Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
211212213214215216217218219220
3-98
Designing Access Controls
Add ProCurve IDM
Add ProCurve IDM
You have now selected your RADIUS servers. After choosing the EAP method
(required only for the 802.1X access control method), you will be ready to
finalize your security policies. Before doing so, however, you must choose
how you are going to configure those policies:
On an eDirectory or OpenLDAP server using RADIUS extensions
Manually on each RADIUS server
Using IDM
This section introduces you to IDM and helps you decide whether it is your
best option for configuring policies.
IDM Overview
IDM is the ProCurve solution that allows you to assign network rights based
on more than user credentials: you can control when and where users can log
on to the network, and you can integrate endpoint integrity into the decision
process.
For example, you can permit students that are enrolled in a particular physics
course to have access to the supercomputer during lab hours when they log
in from the lab, but at no other time and from no other location. Or you could
allow HR employees access to employees’ personal information over a wire-
less network that enforces WPA security, but not over a wireless network that
uses WEP. Finally, you can assign users with endpoints that fail to comply with
security policies to a quarantine VLAN. (Refer to Chapter 1: “Access Control
Concepts” for details.)
Determine If You Need IDM
You should add IDM to your network if you want to set up more flexible
policies for users’ network access. This is particularly true when your network
has a directory service, such as Active Directory, that does not support
RADIUS settings for directory objects. The expense of adding IDM should be
balanced with the reduction in IT resources devoted to managing access
control policies on RADIUS servers.