We are going to deploy Cisco NAC Appliance 3310 Clean Access server in our network. Regarding the deployment I have several questions.
My questions are:
Do we required any additional server like WSUS for patch/windows update management?
Does NAC appliance talk with MS AD for authentication?
Do we required anti-virus server for endpoint security?
Do we required additional remediation server to remediate the infected endpoint?
I will be glad if get the above answer.
No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.
The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.
View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5: