Manualshelf

User guide

ManualsBrandsAtrust ManualsComputer equipmentM320
11121314151617181920
OAC in an Enhanced Security Network with Unified Access Control 3
Chapter 1: Odyssey Access Client Overview
2. In the case of either a wired or a wireless connection, the network access
device (an access point or 802.1X switch) forwards the authentication request
to the authentication server.
The authentication process might involve a secure tunnel between the access
point and the authentication server, depending on the authentication protocol
being used, such as Tunneled Transport Layer Security (TTLS).
3. The authentication server examines the request and, in some cases, forwards
the request to another server or manage the authentication directly.
4. If the authentication succeeds, the server informs the network access device to
allow access to the client endpoint.
5. The network access device then informs the client that it has been
authenticated and now has access to the network.
Authentication for a wired connection is similar but, in this case, the client connects
directly to an 802.1X switch on the network. The switch provides the authentication
interface to the authentication server and there is no secure tunnel required.
OAC in an Enhanced Security Network with Unified Access Control
Unified Access Control (UAC) provides enhanced security measures that not only
authenticate users but verify that the software running on the endpoint computer is
in compliance with corporate security policies. See “Endpoint Security
Enforcement” on page 5.
UAC encompasses a variety of components that, together, provide secure
authenticated access to network resources. These components include:
Infranet Controller—A central policy management server that validates the
user’s identity and the endpoint’s security compliance and manages network
policies. Those policies are created on the Infranet Controller for configuring
OAC, Host Checker, and access to protected resources. The Infranet Controller
pushes the policies to OAC, the Host Checker, and the Infranet Enforcer.
Infranet Enforcer—A Juniper Networks security device that operates with the
Infranet Controller to enforce security policies. The Infranet Enforcer is
deployed in front of the servers and protected resources.
Host Checker—A software component of OAC that checks your computer for
compliance to the security policies that your Infranet Controller administrator
specifies. Examples of compliance might be that you have the correct antivirus
software version and security setting or that you have the latest operating
system patch level installed.
Host Enforcer—A software component of OAC that protects your computer
from attacks from other computers by allowing only the incoming and outgoing
traffic that your Infranet Controller administrator specifies for your assigned
role. (A role defines settings for your user account, such as which resources you
can access.)