User Guide
OmniAccess SafeGuard OS Administration Guide
23
Chapter 1: SafeGuard OS Overview
Figure 1 SafeGuard Controller and Switch in a Typical Deployment
With the preferred standard and typical deployment model, the SafeGuard Controller
device is a multi-port “bump-in-the-wire” device between the edge switch and the next
layer switch, whether that be the distribution layer or the core switch. The uplinks can
either be fiber or copper. A SafeGuard Switch is deployed like any other switch device,
but it can link directly to the distribution layer.
When deploying SafeGuard devices using this model, all SafeGuard OS features are
supported, including policy enforcement, captive portal, IP header validity, and malware
enforcement. Further, devices can be deployed without disrupting existing wiring closet
configurations. Figure 1 shows SafeGuard devices in the typical deployment model.
System recovery and high availability (HA) can be configured when deploying
SafeGuard Controllers. To, it requires an additional (redundant) SafeGuard Controller of
the same model, running the same software release, and configured with the same port
configuration.
In HA mode, the authentication state is propagated to the peer device before there is a
failure so that users do not have to re-authenticate. For example, end users do not need to
log in to the captive portal feature again if there is a system failure. Figure 2 shows this
type of deployment (for details on configuring high availability, see Configuring High
Availability Support on page 100).
CST_055
Internet
LAN Core
Data Center
Distribution Layer
OmniAccess
switch
OmniAccess
SafeGuard
10 Gigabit
uplinks
Remediation
servers
Active Directory
RADIUS servers
Alcatel-Lucent
OmniVista
SafeGuard
Manager
Access Layer
Transparent
Deployment