.. _Components:
Understanding Components
========================
To operate Genian NAC, various components are required. This chapter describes
the role and installation location of each component.
Policy Server
-------------
The policy server is a central management system that stores all the data and
settings of Genian NAC. The other components receive the configuration for
their operation from the policy server, and then transmit the collected
information. Typically, the policy server resides in the organization's data
center and is installed on a physical server or virtual machine. The policy
server may also be cloud hosted.
Another role of the policy server is to provide the administrator's management
console through which all components are managed. You can view the collected
information and establish your organization's security policies here.
Network Sensor
--------------
The network sensor is located in each network segment, monitors the network,
detects nodes, collects information about them, and transmits it to the policy
server.
The network sensor is connected to a regular network access port and does not
require special settings such as port mirroring. However, when collecting
information from several VLANs with one physical sensor, it should be
configured as a trunk port through 802.1Q. In this case, a separate sensor node
will be shown in the web console for each VLAN.
The network sensor monitors broadcast packets such as ARP or DHCP to detect
that a new device is connected to the network. And it detects platform or
acquires device information through various broadcast packets such as UPNP and
NetBIOS.
Therefore, **network sensors must be connected to every broadcast domain**. If
there are remote sites connected to the WAN, a separate network sensor is
needed for each location. Other sensor deployments (Port Mirror (SPAN) ,
in-line) are supported, but do not provide all features. For more information
see: :doc:`/deploying/deployment-models`
The network sensor functions mainly over a physical or emulated wired ethernet
interface. The network sensor may be operated on the same system as the policy
server or may be constituted by an independent system. Only one policy server
is needed for all network sensors.
Wireless Sensor
'''''''''''''''
The Wireless Sensor is a sub component of the network sensor. It monitors the
radio signal through the wireless LAN network interface to detect the SSID and
wireless clients around the sensor. This data is collected in real time around
the clock, and logged on our policy server where it is cross referenced with
node and user data. This allows for you to identify threats like rogue access
points, connection issues like channel conflicts, and to keep detailed
accounting of when and by whom your networks are being accessed.
The Wireless Sensor can be configured on the same system as the Network Sensor
if a WLAN interface is present. The Wireless Sensor may also be configured on a
separate device to better detect signals in different areas of the deployment
site.
Wireless sensors may not be used depending on whether wireless related
functions are used or not.
.. note:: Network Sensors installed onto a virtual machine typically will not have
direct access to the wireless interface on the host hardware. As a result, a
wireless sensor will not operate, even if the host machine uses a
wireless network interface. Genian NAC will detect the hosts wireless
interface as a wired sensor interface. In this case, an endpoint agent
installed to a device with a wireless NIC can perform the functions of a
wireless sensor. See: :doc:`/endpoints/wlan-interface`
Network Enforcer
''''''''''''''''
The Network Enforcer is a sub-component of the network sensor that provides
independent network access control for devices that violate an organization's
policies. This makes it possible to isolate devices themselves without the help
of existing network infrastructure. Like the network sensor itself, the Network
Enforcer functions over a physical or emulated wired ethernet interface.
By enabling the Enforcer on the network sensor installed in each network
segment, ARP-based Layer 2 Enforcement can be provided, which is the easiest
way to provide network access control with network sensors without additional
hardware.
Another Enforcer can be connected to the core switch with a SPAN Port
(Mirroring) to terminate the session upon detection of unauthorized network
access. This requires separate independent hardware capable of processing
according to the amount of network traffic.
If a sensor is deployed in-line, prohibited traffic will be blocked from
passing through the gateway.
Agent
-----
Agent is software installed in the user's desktop system. It periodically
collects operating system, hardware, software and network related information
and sends it to the policy server when a change is detected. It also provides
desktop configuration management capabilities, making it easy to manage the
required settings for your organization's security policies.
This is an optional component.
The agent provides its own security functions such as termination prevention
and deletion prevention according to the administrator's setting.
.. list-table:: **Supported operating systems**
:widths: 30 30
:header-rows: 1
* - Windows
- macOS
* - Windows XP (SP2)
- Apple OS X Mavericks
* - Windows Vista
- Apple OS X Yosemite
* - Windows 7
- Apple OS X El Capitan
* - Windows 8
- Apple macOS Sierra
* - Windows 8.1
- Apple macOS High Sierra
* - Windows 10
- Apple macOS Mojave
Updating Components
-------------------
Genian Data
'''''''''''
The **Policy Server** routinely updates **CVE Information**, **Node Information**,
**OS Update Information** and **Platform Information** from the Genians Cloud.
Genian Software
'''''''''''''''
Software Updates for the **Policy Server**, **Network Sensor**, and **Agent**
can be downloaded and applied from the Genians Cloud in the System software
section of the Web UI.
For Genians Cloud-managed subscribers, the Policy Server Software Updates are
automatically installed.
For more configuration and update information, See: :doc:`/deploying/deployment-models` and :doc:`/system/system-software`