Policy creation and deployment flow

The flow consists of these process groups, depicted in Figure 3-6:

1.Policy creation and deployment

2.Posture collection

3.Posture validation and policy enforcement

4.Remediation

AAA Policy	1.d				SCM				TCM
Server	1.d				SCM				TCM
(ACS)					Server			1.a	Server
Rem.URL	3.e			1.b					Rem.Object
									Rem.Object

3.f		3.d						TCM Web Gateway
		3.d
ACL					1.c
					1.c
3.g	NAD	1.e
3.g									4.b
			Policy			Posture			4.b
Posture			Policy			Posture
Posture						Collector
Token	Policy.Version		Posture		2.a	Rem.
						Rem.
						Attributes		4.c
						Attributes
Rem.URL	Violation.Count		cache			Posture
Rem.URL	Violation.Count					Posture
Pop-up						Collector
Message			Policy Collector			Rem.
Network	3.b		Policy.Version			Attributes			Network
	3.b								Network
		3.c
		3.c
3.a			Policy.Version	2.b					4.d
Network			Policy.Version	2.b		Rem.
Network						Attributes
Client			Violation.Count
Cisco Trust								Remediation
Cisco Trust			Posture				4.a		Handler
	Agent		Posture		Rem.URL		4.a		Handler
			Plug-in

Figure 3-6 Solution data and communication flow

The naming convention in the diagram has four flows based on the process.

Policy creation and deployment (flow 1)

The first step in the data flow is the creation and deployment of a policy. If a Tivoli Configuration Manager server is used for remediation, a corresponding

56Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

IBM Tivoli and Cisco manual Policy creation and deployment flow

Models: Tivoli and Cisco

Policy

Figure 3-6 Solution data and communication flow

Policy creation and deployment (flow 1)