8

Chapter 8. Remediation subsystem implementation

This chapter describes the IBM Tivoli Configuration Manager part of the Network Admission Control (NAC) solution, where the main concern is the remediation of the noncompliant clients. The remediation process can be either manual, done by the user who follows provided instructions, or automated, where the user only clicks the Fix Now button in the provided user interface.

We also discuss the maintenance issues with the solution components and provide a detailed walkthrough for remediation workflow creation to match the security policy change process.

Creating the automated remediation component requires the following components and tasks:

￿Installation and configuration of the Tivoli Configuration Manager Web Gateway on top of the base Tivoli Configuration Manager server.

￿Creating the remediation instructions for the users based on input data from the security-compliance team about the configuration of the compliance policy.

￿Remediation server configuration. This includes several steps:

Installation of the Software Package Web Server

Configuration of the Software Package Web Server

© Copyright IBM Corp. 2005, 2007. All rights reserved.

355

Page 373
Image 373
IBM Tivoli and Cisco manual Remediation subsystem implementation, 355