09-12-2009 12:44 AM - edited 02-21-2020 03:40 AM
Hi,
We are going to deploy Cisco NAC Appliance 3310 Clean Access server in our network. Regarding the deployment I have several questions.
My questions are:
Do we required any additional server like WSUS for patch/windows update management?
Does NAC appliance talk with MS AD for authentication?
Do we required anti-virus server for endpoint security?
Do we required additional remediation server to remediate the infected endpoint?
I will be glad if get the above answer.
Regards,
Mamun
Solved! Go to Solution.
09-13-2009 02:58 AM
Mamun,
No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.
The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.
View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5:
HTH,
Faisal
09-12-2009 02:57 PM
Answers inline:
Do we required any additional server like WSUS for patch/windows update management?
[Faisal]: No. It gives you more control if you do have those servers, but just to deploy and check your clients, you don't need WSUS servers.
Does NAC appliance talk with MS AD for authentication?
[Faisal]: Yes. NAC can do Active Directory authentication via LDAP and AD Single Sign on also
Do we required anti-virus server for endpoint security?
[Faisal]: Again no, but having them gives you more control
Do we required additional remediation server to remediate the infected endpoint?
[Faisal]: In general No.
HTH,
Faisal
09-12-2009 08:38 PM
Hi Faisal,
Thanks a lot. I am glad to you for answer.
I need additional clarification regarding the deployment.
Does the appliance has built-in path management software for windows client and that can updated from internet and push the new patch/update to endpoint?
Regards,
Mamun
09-13-2009 02:58 AM
Mamun,
No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.
The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.
View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5:
HTH,
Faisal
09-15-2009 02:36 AM
Hi faisal,
Great!! Thanks for the update. Now I am very clear regarding the deplyment.
Regards,
Mamun
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: