Security Solutions
3-99
Designing Access Controls
Add ProCurve IDM
IDM is also required for managing a NAC 800 that enforces endpoint integrity
with 802.1X quarantining. The NAC 800 checks user credentials and tests
endpoints’ integrity. IDM manages the policies for assigning endpoints to
VLANs based on their integrity.
Design Parameters for a Network with IDM
If you choose to use IDM, several design parameters will apply to your
network:
■ You must purchase and install the current versions of ProCurve Manager
Plus (PCM+) and IDM.
The minimum required version of IDM is version 2.2 auto-update 2. IDM
has a server component and an agent component. The server component
is a plug-in to the PCM+ network management software. PCM+ and the
IDM Server have the same operating system requirements: Windows
Server 2000 or Windows Server 2003.
■ You must install the IDM agent components on your RADIUS servers.
The agent component resides on the RADIUS server. These RADIUS
servers support the agent:
• Windows Server 2003 version of Microsoft IAS
• Juniper Networks Steel-Belted RADIUS server
• NAC 800 (included on the device at the factory defaults)
The RADIUS server integrated on the Wireless Edge Services Module does
not support the IDM agent; you must proxy requests to one of the servers
listed above.
■ PCM+ and the IDM server can run on the same hardware as the RADIUS
server (if you are using a software-based server), or they can run on a
standalone server.
■ There can be only one PCM+ server (and IDM server) on the network. The
IDM server can upload copies of the IDM agent to each of the RADIUS
servers on the network.
■ IDM can operate with any authentication method: MAC-Auth, Web-Auth,
or 802.1X (or a combination of these). Requirements for client software,
such as supplicants, are determined by the authentication method.
(Because IDM interacts with the RADIUS server, it poses no requirements
for the client systems.)