IBM Tivoli and Cisco User Manual

460

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

TSCMAgent.bat

This script creates the compliance semaphore file in and intermediate state that
indicates that the client is in the admission process. It then starts the TSecurity
Compliance Manager Client service. These are the two conditions that should be
checked for in any NAC Appliance policy created for this integration. Finally, it
runs the TSecurity Compliance Manager Client’s statuscheck.exe, which forces
the TSecurity Compliance Manager Client to run a rescan and recompute the
compliance posture.

NACApplianceCompliance.entry

This file is an identical copy of the compliance semaphore file in an intermediate
state that indicates that the client is in quarantine. It is used by the
TSCMAgent.bat file to create the actual semaphore file to indicate this state to
the policy collector.

Policy collector

This specially built policy collector has been modified to update the state of the
compliance semaphore file and to terminate the client’s session if the client is
admitted to the network and compliance violations are found.