Port details and communication flows between Security Compliance Manager server and client can be found in “Security Compliance Manager server and client” on page 450.

Details of the activities performed by server and client include:

￿Security Compliance Manager server

Provides an interface for defining complex policies that specify conditions that should exist on a client.

Manages when the security compliance data is collected and which clients collect what kind of data using the data collection components.

Determines what security compliance data is collected, and how to interpret the data using the compliance management components.

Stores the security compliance data received from the clients in a central database and provides the available data to users through the administration console and administration commands.

Provides security violation details as a basis for the compliance report components.

￿Security Compliance Manager client

Collects information about its environment required to assess compliance

with the security policy at a predefined schedule. Using different collectors, this data is sent back to the Security Compliance Manager server. With new posture collectors introduced with Security Compliance Manager Fix Pack 2, the data is stored locally in a posture cache.

If enabled for NAC, the client performs a local compliance assessment using the security policy based on the data from the posture cache. It then provides the posture assessment data to the Cisco Trust Agent via posture plug-in for further processing.

Receives the network admission decision from either the Cisco Secure Access Control Server (ACS) via Cisco Trust Agent (in case of using the NAC Framework solution) or the Clean Access Server (CAS) via the Clean Access Agent (in case of using the NAC Appliance solution) and presents current status information using a GUI. It displays the compliance status and posture data, and enables re-initiating the compliance scanning process.

On user request, it can initiate an automated remediation process.

More information about Tivoli Security Compliance Manager can be found in the IBM Redbook Deployment Guide Series: IBM Tivoli Security Compliance Manager, SG24-6450.

18Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 35 Page 37
Page 36
Image 36
IBM Tivoli and Cisco manual
Page 35 Page 37
Top Page Image Contents