The Novell Zenworks Network Access Control Process; About Novell Zenworks Network Access Control - Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - 09-22-2008 User Manual

Load balancing is achieved by an algorithm that spreads the endpoint testing load across all
ESs in a cluster.
Multiple-user, role-based access — In enterprise deployments numerous individuals, each
with varying responsibilities, typically require access to information within Novell ZENworks
Network Access Control. Role-based access enables system administrators to control who has
access to the data, the functions they are allowed to perform, and the information they can view
and act on. Role-based access ensures the integrity of the enterprise-wide Novell ZENworks
Network Access Control deployment and creates the separation of duties that conforms to
security best-practices.
Extensible — Novell ZENworks Network Access Control's easy-to-use open API allows
administrators to create custom tests for meeting unique organizational requirements. The API
is fully exposed and thoroughly documented. Custom tests are created using scripts and can be
seamlessly added to existing policies.
Compatible with existing heterogeneous network infrastructure — No upgrades to your
existing network infrastructure are required.
Variety of enforcement options — Permit, deny, or quarantine based on test results.
Self-remediation — Reduces IT administration by empowering users to bring their machines
into compliance.
Subscription-based licensing — Includes all test updates and software upgrades.

1.4.1 The Novell ZENworks Network Access Control Process

Novell ZENworks Network Access Control administrators create NAC policies that define which
applications and services are permitted, and specify the actions to be taken when endpoints do not
comply. Novell ZENworks Network Access Control automatically applies the NAC policies to
endpoints as they log into the network, and periodically as the endpoints remain logged into the
network. Based on results, endpoints are either permitted or quarantined to a specific part of the
network, thus enforcing the organizational security standards. Novell ZENworks Network Access
Control tracks all testing and connection activity and produces a range of reports for auditors,
managers, and IT staff.
Novell ZENworks Network Access Control performs pre-connect testing; when an endpoint passes
the NAC policy tests (or is otherwise granted access), the endpoint is allowed access to the network.
If you have external Intrusion Detection System/Intrusion Prevention System (IDS/IPS) systems
that monitor your network for attacks, you can configure these external systems in Novell
ZENworks Network Access Control so they can request that Novell ZENworks Network Access
Control quarantine an endpoint after it has been connected (post-connect).

1.4.2 About Novell ZENworks Network Access Control

The following sections contain more information:
"NAC Policy Definition" on page 23
"Endpoint Testing" on page 23
"Compliance Enforcement" on page 24
"Automated and Manual Repair" on page 24
"Targeted Reporting" on page 24
22 Novell ZENworks Network Access Control Users Guide