IBM Tivoli and Cisco manual Logical components, Solution logical block diagram

3.1 Logical components

The IBM Integrated Security Solution for Cisco Networks detects the state of network clients and compares it with a set of centrally defined and managed policies to establish client postures. It then dynamically reconfigures the network based on detected client postures and changes the state of devices to be in compliance with defined policies. This solution is an integration of products from IBM and Cisco. The IBM products focus on the aspects of compliance and remediation, and the Cisco products provide the Network Admission Control (NAC) and policy validation components.

This new integrated solution includes a set of policies and workflows that address certain well-known conditions such as operating system levels, hotfixes, and security and policy settings. These policies and workflows can be configured to address new instances of these conditions. The IBM Integrated Security Solution for Cisco Networks is an extensible offering that provides the ability to create new policies to detect various combinations of device postures and workflows that can remediate various states on these devices. This can provide you with the flexibility to define polices that are unique to your environment.

The solution integrates three major independent logical components or subsystems with add-on components specifically developed for the IBM Integrated Security Solution for Cisco Networks, depicted in Figure 3-1.

Policy

Enforcement

Device

Figure 3-1 Solution logical block diagram

40Building a Network Access Control Solution with IBM Tivoli and Cisco Systems