Client logging can be turned on by setting the debug property to true in the %SCM_HOME%\client\client.pref file. When turned on, a file called client.log is created and updated in the %SCM_HOME/client directory. This file displays any notification received from the network.

Remediation handler

When the Security Compliance Manager client is started, it automatically starts the remediation handler. Log messages from the remediation handler appear in the Security Compliance Manager Client’s client.log file.

NAC Appliance details

Note: NAC Appliance is also referred to as Cisco Clean Access, and most of the references and figures in this section use the Clean Access naming.

Cisco NAC Appliance is a network-centric integrated solution administered from the Clean Access Manager Web console and enforced through the Clean Access Server and the Clean Access Agent. Cisco NAC Appliance checks client systems, enforces network requirements, distributes patches and antivirus software, and quarantines vulnerable or infected clients for remediation before clients access the network.

Cisco NAC Appliance components

The following is a list of the NAC Appliance components.

￿Clean Access Manager (CAM)

This is the administration server for Clean Access deployment. The secure Web console of the Clean Access Manager is the single point of management for up to 20 Clean Access Servers in a deployment. For Out-of-Band (OOB) deployment, the Web admin console allows you to control switches and VLAN assignment of user ports through the use of SNMP. (Note that the CAM Web admin console supports Internet Explorer® 6.0 or later only, and requires high encryption (64-bit or 128-bit). High encryption is also required for client browsers for Web login and Clean Access Agent authentication.)

￿Clean Access Server (CAS)

Enforcement server between the untrusted (managed) network and the trusted network. The CAS enforces the policies you have defined in the CAM Web admin console, including network access privileges, authentication requirements, bandwidth restrictions, and Clean Access system requirements. It can be deployed in-band (always inline with user traffic) or out-of-band (inline with user traffic only during authentication/posture

Appendix A. Hints and tips 455

Page 473
Image 473
IBM Tivoli and Cisco manual NAC Appliance details, Cisco NAC Appliance components