be strictly controlled. These systems can be production

servers and are typically application servers, database servers, and other

servers that support business-critical functions. Direct access to these systems

from uncontrolled networks should not be permitted. The Security Compliance

Manager server, Security Compliance Manager proxy, and, optionally, the

Configuration Manager Software Distribution server may be placed in the

production network.

Restricted zone - management network

This zone contains network and enterprise management systems. The ACS can

typically be part of the management zone.

Other networks

The network examples that we use do not necessarily include all possible

scenarios. There are organizations that extensively segment functions into

various subnetworks. However, in general, the principles discussed here may be

translated easily into appropriate architectures for such environments.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual