beautypg.com

IBM Tivoli and Cisco User Manual

Page 36

background image

18

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Port details and communication flows between Security Compliance Manager
server and client can be found in “Security Compliance Manager server and
client” on page 450.

Details of the activities performed by server and client include:

Security Compliance Manager server

– Provides an interface for defining complex policies that specify conditions

that should exist on a client.

– Manages

when

the security compliance data is collected and which clients

collect what kind of data using the data collection components.

– Determines

what

security compliance data is collected, and how to

interpret the data using the compliance management components.

– Stores the security compliance data received from the clients in a central

database and provides the available data to users through the
administration console and administration commands.

– Provides security violation details as a basis for the compliance report

components.

Security Compliance Manager client

– Collects information about its environment required to assess compliance

with the security policy at a predefined schedule. Using different

collectors

, this data is sent back to the Security Compliance Manager

server. With new

posture collectors

introduced with Security Compliance

Manager Fix Pack 2, the data is stored locally in a posture cache.

– If enabled for NAC, the client performs a local compliance assessment

using the security policy based on the data from the posture cache. It then
provides the posture assessment data to the Cisco Trust Agent via posture
plug-in for further processing.

– Receives the network admission decision from either the Cisco Secure

Access Control Server (ACS) via Cisco Trust Agent (in case of using the
NAC Framework solution) or the Clean Access Server (CAS) via the Clean
Access Agent (in case of using the NAC Appliance solution) and presents
current status information using a GUI. It displays the compliance status
and posture data, and enables re-initiating the compliance scanning
process.

– On user request, it can initiate an automated remediation process.

More information about Tivoli Security Compliance Manager can be found in the
IBM Redbook Deployment Guide Series: IBM Tivoli Security Compliance
Manager, SG24-6450.

See also other documents in the category IBM Hardware: