Table of Contents
Advertisement
Deployment Flexibility
1
®
®
Novell
ZENworks
Network Access Control v5.0 allows you to deploy multiple Enforcement
servers (ESs) across a network and manage them from one central Management server (MS). You
create logical groups of ESs by joining them to an Enforcement cluster.
The Novell ZENworks Network Access Control MS specifies many aspects of the Enforcement
clusters; for example, the MS specifies the enforcement method (inline, DHCP, or 802.1X), how
often the endpoints are retested, the tests run on the endpoints, and how to control the endpoints'
access.
The Novell ZENworks Network Access Control ESs detect and test endpoints on the network for
compliance.
You can deploy each Novell ZENworks Network Access Control cluster in one of the following
configurations:
Inline — When deploying Novell ZENworks Network Access Control inline, Novell
ZENworks Network Access Control monitors and enforces all endpoint traffic. When Novell
ZENworks Network Access Control is deployed as a single-server installation, Novell
ZENworks Network Access Control becomes a Layer 2 bridge that requires no changes to the
network configuration settings. When Novell ZENworks Network Access Control is installed
in a multiple-server installation, you might have to configure the switch that connects the
Novell ZENworks Network Access Control Enforcement servers to use Spanning Tree
Protocol (STP) if STP is not already configured. Novell ZENworks Network Access Control
allows endpoints to access the network or blocks endpoints from accessing the network based
on their Internet Protocol (IP) address with a built-in firewall (iptables).
DHCP — When deploying Novell ZENworks Network Access Control inline with a Dynamic
Host Configuration Protocol (DHCP) server, all DHCP requests pass through the Novell
ZENworks Network Access Control server Layer 2 bridge. For a quarantined endpoint, Novell
ZENworks Network Access Control distributes the quarantined IP address for the endpoint. If
Novell ZENworks Network Access Control allows the endpoint to have access, Novell
ZENworks Network Access Control allows your real DHCP server to distribute a non-
quarantined IP address. Novell ZENworks Network Access Control assigns a DHCP IP address
based on the quarantine area parameters you define during configuration. You can place
restrictions on network access either at the gateway for the endpoint using Access Control Lists
(ACLs), or on the endpoint by removing the endpoint's gateway and adding static routes for
accessible networks.
802.1X — When deploying Novell ZENworks Network Access Control in an 802.1X
environment, you must install it where it can communicate with the Remote Authentication
Dial-In User Service (RADIUS) server (or, Novell ZENworks Network Access Control has a
built-in RADIUS server that you can use). The RADIUS server communicates with the switch,
which performs the quarantining by moving ports or MAC addresses in and out of virtual local
area networks (VLANs).
1
Deployment Flexibility
9
Advertisement
Chapters
Table of Contents
