Summary
1-10 Overview
NetSight Console
NetSightConsoleisusedtomonitorthehealthandstatusofinfrastructuredevicesinthenetwork,
includingswitches,routers,EnterasysNACappliances(NACGatewaysandNACControllers)as
wellasothersecurityappliances.NetSightNACManagerisaplugintoNetSightConsole,and
NetSightConsolemustbeinstalledonaserver
withNACManagerfortheEnterasysNAC
solution.
NetSight Policy Manager
TheNetSightPolicyManagerapplicationprovidestheabilitytocentrallydefineandconfigurethe
authorizationlevelsor“policies”forcertainNACdeployments.PolicyManagerisrequiredfor
inlineNACdeployments,andprovidestheabilitytoconfigureandmanagepoliciesontheNAC
Controllerappliance.PolicyManagerisrecommendedforout‐of
‐bandNACdeploymentsthat
includeEnterasyspolicy‐enabledswitchesintheaccesslayer,andprovidestheabilitytocentrally
managepoliciesontheseswitches.ThiscentraladministrationofpoliciesusingPolicyManager
includesdistributionofthe“EnterpriseUser,”“As ses si ng, ”“Quarantine,”and“Failsafe”policy
rolestothepolicyenforcementpoints.
NetSight Inventory Manager
TheNetSightInventoryManagerapplicationisanoptionalcomponentoftheNACsolution,
providingcomprehensivenetworkinventoryandchangemanagementcapabilitiesforyour
networkinfrastructure.
RADIUS Server
ARADIUSserverwithbackenddirectoryservicesmustbeimplementedintheNACsolutionif
802.1Xorweb‐based(PWA)authentication ofend‐systemsisutilizedwithout‐of‐bandnetwork
accesscontrol.
Furthermore,ifRADIUSisutilizedforauthenticatingmanagementloginsforinfrastructure
devices,aRADIUSservermustbedeployed
onthenetwork.
Assessment Server
IftheNACdeploymentmodelincludesvulnerabilityassessment,oneormoreassessmentservers
mustbedeployedontheenterprisenetworkeitherasintegratedcomponentsoftheNAC
applianceorasexternalassessmentservices.
Summary
TheEnterasysNACsolutionsupportsthefivekeynetworkaccesscontrolfunctions:detection,
authentication,assessment,authorization,andremediation.FourNACdeploymentmodels
providesupportfordiverseenterpriseenvironments,witheachmodelimplementingparticular
aspectsofNACfunctionality.
•Model1:End‐SystemDetectionandTracking‐Implementsdetectiontoprovidevisibilityinto
what
devicesareconnectingtothenetwork,whoisusingthesedevices,andwherethe
devicesareconnected.
•Model2:End‐SystemAuthorization‐Implementsdetection,authentication,andauthorizationto
providenetworkaccesscontrolbasedonuserandend‐systemidentityandlocation.