IBM Tivoli and Cisco manual Preface

Preface

In February of 2004, IBM® announced that it would be joining Cisco’s Network Admission Control (NAC) program. In December of 2004, IBM released its first

offering for the Cisco NAC program in the form of the IBM Tivoli® compliance and remediation solution. In June of 2005 the first edition of this IBM Redbook was published.

A number of subsequent updates from Cisco have changed the dynamics of the Network Access Control market, and have led to significant changes by IBM to our compliance and remediation solution. Foremost amongst these new developments are the release of Cisco’s Phase 2 Network Admission Control architecture, the addition of the NAC Appliance to Cisco’s offerings, and the addition of Tivoli Configuration Manager as a remediation component of the overall solution.

While this second edition addresses these changes, the fundamental concept and business value of the solution remain relatively constant and are preserved with minimal changes from the first edition. In contrast, the technical and implementation details have significantly changed and are of great interest to those who have read the first edition.

It is important to realize what is the compliance and remediation solution. It is not

aone-size-fits-all product that will work out-of-the-box for customers. It is an integrated solution comprised of three products that are very powerful in their own right. As such, there is no individual product manual that can properly capture all of the techniques and practices that must be developed in order to properly deploy this solution.

A typical product manual is analogous to an automobile owner’s manuals in that it tells you a wealth of information about your product but it does not tell you how to apply your product in practice, just as an automobile owner’s manual does not teach you how to drive or how to navigate. This redbook serves as a high-level

guide for designing and deploying the solution in various business scenarios. It teaches you how to drive and navigate the compliance and remediation solution.

Note that the IBM Integrated Security Solution for Cisco Networks, referenced numerous times in this book, is a portfolio of solutions that also includes Tivoli’s identity management solution for Cisco network access. This book does not address the identity-based solution, so any references to the IBM Integrated Security Solution for Cisco Networks in this book actually refers to the compliance and remediation parts of the solution.