IBM Tivoli and Cisco User Manual page 35

Note: With the availability of Cisco's Network Admission Control Appliance
(NAC Appliance) offering, the Network Admission Control subsystem can be
delivered by NAC Framework or NAC Appliance. While the interfaces between
these two offerings vary, the Tivoli Security Compliance Manager and Tivoli
Configuration Manager subsystems are designed to work with either version
of Cisco's NAC offerings. A minor difference exists in the interface between
Tivoli Security Compliance Manager and the selected Network Admission
Control offering, but all of the policies and remediation objects built for Tivoli
Security Compliance Manager and Tivoli Configuration Manager can be used
interchangeably with either Cisco offering.
Customers have to choose between a NAC Framework and NAC Appliance
implementation because applications that are compatible with a NAC
Framework do not work with an NAC Appliance, as the interfaces are currently
dissimilar. It is Cisco's stated intention to make NAC Framework and NAC
Appliance solutions compatible, but at the current time, this is not the case.
In most cases, customers who run homogenous Cisco networks and have
long-range NAC plans will be able to start with NAC Framework and deploy in
phases. For customers with heterogeneous networks containing non-Cisco
equipment or customers who wish to start with a smaller entry price and
deployment footprint while still retaining the option to migrate to a full NAC
Framework solution, NAC Appliance is the better choice.
For the purposes of this book, the majority of the content is targeted at NAC
Framework solutions.
Security Compliance Manager
IBM Tivoli Security Compliance Manager performs the functions of managing
security compliance policies and monitoring compliance of clients to these
policies. It plays a vital role in deploying predefined policies and providing a
repository for reporting that can help corporate auditors. The Security
Compliance Manager server has a built-in reporting engine that can be used to
produce standard reports as required by security officers. It can also utilize
external report generators such as IBM DB2® Alphablox or Crystal Reports for
ad hoc reporting.
The relationship between the Security Compliance Manager server and client is
more accurately described as an agent/manager model than a client/server
architecture. The Security Compliance Manager client acts as an agent collecting
data from the client subsystem on a predefined schedule or at the request of the
Security Compliance Manager server and sends the requested data back to the
server. The Security Compliance Manager server acts as a manager issuing
requests to clients and receiving data collections from the client.
Chapter 2. Architecting the solution
17