Tivoli Configuration Manager

IBM Tivoli Configuration Manager automates the manual provisioning and deployment process.

Tivoli Configuration Manager provides an automated software and patch distribution solution that can also run pre-built scripts on a client, essentially enabling the Tivoli Configuration Manager solution to install any conceivable software product on a client as well as change a client’s local settings and state.

This functionality is used to provide the noncompliant workstation with the correct software and settings using reusable remediation objects.

These remediation objects can be triggered automatically after a client has been tagged noncompliant by the Security Compliance Manager client policy evaluation process. This can help an individual client regain its compliance status and access to the production network without manual interaction and within an acceptable time frame.

A Tivoli Configuration Manager administrator must pre-define all of the objects necessary to remediate a noncompliant condition on a client. More information about Tivoli Configuration Manager can be found in the Deployment Guide Series: IBM Tivoli Configuration Manager, SG24-6454.

More details of each subsystem and its logical components can be found in Chapter 3, “Component structure” on page 39.

2.1.2 Architectural terminology

In this section we provide a brief introduction of the terms related to the solution described in this book, as illustrated in Figure 2-1 on page 14.

Security policy

A security policy, as implemented in Security Compliance Manager, is a collection of compliance objects or queries. A security policy defines what data has to be collected on the client (collectors and parameters) and the default schedule for gathering this data. Security policies can be applied to one or more client groups. The security policy uses a version attribute, which is required for the IBM Integrated Security Solution for Cisco Networks. Read more about these attributes in “Establishing the policy collector parameters” on page 104.

Compliance query

A compliance query, or compliance object, is a single check defined to verify one particular aspect of the enterprise security policy. Security Compliance Manager compliance objects are SQL queries extracting data from one or more collector

Chapter 2. Architecting the solution

19

Page 37
Image 37
IBM Tivoli and Cisco manual Architectural terminology, Tivoli Configuration Manager, Security policy, Compliance query