collectors, at which time any state changes affected by the remediation process will be discovered. The next time the network polls for StatusChange, it will receive a true response and will request the new posture data to evaluate against the existing policy.

Details about this process can be found in the Security Compliance Manager Client’s client.log file and several log files on the Web Gateway, including the HTTP Server component’s access.log and the application-specific logs on the WebSphere Application Server.

Security Compliance Manager server and client

Figure A-5illustrates Tivoli Security Compliance Manager client/server communication and the interaction between the server and client and associated TCP port numbers.

Tivoli Security Compliance Manager Server

Jlog

Push Client

Java RMI to

(local only)

Administration Utilities

TCP 1951

TCP 1952

TCP 1955

 

Jlog

Server to Client

Administration console

and commands

(local only)

TCP 1950

 

TCP 1953

Temporary connections

 

 

 

SCM Push Client

TCP - Transmission Control Protocol

 

Figure A-5 Communication port usage in Security Compliance Manager server and client

Figure A-5shows the default port usage for Tivoli Security Compliance Manager. The direction of the arrows in the diagram indicate the initiator of the communication. For example, communication from the server to a push client is initiated by the server on port 1950. Similarly, communication from a push client to the server is initiated by the client on port 1951.

450Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 468
Image 468
IBM Tivoli and Cisco manual Security Compliance Manager server and client, Tivoli Security Compliance Manager Server