Network admission control – IBM Tivoli and Cisco User Manual

Chapter 2. Architecting the solution

15

In general, the IBM Integrated Security Solution for Cisco Networks consists of
three subsystems or logical components, as shown in Figure 2-1 on page 14:

Network Admission Control (NAC) subsystem based on Cisco technology

Compliance subsystem based on IBM Tivoli Security Compliance Manager
(SCM)

Remediation subsystem based on IBM Tivoli Configuration Manager

Figure 2-2 depicts all involved subsystems and components in a physical
network representation. It shows the involved stationary and portable clients, the
different network segregations, the server components, and the required
networking equipment.

Figure 2-2 IBM and Cisco architecture overview

Network Admission Control

Network Admission Control

(NAC) is a Cisco-sponsored industry initiative that

uses the network infrastructure to enforce security policy compliance on all

Mobile Users

Internet

Data Center Network

AAA

Corporate

Resources

SCM Server

Corporate VLAN

Branch Office

Quarantine VLAN

Remediation VLAN

TCM Server

ACS

Web Server

SCM Policy Enabled Clients

NAC Enabled Devices

Router

Remote Access Server

VPN

Wireless Access Point

WAN