Remediation (flow 4) – IBM Tivoli and Cisco User Manual

Chapter 3. Component structure

61

Remediation (flow 4)

Two cases should be considered for the remediation process: one where the
organization has a Tivoli Configuration Manager server with an automatic
remediation implementation, and the other where the organization will use
manual methods for remediation using a Web server or alternative methods.
Manual remediation could be provided with a Web server where a user can
download the required software to meet the software compliance requirements
and manually comply to configuration requirements.

In the case of automatic remediation, these processes result in remediation:

Remediation request (4a)

The token received in step 3e determines the posture of the client. If the client
receives a

quarantine posture

this requires being provided with remediation,

(for example, a corrective action). The remediation is initiated by the user of
the network client machine by clicking a remediation button from the Security
Compliance Manager client pop-up window. The

policy collector

then passes

a

remediation URL

and a remediation request containing the name of the

remediation object for remediating policy objects to the

remediation handler

on the network client.

Remediation execution (4b)

The

remediation handler

on the network client contacts the Configuration

Manager Web Gateway server requesting remediation. An appropriate object
is downloaded and executed and the client is remediated.

Network access (4c)

The NAD continuously polls the client for change in posture status. If the
network client has been remediated, it has to go through the process steps 2a
through 3g again. After the network client is remediated of all violations, it
receives a

healthy token

from the ACS and the access control policy is

changed in the NAD device. At this point the client is compliant to the
enterprise policy and is provided access to the enterprise network.