The Manage Assessment Settings window is the main window used to manage and configure the assessment servers that performs the end-system assessments in your network. To access this window, select Tools > Management and Configuration > Assessment Settings from the menu bar.
The window displays three tabs that provide information on:
| NOTE: | You can also access the Manage Assessment information in the Advanced
Configuration tool by selecting Tools > Management and Configuration > Advanced Configurations
from the menu bar. In the left-panel tree,
expand the Assessment folder. Select Default to view and
configure the default assessment configuration that ships with each Extreme Access Controlengine. To create a new assessment configuration, right-click on the
Assessment folder and select Add Assessment Configuration from the menu. Enter a name for the
new
configuration and click OK. The new configuration name appears in the
tree below the Default configuration. When you select the configuration you wish
to view or edit, it displays in the right-panel. Right-click on a
configuration name in the tree to delete the configuration, change the configuration name,
create a copy of the configuration, or see where each configuration is being
used by an Extreme Access Control configuration. You can also display lists of your assessment servers and your assessment server pools by right-clicking on the Assessment folder and selecting the appropriate option. |
|---|
Assessment Configurations
This tab lets you view a listing of your assessment configurations, and add, edit, or delete a configuration. Assessment configurations define the different assessment requirements for end-systems connecting to your network. When you create a NAC profile, select an assessment configuration that defines the assessment requirements for the end-systems using that profile. You can also click the Used By button to view a list of all assessment configurations currently being used by Extreme Access Control configurations.
Click areas in the window for more information.
- Name
- The name of the assessment configuration. This is the name that is entered when you add an assessment configuration in the Edit Assessment Configuration window.
- Scoring Override Config
- The scoring override configuration for this assessment configuration. The scoring override configuration lets you override the default scoring assigned by the assessment server to a particular assessment test ID.
- Risk Level Config
- The risk level configuration for this assessment configuration. The risk level configuration determines what risk level is assigned to an end-system (high, medium, or low) based on the end-system's health result details score.
- Test Sets
- The test sets that run for this assessment configuration. Test sets define which type of assessment to launch against the end-system, what parameters to pass to the assessment server, and what assessment server resources to use.
- Used By Button
- Opens a window that lists all assessment configurations currently being used by Extreme Access Control configurations.
- Add Button
- Opens the Edit Assessment Configuration window where you can define a new assessment configuration.
- Edit Button
- Opens the Edit Assessment Configuration window where you can edit the settings for the selected assessment configuration.
- Delete Button
- Deletes the selected assessment configuration. You cannot delete assessment configurations currently in use.
Assessment Servers
This tab lets you view and configure the assessment servers that perform the end-system assessments in your network. Once you have configured your assessment servers, they can be added to an assessment server pool and participate in assessment server load-balancing, if desired. Agent-less on-board assessment servers are automatically displayed in this list and cannot be edited or deleted. In order to allow your agent-less on-board assessment servers to participate in assessment server load-balancing and server-pools, you must add them manually to this list.
Click areas in the window for more information.
- Name
- The name of the assessment server. This is the name that is entered when you add an assessment server. For on-board assessment servers, the name is determined by the name of the Extreme Access Control (Access Control) engine. For example, if you create an Access Control engine and name it MyAccess Controlengine, then the on-board assessment server name is listed as MyAccess Controlengine as well.
- IP Address
- The IP address of the assessment server. This is the IP address that is entered when you add an assessment server. For on-board assessment servers, the IP address is determined by the address of the Access Control engine. For example, if you create an Access Control engine with an IP address of 10.20.30.40, then the on-board assessment server IP address is listed as 10.20.30.40 as well.
- Port
- The port number on the assessment server to which the Access Control engine sends assessment requests.
- Type
- The assessment server type: Agent-less, Nessus, or a third-party assessment agent (an assessment agent that is not supplied or supported by NAC Manager).
- Poolable
- A checkmark in this column indicates that the assessment server can be part of an assessment server pool. If you have multiple assessment servers on your network, creating assessment server pools allows you to control which assessment server resources is used for each assessment configuration. External assessment servers are "poolable," however, in order to allow your agent-less on-board assessment servers to participate in server-pools, you must add them manually to this list.
- Assessment Agent Adapter Version
- The version of assessment agent adapter software that is installed on the assessment server.
- Scanner Version
- The version of scanner software installed on the assessment server.
When an upgrade for the software is available, the upgrade icon
is displayed. The Upgrade feature is only available for on-board
agent-less assessment servers and allows you to upgrade the scanner
software installed on the assessment server. When you select the row, the
Upgrade button becomes active and you can click the button to initiate
the upgrade.
- Status
- When the assessment server is operational, then the status is Normal. Otherwise, this column provides status information regarding an upgrade procedure: Downloading, Download failed, Updating..., Update complete, or Update failed.
- Used By Button
- Opens a window that lists the assessment server pools currently using the selected assessment servers.
- Add Button
- Opens the Add Assessment Server window where you can define a new assessment server.
- Edit Button
- Opens the Edit Assessment Server window where you can edit the settings for the selected assessment server. You cannot edit on-board assessment server settings.
- Delete Button
- Deletes the selected assessment server. You cannot delete on-board assessment servers or servers that are currently in use.
- Check for Updates
- This button opens the Updates Available window which lists any assessment software updates available for download. The download operation downloads any updated software but does not perform the actual upgrade to the assessment server. The actual upgrade must be performed using the Upgrade button here in this window.
- Upgrade
- This feature is only available for on-board agent-less assessment
servers and allows you to upgrade the scanner software installed on the
assessment server. When an upgrade is available, the upgrade icon
appears in the Scanner Version column. When you select the row, the
Upgrade button becomes active and you can click the button to initiate
the upgrade.
| NOTE: |
Upgrades are available through the Web Update feature accessed via Help >
Check For Assessment Updates or by clicking the Updates button. This check downloads any updated software but does not perform the actual upgrade to the assessment server. The
actual upgrade must be performed using the Upgrade button here in this window.
If the Management Center Server does not have internet access (and cannot use the Web
Update feature), you can perform an upgrade by copying the upgrade file to the Management Center Server install directory and extracting the file in the Management Center
directory (it extracts the
entire path from there). You can then perform the upgrade by clicking the Upgrade button in this window. The upgrade file is downloaded from:
http://www.enterasys.com/netsight-renew/netsight-saint/saint_latest.zip.)
|
|---|
- Refresh
- Reloads the latest assessment server information in the table. You can also refresh just the version information by right-clicking on a row in the table and selecting Refresh Version Info.
Assessment Server Pools
This tab lets you view and define the assessment server pools used in your assessment configurations. If you have multiple assessment servers on your network, creating assessment server pools allows you to control which assessment server resources are used for each assessment configuration on a very granular level. For example, if you have four Nessus assessment servers, you can put server A and server B in server pool 1, and server C and server D in server pool 2. Then, in your assessment configuration you can specify which server pool that configuration should use.
Click areas in the window for more information.
- Used By Button
- Opens a window that lists all assessment configurations currently using the selected assessment server pool.
- Add Button
- Opens the Add Assessment Server Pool window where you can define a new assessment server pool.
- Edit Button
- Opens the Edit Assessment Server Pool window where you can edit the selected assessment server pool.
For information on related windows:
- Add/Edit Assessment Server Window
- Add/Edit Assessment Server Pool Window
- Edit Assessment Configuration Window
