TSCMAgent.bat

This script creates the compliance semaphore file in and intermediate state that indicates that the client is in the admission process. It then starts the TSecurity Compliance Manager Client service. These are the two conditions that should be checked for in any NAC Appliance policy created for this integration. Finally, it runs the TSecurity Compliance Manager Client’s statuscheck.exe, which forces the TSecurity Compliance Manager Client to run a rescan and recompute the compliance posture.

NACApplianceCompliance.entry

This file is an identical copy of the compliance semaphore file in an intermediate state that indicates that the client is in quarantine. It is used by the TSCMAgent.bat file to create the actual semaphore file to indicate this state to the policy collector.

Policy collector

This specially built policy collector has been modified to update the state of the compliance semaphore file and to terminate the client’s session if the client is admitted to the network and compliance violations are found.

460Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 477 Page 479
Page 478
Image 478
IBM Tivoli and Cisco manual TSCMAgent.bat, NACApplianceCompliance.entry
Page 477 Page 479
Top Page Image Contents