Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Model 4: End-System Authorization with Assessment and Remediation

2-12 NAC Deployment Models

Required and Optional Components

ThissectionsummarizestherequiredandoptionalcomponentsforModel3.

.

TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐

bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.

NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances

deployedonthenetwork.

NetSightConsoleisthesoftwareapplicationusedto

monitorthehealthandstatusof

infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances

(NACGatewaysandNACControllers).

Assessmentfunctionalityisrequiredbecauseinthisdeploymentmodel,connectingend‐systems

arebeingassessedforsecurityposturecompliance.

ARADIUSserverisonlyrequiredifout‐of‐

bandnetworkaccesscontrolviatheNACGatewayis

implementedwithweb‐basedand/or802.1Xauthentication.

NetSightPolicyManagerisrequiredforallinlineNACdeployments,andrecommendedforout‐

of‐bandNACdeploymentsthatutilizeEnterasyspolicy‐capableswitches.PolicyManager

providestheabilitytocentrallydefineandconfigurethe

authorizationlevelsorpolicies.

NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork

inventoryandchangemanagementcapabilities.

Model 4: End-System Authorization with Assessment and

Remediation

ThisNACdeploymentmodelimplementsallfiveNACfunctions:detection,authentication,

assessment,authorization,andremediation.InModel3,end‐systemsandendusersconnectedto

thenetworkareauthorizedbasedonthedeviceidentity,useridentity,location,and/orsecurity

postureinformation.And,asexplainedinModel3,itwasnotnecessary

toquarantine

noncompliantend‐systemswhilephasingintheNACsolutiononthenetwork.However,oncea

restrictiveauthorizationlevelisallocatedtononcompliantend‐systems,itisimportanttoinform

theenduseroftherestrictionsandprovidethestepstheycanexecuteforself‐repairofthedevice.

Thisistheprocessofassistedremediation,whichistheNACfunctionintroducedinModel4.

Table 2-3 Component Requirements for Authorization with Assessment

Component

Authorization with

Assessment

NAC Appliance Required

NetSight NAC Manager Required

NetSight Console Required

Assessment Service Required

RADIUS Server Optional

NetSight Policy Manager Optional

NetSight Inventory Manager Optional

previous next