Integration components, Nac appliance agent, Appendix a. hints and tips – IBM Tivoli and Cisco User Manual

Appendix A. Hints and tips

459

A high-level overview of this design is depicted in Figure 8-42.

Figure 8-42 High-level overview

Integration components

The following components are to be considered prototypes for use in labs,
demos, training classes, and similar purposes. They are implemented in an
insecure manner to allow interested parties to better understand how this
integration works.

NAC Appliance Agent

This specially built agent is customized to run the TSCMAgent.bat file whenever
the required compliance state is not met on the client. When the production
version of this file is delivered, it will not run a .bat file, but will require a signed
executable.

NAC Appliance

Client

Start

Authentication

(TSCM Client Running) &&

(Compliance Semaphore File

Exists)?

No

Yes

Start

TSCMAgent.bat

file

Directive

Allow Host into production

network

TSCM Client

Rescan all posture
collectors

Check for violations

If Violations exist, terminate
client’s session and handle
interface with remediation
solution

If no violations exist, create
Compliance Semaphore
File.

User can now request
network to rescan*

TSCMAgent.bat

Start TSCM Client service

Direct TSCM Client to
rescan

Wait for user to

request rescan*

Scheduler

Direct TSCM
Client to rescan at
regular intervals