Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual Scheduler, Kickrich.html

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 479
Image 479

Note: A number of constraints exist at the time of this writing that affect the processing of the NAC Appliance-specific policy collector. As a result, a number of limitations exist in this version of the collector that can be corrected in a supported version of this collector. In addition, this version of the collector was written quickly in lab conditions and several issues should be corrected in a production version.

Users of this protype version of the policy collector should be aware of the following:

￿There is very little error checking, so the collector behaves in unpredictable manners if the configuration is not correct. For example, the policy

collector’s Handler_Attributes must contain a value called NACAppliancekickUserCMD that must contain a command to invoke a Web browser and open a pre-configured HTML form.

￿The policy collector is written with JAVA 1.3 and does not have access to the HTTPS classes provided in later JAVA versions. Since an HTTPS Post is required to terminate the client’s network session, a special HTML Form has been provided to issue the HTTPS Post request. This form is called by the policy collector and should be customized according to the environment.

￿Various attributes required by this special policy collector have been parameterized and can be configured either as parameters of the policy collector or in the Security Compliance Manager Client’s handler.properties file.

￿All of the components assume that the Security Compliance Manager Client is installed in the c:\Program Files\IBM\SCM\Client directory, which is the default location.

Scheduler

A platform-specific task scheduler (EG Windows Task Scheduler or Cron on

UNIX) is configured to run the Security Compliance Manager Client’s statuscheck.exe on a periodic basis. This is required to create a post-admission polling cycle that monitors the client for compliance after admission to the

network. A special scheduler.bat file is provided to create a scheduled task that runs statuscheck.exe each minute. This script is appropriate for Windows clients.

kickrich.html

There are two versions of this HTML form provided, one that requires the user to manually click a button to continue, and one that automatically submits the request. Either one will work and it is up to the reader to decide which behavior is desired. In either case, the selected version should be renamed to kickrich.html if

Appendix A. Hints and tips 461

Page 478 Page 480
Page 479
Image 479
IBM Tivoli and Cisco manual Scheduler, Kickrich.html
Page 478 Page 480