Model 4: End-System Authorization with Assessment and Remediation
Enterasys NAC Design Guide 2-15
trafficwithspecificsourceanddestinationcharacteristicsaswellasspecificapplication
identifiers(UDP/TCPports).Inaddition,theEnterasysNACsolutionwillsupportan
unlimitednumberofdifferentquarantinepolicyroles,whichmeansthatthesolutioncan
supportvaryingdegreesofnetworkusagerestrictionsdependingupontheseverityofthe
non
‐complianceorsecuritybreach.ThisisdifferentfrommanyotherNACsolutionsthatonly
offeraVLAN“parkinglot”forend‐systemsthatneedtobequarantined.
Required and Optional Components
ThissectionsummarizestherequiredandoptionalcomponentsforModel4.
.
TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐
bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.
NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances
deployedonthenetwork.
NetSightConsoleisthesoftwareapplicationusedto
monitorthehealthandstatusof
infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances
(NACGatewaysandNACControllers).
Assessmentfunctionalityisrequiredbecauseinthisdeploymentmodel,connectingend‐systems
arebeingassessedforsecurityposturecompliance.
ARADIUSserverisonlyrequiredifout‐of‐
bandnetworkaccesscontrolviatheNACGatewayis
implementedwithweb‐basedand/or802.1Xauthentication.
NetSightPolicyManagerisrequiredforallinlineNACdeployments,andrecommendedforout‐
of‐bandNACdeploymentsthatutilizeEnterasyspolicy‐capableswitches.PolicyManager
providestheabilitytocentrallydefineandconfigurethe
authorizationlevelsorpolicies.
NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork
inventoryandchangemanagementcapabilities.
Table 2-4 Component Requirements for Authorization with Assessment and Remediation
Component
Authorization with
Assessment and
Remediation
NAC Appliance Required
NetSight NAC Manager Required
NetSight Console Required
Assessment Service Required
RADIUS Server Optional
NetSight Policy Manager Optional
NetSight Inventory Manager Optional