Remediation (flow 4)

Two cases should be considered for the remediation process: one where the organization has a Tivoli Configuration Manager server with an automatic remediation implementation, and the other where the organization will use manual methods for remediation using a Web server or alternative methods. Manual remediation could be provided with a Web server where a user can download the required software to meet the software compliance requirements and manually comply to configuration requirements.

In the case of automatic remediation, these processes result in remediation:

￿Remediation request (4a)

The token received in step 3e determines the posture of the client. If the client receives a quarantine posture this requires being provided with remediation, (for example, a corrective action). The remediation is initiated by the user of

the network client machine by clicking a remediation button from the Security Compliance Manager client pop-up window. The policy collector then passes a remediation URL and a remediation request containing the name of the remediation object for remediating policy objects to the remediation handler on the network client.

￿Remediation execution (4b)

The remediation handler on the network client contacts the Configuration Manager Web Gateway server requesting remediation. An appropriate object is downloaded and executed and the client is remediated.

￿Network access (4c)

The NAD continuously polls the client for change in posture status. If the network client has been remediated, it has to go through the process steps 2a

through 3g again. After the network client is remediated of all violations, it receives a healthy token from the ACS and the access control policy is changed in the NAD device. At this point the client is compliant to the enterprise policy and is provided access to the enterprise network.

Chapter 3. Component structure 61

Page 79
Image 79
IBM Tivoli and Cisco manual Remediation flow