cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
513
Views
10
Helpful
4
Replies

NAC Appliance Deployment issue

almamun
Level 1
Level 1

Hi,

We are going to deploy Cisco NAC Appliance 3310 Clean Access server in our network. Regarding the deployment I have several questions.

My questions are:

Do we required any additional server like WSUS for patch/windows update management?

Does NAC appliance talk with MS AD for authentication?

Do we required anti-virus server for endpoint security?

Do we required additional remediation server to remediate the infected endpoint?

I will be glad if get the above answer.

Regards,

Mamun

1 Accepted Solution

Accepted Solutions

Mamun,

No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.

The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.

View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5:

http://tinyurl.com/d74t9u

HTH,

Faisal

View solution in original post

4 Replies 4

Faisal Sehbai
Level 7
Level 7

Answers inline:

Do we required any additional server like WSUS for patch/windows update management?

[Faisal]: No. It gives you more control if you do have those servers, but just to deploy and check your clients, you don't need WSUS servers.

Does NAC appliance talk with MS AD for authentication?

[Faisal]: Yes. NAC can do Active Directory authentication via LDAP and AD Single Sign on also

Do we required anti-virus server for endpoint security?

[Faisal]: Again no, but having them gives you more control

Do we required additional remediation server to remediate the infected endpoint?

[Faisal]: In general No.

HTH,

Faisal

Hi Faisal,

Thanks a lot. I am glad to you for answer.

I need additional clarification regarding the deployment.

Does the appliance has built-in path management software for windows client and that can updated from internet and push the new patch/update to endpoint?

Regards,

Mamun

Mamun,

No, the CCA system asks the client to remediate itself, and the Windows update client on the client computer then attempts to remediate based on it's options. The two options are going to Microsoft's WU servers, or if you have an internally defined WSUS server, going to that.

The other thing you can do also is to "offer" the clients to download files that you store on the CCA system based on different requirements, but doing it this way would be very hard to manage since you're looking at creating requirements for each patch which can become unwieldy very soon.

View these Video-on-demands on how CCA does posture assessment and remediation. Look at VOD 5:

http://tinyurl.com/d74t9u

HTH,

Faisal

Hi faisal,

Great!! Thanks for the update. Now I am very clear regarding the deplyment.

Regards,

Mamun

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: