Novell ZENworks Network Access Control tests endpoints using one of the following methods:
Agent-based
Agentless
ActiveX
See Section 3.17.1, Testing Methods for a description of each of these methods.
The Agent Callback to Novell ZENworks Network Access Control feature allows the Novell ZENworks Network Access Control agent to inform the ES that an endpoint is now active on the network and available to be tested. This feature allows faster detection of endpoints in a network utilizing static IP addresses.
Upon notification of a new network connection, the agent queries DNS for all available ESs and attempts to execute an HTTP request against each ES until a successful request has occurred. This request causes the ES to schedule the endpoint for testing.
The following terms are used in association with this feature:
Agent — The software residing on the endpoint that performs the tests.
Enforcement Server (ES) — The server that communicates with the agent to initiate tests, and quarantines or allows network access based on the test results.
Endpoint — The computer being tested by Novell ZENworks Network Access Control.
SRV record — A DNS record that contains information regarding a specific service on a network. For example, HTTP or mail.
A record — A DNS record that contains information regarding a specific host name.
To enable this feature, add either SRV records or A records to your DNS system.
The agent performs a DNS query against the server for the following SRV names:
_nac
_naces1
_naces2
If no contact can be made, try the following A names:
nac
naces1
naces2
NOTE:The endpoints DNS suffix must be correctly configured for your domain for the Agent Callback feature to work correctly.
See the following links for more information about DNS record types:
http://www.ietf.org/IESG/Implementations/RFC1886-Implementation/DNSrecords.html