Trend Micro, Inc.
April 2009
Trend Micro
This readme file is current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at http://www.trendmicro.com/download/.
Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at http://olr.trendmicro.com.
Trend Micro is always seeking to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.
1. About Trend Micro Policy Server for Cisco Network Admission Control (NAC)
Cisco Network Admission Control (NAC) provides a means to communicate and evaluate the status of antivirus components of OfficeScan clients. This helps you enforce your organizations antivirus policies by giving you the ability to perform actions on at-risk clients. These actions include instructing clients to update their OfficeScan client components, enable Real-time scan, and perform Scan Now and Cleanup Now.
The document set for Policy Server includes:
Help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information. The online help is accessible from the Policy Server console.
Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the online or printed documentation.
3.1. Policy Server
Operating system:
Windows 2000 Professional with Service Pack 4
Windows 2000 Server with Service Pack 4
Windows 2000 Advanced with Server Service Pack 4
Windows XP Professional with Service Pack 2 or later, 32-bit and 64-bit
Windows Server 2003 (Standard and Enterprise Editions) with Service Pack 2 or later, 32-bit and 64-bit
Windows Cluster Server 2000
Hardware:
300MHz Intel Pentium II processor or equivalent
128MB of RAM
300MB of available disk space
Monitor that supports 800 x 600 resolution at 256 colors or higher
Web server:
Microsoft Internet Information Server (IIS) versions 5.0 or 6.0
Apache Web server 2.0 or later (for Windows 2000/XP/Server 2003 only)
Web console:
133MHz Intel Pentium processor or equivalent
64MB of RAM
30MB of available disk space
Monitor that supports 800 x 600 resolution at 256 colors or higher
Microsoft Internet Explorer 5.5 or later
3.2. Cisco Trust Agent
Operating system
Windows 2000 Professional and Server with Service Pack 4
Windows XP Professional with Service Pack 2 or later, 32-bit
Windows Server 2003 (Standard and Enterprise Editions) with Service Pack 2 or later, 32-bit
Hardware
200MHz single or multiple Intel Pentium processors
128MB of RAM for Windows NT and 2000
256MB of RAM for Windows XP and 2003
5MB of available disk space (20MB recommended)
Others: Windows Installer 2.0 or later
3.3. Supported platforms and requirements
|
Supported Platform |
Models |
IOS Images |
Minimum Memory/Flash |
|
Routers |
|||
|
Cisco 830, 870 series |
831, 836, 837 |
IOS 12.3(8) or later |
48MB/8MB |
|
Cisco 1700 series |
1701, 1711, 1712, 1721, 1751, 1751-V, 1760 |
IOS 12.3(8) or later |
64MB/16MB |
|
Cisco 1800 series |
1841 |
IOS 12.3(8) or later |
128MB/32MB |
|
Cisco 2600 series |
2600XM, 2691 |
IOS 12.3(8) or later |
96MB/32MB |
|
Cisco 2800 series |
2801, 2811, 2821, 2851 |
IOS 12.3(8) or later |
128MB/64MB |
|
Cisco 3600 series |
3640/3640A, 3660-ENT series |
IOS 12.3(8) or later |
48MB/16MB |
|
Cisco 3700 series |
3745, 3725 |
IOS 12.3(8) or later |
128MB/32MB |
|
Cisco 3800 series |
3845, 3825 |
IOS 12.3(8) or later |
256MB/64MB |
|
Cisco 7200 series |
720x, 75xx |
IOS 12.3(8) or later |
128MB/48MB |
|
|
|||
|
VPN Concentrators |
|||
|
Cisco VPN 3000 Series |
3005 - 3080 |
V4.7 or later |
N/A |
|
|
|||
|
Switches |
|||
|
Cisco Catalyst 2900 |
2950, 2970 |
IOS 12.1(22)EA5 |
N/A |
|
Cisco Catalyst 3x00 |
3550, 3560, 3750 |
IOS 12.2(25)SEC |
N/A |
|
Cisco Catalyst 4x00 |
Supervisor 2+ or higher |
IOS 12.2(25)EWA |
N/A |
|
Cisco Catalyst 6500 |
6503, 6509, Supervisor 2 or higher |
CatOS 8.5 or later |
Sup2 - 128MB |
|
|
|||
|
Wireless Access Points |
|||
|
Cisco AP1200 Series |
1230 |
N/A |
N/A |
To install Policy Server for Cisco NAC using the Policy Server installer:
Log on to the computer to which you will install Policy Server for Cisco NAC.
Locate the Policy Server for Cisco NAC installer package on the Enterprise DVD.
Double-click setup.exe to run the installer package.
Follow the installation instructions.
To install Policy Server for Cisco NAC from the OfficeScan server master installer:
In the "Install Other OfficeScan Programs" screen of the OfficeScan server master installer, select Policy Server for Cisco NAC.
Click Next.
Continue with OfficeScan server installation until the Welcome screen for Trend Micro Policy Server for Cisco NAC appears.
Click Next. The Policy Server for Cisco NAC License Agreement screen appears.
Read the agreement and click Yes to continue. The Choose Destination Location screen appears.
Modify the default destination location if necessary by clicking Browse and selecting a new destination for the Policy Server installation.
Click Next. The Web Server screen appears.
Choose the Web server for the Policy Server.
IIS server: Click to install on an existing IIS Web server installation
Apache 2.0 Web server: Click to install on an Apache 2.0 Web server
Click Next. The Web Server Configuration screen appears.
Configure the following information:
If you selected to install Policy Server on an IIS server, select one of the following:
IIS default Web site: click to install as an IIS default Web site
IIS virtual Web site: click to install as an IIS virtual Web site
Next to Port, type a port that will serve as the server listening port. When the Policy Server and OfficeScan server are on the same computer and uses the same Web server, the port numbers are as follows:
Apache Web server/IIS Web server on default Web site: Policy Server and OfficeScan server share the same port
Both on IIS Web server on virtual Web site: Policy Server default listening port is 8081 and the SSL port is 4344. The OfficeScan server default listening port is 8080 and the SSL port is 4343.
If you selected to install Policy Server on an IIS server, you can use Secured Socket Layer (SSL). Type the SSL port number and the number of years to keep the SSL certificate valid (the default is 3 years). If you enable SSL, this port number will serve as the server�s listening port. The Policy Server�s address is as follows:
http://<Policy Server name>:<port number> or
https://<Policy Server name>:<port number> (if you enable SSL)
Click Next.
Specify the Policy Server console password and click Next.
Specify the ACS Server authentication password and click Next.
Review the installation settings. If satisfied with the settings, click Next to start the installation. Otherwise, click Back to go to the previous screens.
When the installation completes, click Finish. The OfficeScan server master installer will continue with the rest of the OfficeScan server installation.
5. Post-installation Configuration
Configure Policy Server settings using the Web console immediately after completing the installation. Access the Policy Server Web console from the OfficeScan Web console or from the Start menu by clicking Programs > Trend Micro Policy server for Cisco NAC > Policy Server Console. For detailed instructions, refer to the OfficeScan Administrator's Guide and the Policy Server Help.
The following are the known issues in this release:
If the computer is running Windows 2003, disable the Internet Explorer Pop-up blocker to view client validation logs from the Policy Server Web console.
Authentication between the ACS server and the Policy Server will fail when Policy Server is installed on IIS 5.0 on a Domain Controller computer with Active Directory.
If the OfficeScan server and Policy Server are installed on the same computer, and the master installer installs Apache as the Web server, both OfficeScan and Policy Server use the same Apache installation. Therefore, uninstalling either OfficeScan server or Policy Server removes the Apache installation, which renders the remaining server (OfficeScan or Apache) inoperable.
If the client user uninstalls the Cisco Trust Agent through Windows Control Panel > Add/Remove Programs, the Cisco Trust Agent version information of the client still appears in the client tree.
If the you forget the user name and password configured during Policy Server setup for the ACS server to access the Policy Server, the password cannot be recovered. You must use IIS or Apache utilities to recreate a user name and password.
The "Policy Server List" that appears on the Policy Server screen of the OfficeScan Web console adds any server you configure without checking whether or not the server information is correct.
When the Cisco Trust Agent (CTA) program needs to be updated, all existing CTAs must be removed and a new package must be deployed again to all the client computers.
Internet Server Application Programming Interface (ISAPI) does not work on Apache Web server versions 2.0.56 to 2.0.59 and versions 2.2.3 to 2.2.4.
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.
Evaluation copies of Trend Micro products can be downloaded from our Web site.
Global Mailing Address/Telephone numbers
For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.
The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop.
Copyright 2004-2009, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
Information about your license agreement with Trend Micro can be viewed at http://www.trendmicro.com/en/purchase/license/.