IBM Tivoli and Cisco manual Integration design

Interested parties can use this design and the prototypes of these components to perform this integration in labs, for demos, and training purposes.

Integration design

The fundamental premise of this integration is for Security Compliance Manager to validate the compliance posture of the endpoint and indicate the state of the client by managing the state of a well-known file on the client and for NAC Appliance to admit an endpoint to the network based on the existence of this file. In addition, NAC Appliance will verify that the Security Compliance Manager client is running on the endpoint.

NAC Appliance is inherently capable of checking for services running on clients and for the existence of specific files on clients. These capabilities are used to validate that the Tivoli Security Compliance Manager Client is running and check that a special compliance semaphore file indicating the compliance state of the endpoint exists in order to admit the endpoint. A special NAC Appliance Agent is installed on the client for this integration, and if either of the requirements is not met, it will run a specific executable on the client.

Note: The NAC Appliance Version 4.1 (availability date September 19, 2006) will have a Qualified Executable Launch that will eliminate the need for the

special agent in this scenario.

Security Compliance Manager can have a prototype version of the policy collector installed that will manage the existence of the compliance semaphore file based on the client’s compliance status. This special version of the policy collector updates this file whenever a posture scan is performed. In addition, if the client is connected to the protected network and a compliance violation occurs, this special policy collector will initiate an HTTPS request to the NAC Appliance Manager that terminates the client’s admission session and forces the client to restart the admission process.

458Building a Network Access Control Solution with IBM Tivoli and Cisco Systems