| |
Additional information
-
Ease of use:
-
Graphical user interface (GUI) Identity Driven Manager provides a powerful GUI for defining network access policies and monitoring users on the network. Administrators can quickly see which users are currently on the network and easily drill down to know where and when they connected.
-
Auto-discovery of identity elements RADIUS servers with IDM agents, RADIUS realms, and users are automatically discovered and assigned to a default policy group for the administrator's attention.
-
Detailed reporting Identity Driven Manager provides reports of network access that can be automated to run at specified times or created on demand. Reports are useful for documenting network access by users and groups, as well as for investigating failed network access attempts in order to identify potential network attacks.
-
Integration:
-
Integrates with Microsoft Network Access Protection Identity Driven Manager cooperates with Microsoft's Network Access Protection (NAP) in order to integrate the ProCurve Adaptive Network capabilities with endpoint validation from Microsoft NAP.
-
Integration with Active Directory Identity Driven Manager integrates with Active Directory to automatically map Active Directory group membership to IDM Access Policy Groups. Changes within Active Directory are automatically propagated to IDM and the new network access rights are enforced.
-
Import users from LDAP or XML file If current user data is not kept in Active Directory, Identity Driven Manager can read users and group membership from an LDAP directory or XML-formatted file.
-
Works with industry-standard RADIUS protocol Access policies are enforced based on RADIUS authentication, and Identity Driven Manager integrates with leading RADIUS authentication servers.
-
Security:
-
Dynamic access rules based on time, location, and user system are formed by administrators and dynamically applied Access-policy groups have rules that are applied to each user in the group based on the time, location, and user system. These dynamic inputs are evaluated and the policies applied according to the user's profile, so the appropriate network access policies are applied at the right time and place.
-
Automatic VLAN assignment Users can be automatically assigned to the appropriate VLAN based on their identity, device, device status, location, and time of day.
-
Endpoint integrity verification When used with an endpoint integrity solution such as the ProCurve Network Access Controller 800 or Microsoft Network Access Protection (NAP), access policies can be set based on the posture of the endpoint connecting to the network, allowing non-compliant endpoints to be isolated until they comply with organization policies.
-
User-based access control lists (ACLs) Users can be allowed or denied access to network resources (e.g., servers, printers) based on the destination IP address or a range of IP addresses, and/or to network services (e.g., Web pages, instant messaging, or FTP) based on well-known or user-defined TCP/UDP ports.
-
Performance:
-
Traffic prioritization Traffic prioritization (QoS) can be automatically set for each connection based on user, device, location, and time of day, allowing appropriate prioritization of network traffic.
-
Rate limits Rate limits can be automatically applied to a session in order to limit the impact of lower-priority connections and reserve bandwidth for important business use.
-
Resiliency and high availability:
-
The Identity Driven Manager agent can run independently and be deployed to redundant RADIUS servers The Identity Driven Manager agent can be deployed to each RADIUS server in the network. The agents are able to operate independently from the Identity Driven Manager server, allowing Identity Driven Manager to be deployed to multiple redundant RADIUS servers and providing authentication services for network devices.
-
Identity Driven Manager updates the server with transactional resilience The Identity Driven Manager agent uses a transaction process to update Identity Driven Manager server data. If the connection from the agent on the RADIUS server to the Identity Driven Manager server is broken, the agent will queue the data until the connection is restored and then transmit the data, as appropriate, back to the Identity Driven Manager database.
-
Device support:
-
ProCurve intelligent edge switches 5400zl series, 5300xl series, 3500yl series, and 3400cl series
-
ProCurve traditional edge switches 6108, 4200vl series, 2900 series, 2800 series, 2610 series, 2600 and 2600-PWR series, and 2500 series
-
ProCurve wireless access points Access Point 530 and 420
-
ProCurve wireless edge services Wireless Edge Services zl and xl Modules
» Return to top
|  | |
