Table of Contents
Advertisement
3.1 Logical components
The IBM Integrated Security Solution for Cisco Networks detects the state of
network clients and compares it with a set of centrally defined and managed
policies to establish client postures. It then dynamically reconfigures the network
based on detected client postures and changes the state of devices to be in
compliance with defined policies. This solution is an integration of products from
IBM and Cisco. The IBM products focus on the aspects of compliance and
remediation, and the Cisco products provide the Network Admission Control
(NAC) and policy validation components.
This new integrated solution includes a set of policies and workflows that address
certain well-known conditions such as operating system levels, hotfixes, and
security and policy settings. These policies and workflows can be configured to
address new instances of these conditions. The IBM Integrated Security Solution
for Cisco Networks is an extensible offering that provides the ability to create new
policies to detect various combinations of device postures and workflows that
can remediate various states on these devices. This can provide you with the
flexibility to define polices that are unique to your environment.
The solution integrates three major independent logical components or
subsystems with add-on components specifically developed for the IBM
Integrated Security Solution for Cisco Networks, depicted in Figure 3-1.
Components
Figure 3-1 Solution logical block diagram
40
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
Network
Admission
Control
Posture
Validation
Server
Policy
Enforcement
Device
Client
Admission Control
Client
Compliance
Compliance
Server
Compliance Client
(Posture plug-in)
Remediation
Remediation
Server
Remediation
Client
Advertisement
Table of Contents
