Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

191

192

193

194

195

196

197

198

199

200

3-82

Designing Access Controls

Choose RADIUS Servers

Table 3-63 shows the appropriate number of users for each strategy for

combining network access control components. As you can see, you

should choose the general option for a large network while the fully

integrated option is feasible only for a smaller network.

Note Also note that if some of your PEPs do not include a RADIUS server, the

built-in servers for the fully integrated option must be able to receive

requests from them.

The Wireless Edge Services Module’s integrated RADIUS server can

receive requests from wired clients; so you might be able to choose the

fully integrated option in a small network with both wired and wireless

users.

For a medium network, answer the next questions to choose between the

any of the options except fully integrated.

Table 3-63. Number of Users for Access Control Component Combinations

2. Does your organization require centralized credentials? Do your business

needs call for policies that custom access with consistent rules?

A directory is often the best way to centralize credentials, and your

organization may, in fact, already have one.

In this case, your role will be primarily to decide how to best add policies

to the directory. IDM is a good solution, and it works with any of the

options except, perhaps, integrated server (not all integrated servers

support the IDM agent). So if your business needs call for granular access

policies, you should choose use at least one external server.

3. Do you plan to expand? Is scalability important?

The general option is the most scalable, followed by other options that

rely on centralized credentials. As you add users, you can add a PEP; the

PDPs and centralized policies are already in place.

Access Control Component

Combination

Users

Wired (Per LAN)

Users

Wireless (Per LAN)

Users

Total WAN

General Any Any Any

Integrated server 250 to 1000 100 to 500 Less than 3000

Integrated server/proxy 250 to 1000 100 to 500 Less than 3000

Turnkey server 250 to 1000 100 to 500 Less than 3000

Integrated server/proxy with

turnkey server

250 to 1000 100 to 500 Less than 3000

Fully integrated Less than 250 Less than 100 Less than 1000