The second technical requirement from section 4.1 is that the network auditing agent (ENT NetCenter or ENT Network Monitor) must be able to connect to the machines that you wish to audit. Therefore each of the machines that you want to audit must have an address on the network that the auditing agent can use to send/receive requests and information to and from when auditing the machine.
For example, imagine you wanted to use ENT NetCenter to audit a machine on a remote network (somewhere on the internet). If that remote network has a firewall (and it should) or maybe just a router that uses NAT, you probably don't have an address that you can use to connect to any of the machines on the remote network (even using simple protocols like PING), so you certainly won't be able to obtain any detailed information about any of the machines on that network.
There are two secure solutions to this problem. The easiest is simply to install an additional auditing agent (such as ENT Network Monitor or ENT NetCenter) behind the firewall on the remote network and thus use this additional network auditing agent as a kind of sub-network auditing proxy.
The alternative would be to set up what is known as a VPN (Virtual Private Network) between any network where you have ENT NetCenter and/or ENT Network Monitor installed and the remote network containing the machines that you want to audit.
VPNs are somewhat beyond the scope of this document, although an example of this particular solution is described in the Bossard Case Study on our web site.
