Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Summary

Enterasys NAC Design Guide 1-11

•Model3:End‐SystemA ut horizationwithAssessment‐Implementsdetection,authentication,

assessment,andauthorizationtoprovidenetworkaccesscontrolbasedonthesecurityposture

ofaconnectingend‐system,aswellasuseranddeviceidentityandlocation.Thismodel

requirestheuseofeitherintegratedassessmentserverfunctionalityor

theabilitytoconnectto

externalassessmentservices,inordertoperformtheend‐systemassessment.

•Model4:End‐SystemA ut horizationwithAssessmentandRemediation‐Implements

detection,authentication,assessment,authorization,andremediation,providingtheadditional

abilitytoquarantineandremediatenoncompliantdevices.

TheNACapplianceisacorecomponent

oftheEnterasysNACsolutionandisrequiredforall

NACdeploymentmodels.Itprovidestheabilitytodetect,authenticate,andauthorizeenddevices

attemptingtoconnecttothenetwork.Italsointegrateswithorconnectstoassessmentservicesto

performassessmentofend‐systemsconnectingtothenetwork.Onceauthentication

and

assessmentarecomplete,theNACapplianceauthorizesdevicesonthenetworkbyallocatingthe

appropriatenetworkresourcestotheend‐systembasedonauthenticationand/orassessment

results.TheNACappliancealsoprovidesremediationfunctionality,allowingenduserstosafely

remediatetheirquarantinedend‐systemwithoutimpactingIToperations.

Enterasysoffers

twotypesofNACappliances:

•TheNACGatewayapplianceimplementsout‐of‐bandnetworkaccesscontrolandrequires

theimplementationofintelligentwiredorwirelessedgeinfrastructuredevicesonthe

network.

•TheNACControllerapplianceimplementsinlinenetworkaccesscontrolandisapplicableto

scenarioswherenon‐intelligentwiredorwireless

edgeinfrastructuredevicesaredeployedin

thenetwork.TheNACControllerisalsorequiredinIPSecandSSLVPNdeployments.

TheNACappliancesareconfigured,monitored,andmanagedthroughEnterasysNetSight

managementapplications.NetSightNACManagerandNetSightConsolearerequiredforallfour

NACdeploymentmodels.NACManagerprovides

configurationsfortheassessment,

authentication,authorization,andremediationparametersforallNACappliances,whileNetSight

Consoleisusedtomonitorthehealthandstatusofinfrastructuredevicesinthenetwork,

includingswitches,routers,andEnterasysNACappliances.

NetSightPolicyManagerandNetSightInventoryManagerareoptionalNetSightapplications.

PolicyManagerprovides

theabilitytocentrallydefineandconfiguretheauthorizationlevelsor

“policies”forcertainout‐of‐bandNACdeploymentsandallinlineNACdeployments.Inventory

Managerprovidescomprehensivenetworkinventoryandchangemanagementcapabilitiesfor

yournetworkinfrastructure.

ThenextchapterprovidesamoredetaileddescriptionofthefourNACdeployment

models

includingtheirrequirementsandimplementation.

previous next