IBM Tivoli and Cisco User Manual

468

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

– Remediation handler:

•

Since semaphore is -1, PopUp Remediation Interface.

•

User can click Fix Now for autoremediation.

•

Runs compliance scan. In this case no violations are found, so set
semaphore to 1.

– User clicks Next.

– NAC Appliance now finds Security Compliance Manager Client running

and semaphore=1, so admit client.

Scenario 6 - post-admission, Security Compliance Manager running,
noncompliant client

– In this case, the semaphore starts as 1 since we have been admitted.

– Windows Scheduler or cron job runs statuscheck.exe.

– Statuscheck.exe:

•

Requests rescan from Security Compliance Manager Client

– Security Compliance Manager Client:

•

Runs compliance validation. In this case, violations are found and
semaphore equals 1, so set it to 0.

•

Since violations are found, instructs client to run remediation handler.

– Remediation handler:

•

Since semaphore is 0, call NAC Appliance Kick User API.

•

Exit.

– NAC Appliance restarts the admission process.

– Client is now in same state as state #5.