Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual Physical components, Network client, Remediation handler component

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 70
Image 70

and any client components that would normally be installed on a Tivoli Configuration Manager client are embedded within the Security Compliance Manager Compliance policy.

For the IBM Integrated Security Solution for Cisco Networks, the Tivoli Configuration Manager Software Distribution Server and Web Gateway components are used. The Software Distribution server is extended with administrative utilities that support the creation of remediation objects that are designed to be invoked and installed based on requests from the compliance

client. These utilities also publish the remediation objects to the Web Gateway. The Web Gateway is extended with a Remediation Servlet that is designed to

accept the remediation requests from the client and provide the appropriate remediation objects in response to these requests.

Remediation handler component

The remediation handler is a specific component for the IBM Integrated Security Solution for Cisco Networks that handles the interface between the Security Compliance Manager client for NAC and the Tivoli Configuration Manager server. These components are shown in Figure 3-6 on page 56 and explained in the next sections. This component is not actually installed on the client. Instead, it is embedded into compliance policies as a special collector and is downloaded to the clients as part of the compliance policy.

3.2 Physical components

The discussion so far has been focused on the various logical components that make up the IBM Integrated Security Solution for Cisco Networks. In this section we map the logical components into physical components that make up the IBM Integrated Security Solution for Cisco Networks. The physical components of the solution can be categorized into three types: client components, network components, and server components. All three components work together to effectively deploy polices that an enterprise would like to implement.

3.2.1 Network client

A network client is the end device that must comply with the policy. The client in the current context of the solution can be a PC or mobile computer running Windows 2000, Windows XP, or Windows NT®, and Red Hat Linux® Enterprise Linux 3.x and 4.0. The network client must have the following software components installed:

￿Cisco Trust Agent client software

￿Security Compliance Manager client

52Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 69 Page 71
Page 70
Image 70
IBM Tivoli and Cisco manual Physical components, Network client, Remediation handler component
Page 69 Page 71