beautypg.com

IBM Tivoli and Cisco User Manual

Page 480

background image

462

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

using the example HTML form provided. It should be noted that default security
settings on most browsers will prevent active content or ask the user whether to
allow it, meaning that the user will still have to manually intervene in the process.

This HTML form must be customized to the environment as follows:

The client’s MAC address must be placed in the NAME="mac" VALUE="001125CEF56C"> tag.

The administrator UID of the NAC Appliance Manager must be placed in the

The password for the specified administrator ID must be placed in the
.

There is sensitive information placed in this file, which is another reason why this
version of the integration is not suitable for production.

Installing and configuring prototype integration components

The following instructions are intended to assist the reader in implementing this
integration.

NAC Appliance Agent

The prototype version of this agent installs on the client in the same manner as
the production version. It is basically a wizard install and there are no
configuration parameters required.

On the NAC Appliance Manager, the agent must be registered as follows:

1. Unzip the IBMTivoli.zip file. You will find two sub-directories, CAM and Agent.

2. Copy the two jsps from the CAM sub-directory into the

/perfigo/control/tomcat/Webapps/admin/ directory on the Clean Access
Manager.

3. Upload the CCAAgentSetup.tar.gz file in the Agent sub-directory on to the

Clean Access Manager using CleanAccess

CleanAccess Agent

Distribution with Version 4.0.1.1.

Policy collector

The prototype policy collector is delivered as a .jar file named
com.ibm.scm.nac.posture.PolicyCollector.jar. This file is installed as a collector
using the Security Compliance Manager Server’s Administration Console. This
collector is assigned Release Version 500, which is several hundred versions
higher than the production versions, to distinguish it from production versions of
the collector. Whenever a system with this prototype collector is updated with a
production version, the installer will be warned that the new version is lower than

See also other documents in the category IBM Hardware: