Configuring the Remote Integrity Measurement Verifier Server (NSM Procedure)

The Trusted Network Connect (TNC) standard enables the enforcement of security requirements for endpoints connecting to networks. The client-side components of the TNC are the IMCs and the TNC-client (TNCC). The TNCC compiles the IMC measurements and sends them to the server. At the server, there is a corresponding set of components: the TNC-server (TNCS) and the IMVs. The TNCS manages the messages between the IMVs and the IMCs and sends the recommendations, based on the IMVs, to the policy engine.

To configure the remote IMV server so that the Secure Access device can communicate with it:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure the remote IMV server.
  3. Click the Configuration tab. In the configuration tree, select Authentication > Endpoint Security > Host Checker.
  4. Add or modify settings as specified in Table 66.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 66: Configuring the Remote IMV Server Details

OptionFunctionYour Action
Remote IMV > Remote IMV Servers

Name

Specifies the name for the server.

Enter the name for the remote IMV server.

Description

Describes about the server.

Enter a brief description about the server.

Host

Specifies the hostname.

Enter either the IP address or hostname as defined in the server certificate.

Port

Specifies the port number that the Secure Access device uses to communicate with the remote IMV server.

Enter a unique port number.

Note: Ensure that no other service is using this port number. The default port number is the same as the default https port number.

Shared secret

Specifies the shared secret information.

Enter the same shared secret used in the client information entry on the remote IMV server.

Remote IMV > Remote IMVs

Name

Specifies the name of the IMV.

Enter the name for the remote IMVs.

Description

Describes the IMV.

Enter a brief description about the IMV.

IMV Name

Specifies the IMV name that matches the “human readable name” in the IMV’s well-known registry key on the remote IMV server.

Enter a name for the IMV.

Primary Server

Specifies the primary remote IMV server where the IMV is installed.

Select the primary remote IMV server from the drop-down list.

Secondary Server

Specifies the secondary remote IMV server where the IMV is installed.

Note: The secondary server acts as a failover in case the primary server becomes unavailable.

Select the secondary remote IMV server from the drop-down list.

Related Documentation