Nortel health agent host integrity check, Multi-os applet support – Nortel Networks 5500 series User Manual

32

Overview

Nortel Health Agent host integrity check

The Nortel Health Agent application checks client host integrity by verifying
that the components you have specified are required for the client’s
personal firewall (executables, DLLs, configuration files, and so on) are
installed and active on the client PC. You specify the required component
entities and engineering rules by configuring a Software Requirement Set
(SRS) rule and mapping the rule to a user group.

After a client gets authenticated, the Nortel SNAS downloads a Nortel
Health Agent as an applet to the client PC. The Nortel Health Agent applet
fetches the SRS rule applicable for the group to which the authenticated
user belongs, so that Nortel Health Agent can perform the appropriate host
integrity check. The Nortel Health Agent applet reports the result of the
host integrity check to the Nortel SNAS.

If the required components are present on the client machine, Nortel
Health Agent reports that the SRS rule check succeeded. The Nortel
SNAS then instructs the network access devices to permit access to
intranet resources in accordance with the user group’s access privileges.
The Nortel SNAS also requests the Nortel Health Agent applet to redo a
DHCP request in order to renew the client’s DHCP lease with the network
access devices.

If the required components are not present on the client machine, Nortel
Health Agent reports that the SRS rule check failed. You configure
behavior following host integrity check failure: The session can be torn
down, or the Nortel SNAS can instruct the network access devices to grant
the client restricted access to the network for remediation purposes.

The Nortel Health Agent applet repeats the host integrity check periodically
throughout the client session. If the check fails at any time, the client
is either evicted or quarantined, depending on the behavior you have
configured. The recheck interval is configurable.

For information about configuring the Nortel Health Agent host integrity
check, see

“Configuring the Nortel Health Agent check” (page 92)

. For

information about configuring the SRS rules, see information about the
Nortel Health Agent SRS Builder in Nortel Secure Network Access Switch
4050 User Guide for the SREM (NN47230-101), . For information about
mapping an SRS rule to a group, see

“Configuring groups” (page 156)

.

Multi-OS Applet Support

The Nortel Health captive portal applet supports Windows and
non-Windows operating systems. For non-Windows operating systems
the applet supports collecting operating systems information and VLAN
transition.

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.