Specifications

Summary

1-10 Overview

NetSight Console

NetSightConsoleisusedtomonitorthehealthandstatusofinfrastructuredevicesinthenetwork,

includingswitches,routers,EnterasysNACappliances(NACGatewaysandNACControllers)as

wellasothersecurityappliances.NetSightNACManagerisaplugintoNetSightConsole,and

NetSightConsolemustbeinstalledonaserver

withNACManagerfortheEnterasysNAC

solution.

NetSight Policy Manager

TheNetSightPolicyManagerapplicationprovidestheabilitytocentrallydefineandconfigurethe

authorizationlevelsor“policies”forcertainNACdeployments.PolicyManagerisrequiredfor

inlineNACdeployments,andprovidestheabilitytoconfigureandmanagepoliciesontheNAC

Controllerappliance.PolicyManagerisrecommendedforout‐of

‐bandNACdeploymentsthat

includeEnterasyspolicy‐enabledswitchesintheaccesslayer,andprovidestheabilitytocentrally

managepoliciesontheseswitches.ThiscentraladministrationofpoliciesusingPolicyManager

includesdistributionofthe“EnterpriseUser,”“A s se s s i n g , ” “Quarantine,”and“Failsafe”policy

rolestothepolicyenforcementpoints.

NetSight Inventory Manager

TheNetSightInventoryManagerapplicationisanoptionalcomponentoftheNACsolution,

providingcomprehensivenetworkinventoryandchangemanagementcapabilitiesforyour

networkinfrastructure.

RADIUS Server

ARADIUSserverwithbackenddirectoryservicesmustbeimplementedintheNACsolutionif

802.1Xorweb‐based(PWA)authenticationofend‐systemsisutilizedwithout‐of‐bandnetwork

accesscontrol.

Furthermore,ifRADIUSisutilizedforauthenticatingmanagementloginsforinfrastructure

devices,aRADIUSservermustbedeployed

onthenetwork.

Assessment Server

IftheNACdeploymentmodelincludesvulnerabilityassessment,oneormoreassessmentservers

mustbedeployedontheenterprisenetworkeitherasintegratedcomponentsoftheNAC

applianceorasexternalassessmentservices.

Summary

TheEnterasysNACsolutionsupportsthefivekeynetworkaccesscontrolfunctions:detection,

authentication,assessment,authorization,andremediation.FourNACdeploymentmodels

providesupportfordiverseenterpriseenvironments,witheachmodelimplementingparticular

aspectsofNACfunctionality.

•Model1:End‐SystemDetectionandTracking‐Implementsdetectiontoprovidevisibilityinto

what

devicesareconnectingtothenetwork,whoisusingthesedevices,andwherethe

devicesareconnected.

•Model2:End‐SystemAuthorization‐Implementsdetection,authentication,andauthorizationto

providenetworkaccesscontrolbasedonuserandend‐systemidentityandlocation.