State mapping and scenarios

One way for the solution to approach a design is to consider all of the possible states that can occur with regards to the client, its compliance state, and its network admission state. Table 8-8presents the possible states that should be considered.

Table 8-8 Possible client states

State #

Security

Compliant to

Admitted to

 

Compliance

policy

network

 

Manager

 

 

 

Client

 

 

 

running

 

 

 

 

 

 

1

0

0

0

 

 

 

 

2

0

0

1

 

 

 

 

3

0

1

0

 

 

 

 

4

0

1

1

 

 

 

 

5

1

0

0

 

 

 

 

6

1

0

1

 

 

 

 

7

1

1

0

 

 

 

 

8

1

1

1

 

 

 

 

As indicated by this state table, there are eight different scenarios that must be accommodated in any design. The following list is the expected behavior for each of these states.

￿Scenario 1 - Pre-admission, Security Compliance Manager not running, noncompliant client

NAC Appliance detects that the Security Compliance Manager Client is not running:

i.Pops up Temporary Access Window

ii.User clicks Update

iii.Runs TSCMAgent.bat

TSCMAgent.bat:

i.Sets semaphore to -1

ii.Starts Security Compliance Manager Client

iii.Runs statuscheck.exe

Statuscheck.exe:

Requests rescan from Security Compliance Manager Client

Appendix A. Hints and tips 465

Page 483
Image 483
IBM Tivoli and Cisco manual State mapping and scenarios