1 logical components – IBM Tivoli and Cisco User Manual

40

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

3.1 Logical components

The IBM Integrated Security Solution for Cisco Networks detects the state of
network clients and compares it with a set of centrally defined and managed
policies to establish client postures. It then dynamically reconfigures the network
based on detected client postures and changes the state of devices to be in
compliance with defined policies. This solution is an integration of products from
IBM and Cisco. The IBM products focus on the aspects of compliance and
remediation, and the Cisco products provide the Network Admission Control
(NAC) and policy validation components.

This new integrated solution includes a set of policies and workflows that address
certain well-known conditions such as operating system levels, hotfixes, and
security and policy settings. These policies and workflows can be configured to
address new instances of these conditions. The IBM Integrated Security Solution
for Cisco Networks is an extensible offering that provides the ability to create new
policies to detect various combinations of device postures and workflows that
can remediate various states on these devices. This can provide you with the
flexibility to define polices that are unique to your environment.

The solution integrates three major independent logical components or
subsystems with add-on components specifically developed for the IBM
Integrated Security Solution for Cisco Networks, depicted in Figure 3-1.

Figure 3-1 Solution logical block diagram

Network

Admission

Control

Posture

Validation

Server

Policy

Enforcement

Device

Admission Control

Client

Compliance

Compliance

Server

Compliance Client

(Posture plug-in)

Remediation

Remediation

Server

Remediation

Client

Client

Components