Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual Top-level sequence of events

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 462
Image 462

Top-level sequence of events

The NAC process starts when the client tries to access a protected network. When the Network Access Device (typically a switch or router) recognizes that a client is attempting access, it issues a PostureQuery request to the client asking the client to report its posture. The posture message is passed via the Cisco Trust Agent to the Security Compliance Manager policy collector, which responds with a PolicyVersion and a ViolationCount, the two attributes that have been registered with the ACS for the use of client remediation. The values passed along for these attributes are considered to define the client’s posture.

When the ACS has received the posture attributes from the client, it computes

these against defined policies and computes a posture (or posture token) for the client. The two postures that are typically used are Quarantine and Healthy. The

ACS sends a PostureNotification to the client; if the client is healthy, that is the end of the NAC process. If the client is quarantined, then the notification also includes an action, which is the URL to be used to request automated remediation. In either case, the Cisco Trust Agent pops up a window on the client that displays the current posture.

If a quarantine PostureNotification is received by the client, it will pass all of the known remediation information in the posture cache to the remediation handler, which includes a pop-up GUI that enables the user to see what the state of compliance is and to manually address any problems that are reported. The remediation handler UI includes a fully functional Web browser, and HTML content can be customized for policies to provide users with directions or links to Web sites where they can download remediation content. The remediation handler also includes several buttons for the user to select the desired behavior:

￿The Rescan button forces an immediate rescan by all of the collectors, and all of the data in the local posture cache is updated. This completes the current process, and the client will wait for the network to poll it for changes, at which time the process will be started again.

￿The Fix Now button initiates the automated remediation process.

The sequence diagram shown in Figure A-2 on page 445 shows the sequence of events for the automated remediation process at the highest level.

444Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 461 Page 463
Page 462
Image 462
IBM Tivoli and Cisco manual Top-level sequence of events
Page 461 Page 463