12.5. Working with the TNC Architecture

In the TNC architecture, the TNC Client (TNCC) gathers the collected information about an endpoint device's security, integrity, and posture state from the various Integrity Measurement Collectors (IMCs) which monitor specific applications, products, and services on the endpoint device. The TNCC transmits this captured data via the 802.1X client or supplicant, VPN client, Web browser that initiates an SSL connection, or other method that serves as the Network Access Requestor (NAR).

The NAR communicates the data — usually through a tunneled EAP type — to the switch, wireless access point, firewall, or other access device that serves as the Policy Enforcement Point (PEP). Then — and again, typically through a tunneled EAP type — the PEP communicates the collected data on the endpoint's security state and integrity to the server-side Network Access Authority (NAA).

The NAA passes the captured state and integrity data through the TNC Server (TNCS) to the Integrity Measurement Verifiers (IMVs), which check and verify the integrity and state information provided against the policies for a specific application, service, or product, as determined by the organization. Based on these checks, the IMV formulates an action recommendation, which it communicates to the TNCS. The TNCS takes the received IMV action recommendations and, based on the organization's pre-defined baseline security and access control policies (defined in the TNCS), combines the ...

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.