This chapter examined the various building blocks that make up the Cisco NAC Appliance solution. Those building blocks are as follows:
- Cisco NAC Appliance Manager
- Cisco NAC Appliance Server
- Cisco Clean Access Agent
- Cisco NAC Appliance Network Scanner
The purpose and function of each piece was covered and can be summarized as follows:
- NAC Appliance Manager is the administration server. It allows you to centrally manage and monitor your deployment of NAC Appliance Servers and Clean Access Agents.
- NAC Appliance Server is the policy enforcer, or the policy firewall, between the untrusted networks and the trusted networks. NAC Appliance Server's job is to enforce the security policies created in NAC Appliance Manager.
- Clean Access Agent is a free software program that resides on client PCs. It is a read-only agent whose job is to gather information about the user and host it is installed on.
- NAC Appliance Network Scanner allows you to scan hosts to check for known vulnerabilities. It uses the embedded Nessus vulnerability scanning software for this function.
The chapter finished with an overview of the minimum hardware and software requirements and performance metrics of the different building blocks. It was recommended that the newer appliance form factors be used for the NAC Appliance Manager and NAC Appliance Server pieces.