We are writing our own app to do just that. It will test the student
computer to make sure the meet the requirements.  It is just some
registry checks.

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Simon Bell
Sent: Thursday, July 21, 2005 3:41 PM
To: [log in to unmask]
Subject: Re: New version of CCA

Very interesting. I wonder if you can configure this to do validation
checks for users off campus. One of the things on my wish list is the
ability for students to check their system state against CCA before
arriving to campus.

Simon

>>> [log in to unmask] 7/21/2005 2:51 PM >>>
Anyone notice that 3.5.3 came out today.


Big upgrade as well


Release 3.5(3) of Cisco Clean Access enables administrators to deploy
the Clean Access Server (CAS) in-band behind a VPN concentrator, or
router, or multiple routers. Prior to 3.5(3), Clean Access Server(s)
needed to be deployed either as a bridge (Virtual Gateway) or first-hop
default gateway with Layer 2 proximity to users, in order for user MAC
addresses to be visible to the CAS. Release 3.5(3) adds the capability
of multi-hop Layer 3 in-band deployment by allowing the Clean Access
Manager (CAM) and CAS to track user sessions by unique IP address when
users are separated from the CAS by one or more routers. Note that you
can have a CAS supporting both L2 and L3 users. With layer 2-connected
users, the CAM/CAS continue to manage these user sessions based on the
user MAC addresses, as before.

For users that are one or more L3 hops away, note the following
considerations:

*User sessions are based on unique IP address rather than MAC address.

*If the user's IP address changes (for example, the user loses VPN
connectivity), the client must go through the Clean Access certification
process again.

*In order for clients to discover the Clean Access Server when they are
one or more L3 hops away, the 3.5.3 (or above) Clean Access Agent must
be initially installed by being downloaded from the CAS via the Download
Clean Access Agent web page (i.e. web login). This provides clients with
the CAM information needed for subsequent logins when users are one or
more L3 hops away from the CAS. Acquiring and installing the 3.5.3 Agent
by any means other than direct download from the CAS (for example, Cisco
Downloads) will not provide the necessary CAM information to the Agent
and will not allow those Agent installations to operate in a multi-hop
Layer 3 deployment.

*Since the Certified List tracks L2 users by MAC address, multi-hop L3
users do not appear on the Certified Devices List and the Certified
Devices Timer does not apply to these users. The L3 users will only be
on the Online User list (In-Band).

*All other user audit trails, such as network scanner and Clean Access
Agent logs, are maintained for multi-hop L3 users.

*The Session Timer will work the same way for multi-hop L3 In-Band
deployments and L2 (In-Band or Out-of-Band) deployments.