Professional Documents
Culture Documents
com
Brochure
RESOURCE MANAGEMENT
Novell ZENworks ® ®
1 2
Novell and Your Strong Perimeter
Fast pre-connect testing Novell® ZENworks® Network Access Control SC Magazine’s 2008 Reader Trust Award
that does not interfere stops unauthorized access, prevents mali- as the Best Endpoint Security Solution
with the end user’s cious endpoint activity and enforces specified A “Positive” rating in Gartner’s Marketscope
logging on experience security policies. As the network access for Network Access Control in 2008
control (NAC) solution of choice for many TechWorld’s 2007 Endpoint Security
Accurate and fast deep
organizations, ZENworks Network Access Product of the Year
testing using hundreds
Control protects some of the largest, most Windows IT Pro 2007 Editor’s Choice
of off-the-shelf tests
sensitive networks in the world, including SC Magazine’s 2006 Best Endpoint
Flexible endpoint
branches of the U.S. military. It has been Security Solution
testing, enforcement
honored with numerous awards, including:
and remediation
Continuous post-
connect monitoring Complete NAC
Windows OS and
Mac OS X coverage
Scalability that can
support hundreds of
thousands of endpoints
Identity-based
management controls
Figure 1. This image shows how Novell ZENworks Network Access Control operates on the network. Based on
both pre-connect testing and post-connect monitoring, ZENworks Network Access Control enforces security
policies for managed and unmanaged endpoints belonging to users inside the firewall, remote users, contractors,
visitors and wireless users.
p. 2
Novell ZENworks Network Access Control www.novell.com
Novell ZENworks Network Access Control is or constrained by limited testing capabilities. The network access
a complete NAC solution, delivering on the It thoroughly evaluates endpoint health before control (NAC) solution
four vital areas of NAC: pre-connect testing, the device is allowed to forward traffic to the of choice for many
post-connect monitoring, identity-based network—a key requirement for true NAC— organizations, ZENworks
management and remediation. It gives and helps prevent unhealthy endpoints from Network Access Control
administrators a NAC solution that has spreading damage. protects some of the
comprehensive endpoint testing without largest, most sensitive
affecting end-user productivity. It also delivers Pre-connect Endpoint Testing networks in the world,
an easy-to-use interface that allows you to including branches of
Novell ZENworks Network Access Control
see exactly who is on the network and what the U.S. military.
applies the most comprehensive scans to
they are doing. In addition, ZENworks Network
fully assess endpoint security. Using three
Access Control includes multiple enforcement
flexible endpoint testing options (agentless,
options for quarantining endpoints, enabling
Web-based and agent-based), ZENworks
you to enforce policy compliance across
Network Access Control allows a full range of
complex, heterogeneous networks. You can
devices, both Windows and Macintosh, to be
blend multiple enforcement options within a
tested thoroughly before being allowed onto
ZENworks Network Access Control imple-
the network. Novell adds new tests on an
mentation and manage those options from
ongoing basis, and you can develop custom
a single Web-based console. Enforcement
tests to meet organization-specific needs.
options include:
Pre-connect tests scan for:
p. 3
ZENworks Network
Access Control is a
Multi-node Architecture
complete NAC solution,
delivering on the four vital
areas of NAC: pre-connect
testing, post-connect
monitoring, identity-
based management and
remediation. It provides
administrators with a
NAC solution that has
comprehensive endpoint
testing without affecting
end-user productivity.
Figure 2. In the multi-node architecture of Novell ZENworks Network Access Control, a single Management Server
controls multiple Enforcement Server clusters, regardless of the blend of enforcement options deployed. Multi-user,
role-based access is assignable at the cluster level. Access policies and tests are centrally managed. Reporting
and access data is rolled up at the cluster and corporate levels.
Management and Administration Where other NAC vendors make you use
the command line to configure features and
Regardless of the size or complexity of the functionality, ZENworks Network Access
network, Novell ZENworks Network Access Control has pulled those features into the GUI.
Control centrally consolidates the manage-
ment of all testing and enforcement activities, A single ZENworks Network Access Con-
providing a single-pane-of-glass view of end- trol Management Server controls multiple
point security. It provides administrators with Enforcement Servers (grouped together in
an easy-to-use, intuitive GUI that allows them clusters as shown in Figure 2). Enforcement
to quickly determine what is happening with Servers allow ZENworks Network Access
endpoints, who is quarantined and why. Control to seamlessly accommodate dis-
persed geographic locations, heterogeneous
The user interface simplifies deployment network topologies and the full range of
and provides easy access to many functions endpoint connection types (see Figure 3
usually reserved for back-end configuration. on the next page).
p. 4
Novell ZENworks Network Access Control www.novell.com
Figure 3. This graphic shows how clusters are managed in the Novell ZENworks Network Access Control interface.
In the ZENworks Network Access Control GUI, the Cluster window displays real-time access control data and
performance statistics for the selected Enforcement Server cluster. In this example, the ‘Provo’ cluster is displayed,
which contains an individual Enforcement Server (znac-es.mycompany.com).
Through the Management Server, custom segment. Likewise, a spike in testing activity
tests and access policies can be distributed directed at a single Enforcement Server is
to all Enforcement Servers in a single opera- load balanced across the cluster.
tion. System monitoring and reporting are
rolled up at the cluster and corporate levels. Integrated in the IT Environment
Administrative access to the system is strictly
Novell ZENworks Network Access Control
controlled through user roles and cluster
features an open architecture that allows
assignments. Administrators may create
the import and export of data to and from
additional roles using fine-grained permis-
ZENworks Network Access Control. The open
sions. Devices and functions are exposed
architecture also allows third-party systems
on a need-to-know basis. For example,
to control testing and quarantining functions
an administrator may only view data for
and enables sharing of endpoint security
endpoints within their assigned clusters.
data with other IT systems.
p. 5
Device Activity Window
Figure 4. The Device Activity window displays the testing and connection status of all devices attempting to
connect to the network during the specified time period (one hour in this case).
p. 6
www.novell.com
Novell, Inc.
404 Wyman Street
Waltham, MA 02451 USA
463-001029-001 | 09/08 | © 2008 Novell, Inc. All rights reserved. Novell, the Novell logo, the N logo and ZENworks are r egistered
trademarks of Novell, Inc. in the United States and other countries.
1 2