beautypg.com

2 physical components, 1 network client – IBM Tivoli and Cisco User Manual

Page 70

background image

52

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

and any client components that would normally be installed on a Tivoli
Configuration Manager client are embedded within the Security Compliance
Manager Compliance policy.

For the IBM Integrated Security Solution for Cisco Networks, the Tivoli
Configuration Manager Software Distribution Server and Web Gateway
components are used. The Software Distribution server is extended with
administrative utilities that support the creation of remediation objects that are
designed to be invoked and installed based on requests from the compliance
client. These utilities also publish the remediation objects to the Web Gateway.
The Web Gateway is extended with a

Remediation Servlet

that is designed to

accept the remediation requests from the client and provide the appropriate
remediation objects in response to these requests.

Remediation handler component

The

remediation handler

is a specific component for the IBM Integrated Security

Solution for Cisco Networks that handles the interface between the Security
Compliance Manager client for NAC and the Tivoli Configuration Manager server.
These components are shown in Figure 3-6 on page 56 and explained in the next
sections. This component is not actually installed on the client. Instead, it is
embedded into compliance policies as a special collector and is downloaded to
the clients as part of the compliance policy.

3.2 Physical components

The discussion so far has been focused on the various logical components that
make up the IBM Integrated Security Solution for Cisco Networks. In this section
we map the logical components into physical components that make up the IBM
Integrated Security Solution for Cisco Networks. The physical components of the
solution can be categorized into three types: client components, network
components, and server components. All three components work together to
effectively deploy polices that an enterprise would like to implement.

3.2.1 Network client

A network client is the end device that must comply with the policy. The client in
the current context of the solution can be a PC or mobile computer running
Windows 2000, Windows XP, or Windows NT®, and Red Hat Linux® Enterprise
Linux 3.x and 4.0. The network client must have the following software
components installed:

Cisco Trust Agent client software
Security Compliance Manager client

See also other documents in the category IBM Hardware: