In general, the IBM Integrated Security Solution for Cisco Networks consists of three subsystems or logical components, as shown in Figure 2-1 on page 14:

￿Network Admission Control (NAC) subsystem based on Cisco technology

￿Compliance subsystem based on IBM Tivoli Security Compliance Manager (SCM)

￿Remediation subsystem based on IBM Tivoli Configuration Manager

Figure 2-2depicts all involved subsystems and components in a physical network representation. It shows the involved stationary and portable clients, the different network segregations, the server components, and the required networking equipment.

Mobile Users

Data Center Network

 

 

 

TCM Server

 

 

Corporate

 

 

 

 

ACS

Resources

Web Server

 

 

 

AAA

SCM Server

Remediation VLAN

 

 

Internet

 

 

 

SCM Policy Enabled Clients

WAN

 

Corporate VLAN

 

 

 

NAC Enabled Devices

 

 

 

 

 

 

Quarantine VLAN

 

Branch Office

 

Router

Remote Access Server

VPN

Wireless Access Point

Figure 2-2 IBM and Cisco architecture overview

Network Admission Control

Network Admission Control (NAC) is a Cisco-sponsored industry initiative that uses the network infrastructure to enforce security policy compliance on all

Chapter 2. Architecting the solution

15

Page 33
Image 33
IBM Tivoli and Cisco manual Network Admission Control, Wan