NAC Appliance Deployment issue

Answered Question
Sep 12th, 2009
User Badges:

Hi,


We are going to deploy Cisco NAC Appliance 3310 Clean Access server in our network. Regarding the deployment I have several questions.


My questions are:


Do we required any additional server like WSUS for patch/windows update management?


Does NAC appliance talk with MS AD for authentication?


Do we required anti-virus server for endpoint security?


Do we required additional remediation server to remediate the infected endpoint?


I will be glad if get the above answer.

Regards,

Mamun






Correct Answer by Faisal Sehbai about 7 years 10 months ago

Mamun,


No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.


The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.


View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5:


http://tinyurl.com/d74t9u


HTH,

Faisal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Faisal Sehbai Sat, 09/12/2009 - 14:57
User Badges:
  • Gold, 750 points or more

Answers inline:


Do we required any additional server like WSUS for patch/windows update management?


[Faisal]: No. It gives you more control if you do have those servers, but just to deploy and check your clients, you don't need WSUS servers.


Does NAC appliance talk with MS AD for authentication?


[Faisal]: Yes. NAC can do Active Directory authentication via LDAP and AD Single Sign on also


Do we required anti-virus server for endpoint security?


[Faisal]: Again no, but having them gives you more control


Do we required additional remediation server to remediate the infected endpoint?


[Faisal]: In general No.


HTH,

Faisal

almamun@ektoo.net.bd Sat, 09/12/2009 - 20:38
User Badges:

Hi Faisal,


Thanks a lot. I am glad to you for answer.


I need additional clarification regarding the deployment.


Does the appliance has built-in path management software for windows client and that can updated from internet and push the new patch/update to endpoint?


Regards,

Mamun

Correct Answer
Faisal Sehbai Sun, 09/13/2009 - 02:58
User Badges:
  • Gold, 750 points or more

Mamun,


No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.


The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.


View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5:


http://tinyurl.com/d74t9u


HTH,

Faisal

almamun@ektoo.net.bd Tue, 09/15/2009 - 02:36
User Badges:

Hi faisal,


Great!! Thanks for the update. Now I am very clear regarding the deplyment.


Regards,

Mamun


Actions

This Discussion