using the example HTML form provided. It should be noted that default security settings on most browsers will prevent active content or ask the user whether to allow it, meaning that the user will still have to manually intervene in the process.

This HTML form must be customized to the environment as follows:

￿The client’s MAC address must be placed in the <INPUT TYPE="HIDDEN" NAME="mac" VALUE="001125CEF56C"> tag.

￿The administrator UID of the NAC Appliance Manager must be placed in the <INPUT TYPE="HIDDEN" NAME="admin" VALUE="admin">

￿The password for the specified administrator ID must be placed in the <INPUT TYPE="HIDDEN" NAME="passwd" VALUE="cisco123">.

There is sensitive information placed in this file, which is another reason why this version of the integration is not suitable for production.

Installing and configuring prototype integration components

The following instructions are intended to assist the reader in implementing this integration.

NAC Appliance Agent

The prototype version of this agent installs on the client in the same manner as the production version. It is basically a wizard install and there are no configuration parameters required.

On the NAC Appliance Manager, the agent must be registered as follows:

1.Unzip the IBMTivoli.zip file. You will find two sub-directories, CAM and Agent.

2.Copy the two jsps from the CAM sub-directory into the /perfigo/control/tomcat/Webapps/admin/ directory on the Clean Access Manager.

3.Upload the CCAAgentSetup.tar.gz file in the Agent sub-directory on to the Clean Access Manager using CleanAccess CleanAccess Agent Distribution with Version 4.0.1.1.

Policy collector

The prototype policy collector is delivered as a .jar file named com.ibm.scm.nac.posture.PolicyCollector.jar. This file is installed as a collector using the Security Compliance Manager Server’s Administration Console. This collector is assigned Release Version 500, which is several hundred versions higher than the production versions, to distinguish it from production versions of the collector. Whenever a system with this prototype collector is updated with a production version, the installer will be warned that the new version is lower than

462Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 480
Image 480
IBM Tivoli and Cisco manual Installing and configuring prototype integration components, NAC Appliance Agent