Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual Network access infrastructure, Network access device

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 72
Image 72

3.2.2 Network access infrastructure

All users connect to enterprise resources via network access devices. The topology varies depending on the size of the organization, but most networks can be classified into LAN (local area network), WAN (wide area network), or remote access. The LAN enables connectivity to users within a location. A WAN provides connectivity to remote or branch office users who need connectivity to resources that are centrally deployed. Remote access users access the enterprise resources using dial-up or the Internet to connect. Virtual private network (VPN) technology is generally deployed for remote access secure connectivity. VPN connectivity is also used by remote and branch offices to provide a low-cost secure access method. Enterprise users may use any of these methods to access the enterprise resources.

Network access device

In the IBM Integrated Security Solution for Cisco Networks, the network enforces the policy, so the network access device (NAD) becomes an integral part of the solution. In our solution, Cisco switches, routers, VPN Concentrators, Adaptive Security Appliances, and access points can be used as policy enforcement devices.

Note: Refer to the Cisco Web site for the latest list of supported hardware and corresponding software for the NAC solution at:

http://www.cisco.com/go/nac

3.2.3 IBM Integrated Security Solution for Cisco Networks servers

The servers are a set of centrally administered devices that enable creation, deployment, and management of policies. They also provide a platform for centralized validation and reporting.

Cisco Secure Access Control Server

The Cisco Secure Access Control Server (ACS) is a Cisco AAA server or an ACS appliance that provides posture validation to the client. Posture credentials of the client are then validated and network access is provided to clients depending on the policy and their posture status. The ACS delivers network policy information such as ACL and RADIUS parameters to the NAD that enforces the policy.

Security Compliance Manager server

The Security Compliance Manager server is an IBM-developed solution for the complex problem of deploying and checking enterprise polices. The server provides a platform for the creation of various client compliance policies that can

54Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 71 Page 73
Page 72
Image 72
IBM Tivoli and Cisco manual Network access infrastructure, IBM Integrated Security Solution for Cisco Networks servers
Page 71 Page 73